Date FoundTypeRisky Data TypeModuleChildrenCorrelationsDistanceStarredAnnotationDataSource Data
2023-05-12 02:53:17IPv6 AddressNoMnemonic PassiveDNS16010None2a06:98c1:3121::1ayhu.xyz
2023-05-12 03:09:08Affiliate - IP AddressNoDNS Look-aside1030None165.232.113.95165.232.113.85
2023-05-12 02:55:01Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T01:28:39.865Z", "ip": "188.114.96.1", "location_updated_at": "2023-04-29T20:40:06.346917Z", "autonomous_system_updated_at": "2023-04-29T20:40:06.346970Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"landing.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-15T13:31:47.102980654Z"}, "noitafile-proxy.zuibaqi.com": {"record_type": "A", "resolved_at": "2023-05-09T16:21:18.328899036Z"}, "smtp.sharoshop.com": {"record_type": "A", "resolved_at": "2022-10-23T14:06:43.660097027Z"}, "www.test4-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-25T12:35:31.168490324Z"}, "ssl4.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-02-02T00:27:29.175252329Z"}, "pop.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-18T13:44:12.923874025Z"}, "939394.xyz": {"record_type": "A", "resolved_at": "2023-03-24T21:43:29.035929030Z"}, "api.939394.cn": {"record_type": "A", "resolved_at": "2022-12-30T12:33:15.088861766Z"}, "finalsfootyfantasy.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:32.701218324Z"}, "www.shop.charkhak.ir": {"record_type": "A", "resolved_at": "2022-10-14T15:11:46.056786726Z"}, "enter.agpsdo.edu.ru": {"record_type": "A", "resolved_at": "2023-04-13T20:07:14.050231893Z"}, "paradshop.ir": {"record_type": "A", "resolved_at": "2022-11-18T14:16:06.009427234Z"}, "test4-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-28T12:30:46.414407007Z"}, "abcbourse.ir": {"record_type": "A", "resolved_at": "2022-10-25T15:12:33.856179812Z"}, "beautybeyondhair.net": {"record_type": "A", "resolved_at": "2023-03-30T19:32:04.069794297Z"}, "ssl.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-30T15:42:14.364581488Z"}, "demo.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-24T14:59:01.147426415Z"}, "lt.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-24T13:34:44.275517531Z"}, "mybots.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-12-02T15:15:41.628857633Z"}, "karriere-job-booster.at": {"record_type": "A", "resolved_at": "2023-04-12T21:48:57.147456694Z"}, "odenneszolaca.cf": {"record_type": "A", "resolved_at": "2023-02-17T02:27:33.470439994Z"}, "karriere-job-booster.com": {"record_type": "A", "resolved_at": "2023-04-22T14:40:02.799652037Z"}, "uncoveryourconfidence.org": {"record_type": "A", "resolved_at": "2023-05-01T20:11:56.835607536Z"}, "ssl5.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-19T12:26:12.193299619Z"}, "www.barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-14T14:46:07.712552308Z"}, "metako.kz": {"record_type": "A", "resolved_at": "2023-04-26T19:09:17.996870996Z"}, "edu.rabinia.com": {"record_type": "A", "resolved_at": "2022-10-25T13:57:12.441109542Z"}, "www.13709394.net": {"record_type": "A", "resolved_at": "2023-04-25T18:56:56.576355949Z"}, "www.test6-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-03-17T12:46:14.887012316Z"}, "dl.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-26T15:24:28.844795223Z"}, "dornikasafir.de": {"record_type": "A", "resolved_at": "2022-10-02T14:08:30.967547568Z"}, "www.fakherturkman.com": {"record_type": "A", "resolved_at": "2022-11-07T13:24:27.903118674Z"}, "www.barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-10-10T14:59:00.508858938Z"}, "www.test5-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-12-25T12:33:32.915967721Z"}, "password.moeking.me": {"record_type": "A", "resolved_at": "2022-09-25T16:38:19.046997106Z"}, "mail.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "fi.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-05-01T14:32:55.216085423Z"}, "www.133335.xyz": {"record_type": "A", "resolved_at": "2022-09-25T19:02:08.754559807Z"}, "wolny.poker": {"record_type": "A", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "moeking.me": {"record_type": "A", "resolved_at": "2022-09-30T15:32:44.686639976Z"}, "download.8t.cx": {"record_type": "A", "resolved_at": "2023-02-24T17:37:07.782880370Z"}, "test2-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-11-27T12:26:47.852803846Z"}, "133335.xyz": {"record_type": "A", "resolved_at": "2022-10-05T17:45:47.967622672Z"}, "www.clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-04-18T20:54:02.995698546Z"}, "mail.mardinscarf.com": {"record_type": "A", "resolved_at": "2022-11-01T13:38:25.278618273Z"}, "sub.133335.xyz": {"record_type": "A", "resolved_at": "2022-10-03T20:37:50.410080500Z"}, "web3rh.tk": {"record_type": "A", "resolved_at": "2023-02-20T04:15:37.204816270Z"}, "megafrica.ao": {"record_type": "A", "resolved_at": "2022-10-02T12:04:18.005028285Z"}, "ftp.baharelm.ir": {"record_type": "A", "resolved_at": "2023-01-11T15:16:43.150193914Z"}, "ses.co.ir": {"record_type": "A", "resolved_at": "2022-10-03T15:24:37.474565747Z"}, "test1-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-12-05T12:32:16.018654402Z"}, "www.tootanro.com": {"record_type": "A", "resolved_at": "2022-10-24T14:06:17.503873544Z"}, "www.metako.kz": {"record_type": "A", "resolved_at": "2023-05-05T17:41:02.011446152Z"}, "nordjyskgraesslaaning.dk": {"record_type": "A", "resolved_at": "2023-01-19T00:51:09.365049648Z"}, "33t.life": {"record_type": "A", "resolved_at": "2022-12-15T15:20:29.852611959Z"}, "app.myhealthpointe.no": {"record_type": "A", "resolved_at": "2022-10-01T15:32:46.256381743Z"}, "www.939394.xyz": {"record_type": "A", "resolved_at": "2023-03-04T19:54:36.565190153Z"}, "oscord.net": {"record_type": "A", "resolved_at": "2023-05-07T20:04:57.891682634Z"}, "mail.bokharsanat.com": {"record_type": "A", "resolved_at": "2023-04-28T14:34:55.423339504Z"}, "agpsdo.edu.ru": {"record_type": "A", "resolved_at": "2023-04-26T22:14:12.681023418Z"}, "www.ostrovok.net": {"record_type": "A", "resolved_at": "2023-05-07T20:05:01.309575808Z"}, "test6-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-29T12:35:27.340588919Z"}, "mail.lskala.com": {"record_type": "A", "resolved_at": "2023-01-21T13:35:04.083346865Z"}, "mytampered.golf": {"record_type": "A", "resolved_at": "2022-12-22T14:42:39.165034528Z"}, "www.test1-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-11-27T12:26:47.811643407Z"}, "assistant.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-11-15T19:04:22.316842630Z"}, "beautybeyondhair.buzz": {"record_type": "A", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "athletichouseacademic.com": {"record_type": "A", "resolved_at": "2023-04-18T11:24:30.935186784Z"}, "www.rbtradinggroup.com": {"record_type": "A", "resolved_at": "2022-10-24T13:49:09.818009144Z"}, "hola.organizoo.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:38.886997403Z"}, "ritta.app": {"record_type": "A", "resolved_at": "2023-04-20T12:15:33.428852719Z"}, "xnllarblack.art": {"record_type": "A", "resolved_at": "2023-04-21T20:37:36.441653637Z"}, "barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-11-07T14:46:42.708236475Z"}, "oytunjivillage.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:58.523823601Z"}, "www.sanayepishro.com": {"record_type": "A", "resolved_at": "2022-10-23T11:24:26.165823422Z"}, "total-ev-charge.com": {"record_type": "A", "resolved_at": "2023-04-10T16:35:40.386710867Z"}, "panel.moeking.me": {"record_type": "A", "resolved_at": "2022-09-28T16:39:39.161526355Z"}, "barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-15T14:22:57.320001219Z"}, "www.bobo8090.com": {"record_type": "A", "resolved_at": "2023-02-10T13:15:31.285424987Z"}, "persaldo-treuhand.ch": {"record_type": "A", "resolved_at": "2023-01-07T12:29:30.392242949Z"}, "pic.939394.cn": {"record_type": "A", "resolved_at": "2022-12-31T12:38:06.391476974Z"}, "www.otherend.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:39.580563012Z"}, "clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-05-07T21:19:52.237134340Z"}, "e-management.lv": {"record_type": "A", "resolved_at": "2023-05-10T17:58:43.673701872Z"}, "bezi386.xyz": {"record_type": "A", "resolved_at": "2023-03-16T01:18:53.784985236Z"}, "inthemachine.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:39.481058126Z"}, "www.athletichouseacademic.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T13:49:15.422177239Z"}, "sign.moeking.me": {"record_type": "A", "resolved_at": "2022-09-28T16:39:39.465293148Z"}, "www.abcbourse.ir": {"record_type": "A", "resolved_at": "2022-10-20T15:09:44.156091370Z"}, "ftp.netrobotic.ir": {"record_type": "A", "resolved_at": "2023-04-04T18:41:04.300955582Z"}, "de.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-04-28T15:19:37.298278045Z"}, "test5-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-11T12:32:24.608221922Z"}, "diacounneirepuhar.ml": {"record_type": "A", "resolved_at": "2023-02-18T02:32:50.074200205Z"}, "api.snoor.shop": {"record_type": "A", "resolved_at": "2022-11-22T01:28:36.076229399Z"}, "www.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-16T17:06:44.448663582Z"}, "www.test2-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-11-27T12:26:47.902936535Z"}}, "names": ["wolny.poker", "athletichouseacademic.com", "e-management.lv", "www.test4-pointg.nc-testdomain2.club", "noitafile-proxy.zuibaqi.com", "www.clinic.tanyar.org", "megafrica.ao", "sub.133335.xyz", "www.test6-pointg.nc-testdomain2.club", "demo.jamalghamari.com", "enter.agpsdo.edu.ru", "www.13709394.net", "mytampered.golf", "total-ev-charge.com", "dl.jamalghamari.com", "inthemachine.com.au", "lt.makingprojec.com", "www.wolny.poker", "barbecue-masters.dk", "app.myhealthpointe.no", "ses.co.ir", "beautybeyondhair.buzz", "ssl5.nc-testdomain2.club", "www.shop.charkhak.ir", "www.metako.kz", "bezi386.xyz", "barbecuemasters.dk", "nordjyskgraesslaaning.dk", "www.133335.xyz", "test1-pointg.nc-testdomain2.club", "133335.xyz", "ap188.114.96.1
2023-05-12 03:33:52Raw File Meta DataNoBinary String Extractor0040None"Exif 8Photoshop 3.0 mntrRGB XYZ acspAPPL -appl 0cprt Pwtpt chad gTRC mluc 3mluc 2XYZ 5CrOZpRG? rE8d0'8 hl1b1 GJ2W< zkHdm J\pwt P49$v O.D.> Kn8lR 2N001 OpXSw 1r0zb H@?6> Oe!Cg' H8?J ' >\aO4 z98brzQ AP0Gzz ?n@Rq "d!8? ixnGn8 lSr:w nAcJ3 GoZg E<nNq sGpXt NGjTD 7OOZR !$pGZs R>oJ 3pzTy Jv 8<c 60??JX <t5 < zzSYA`G NE\m PCu5.A '4aKp Z@Nzd ?JL.>f Fp9?Zv W!NiH .Fpy wjaq9 Tl em SHp8n J@7.I9 Ip2zs zx?6 RJ7'9 rO85/ 7OOSM JFI$n <coz\ E<d1`8 ?7_J: zdsFGZ M8p9< OcHWw !FOZj iUW$w JOBFir1 @8cns pVV!O f?7nq@ h- R6q Uo1pFq !8<.GJ :Tch t zR>aQ rA \`rO? d7JBX/ J:mpI q@99' R0E7p$ 8cRm` cm?n@ `YppqG 946p:` O!@ r r?1@1 O8nFzw iBG_Zj ORE' m vFGqM SBnn1 NGoaN pNO4https://funny.battleb0t.xyz/images/withat_3.jpg
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NonePlaystation Network (Category: gaming) https://psnprofiles.com/xhr/search/users?q=ayshooayshoo
2023-05-12 03:00:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.23): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:19Web Content TypeNoWeb Spider0040Noneapplication/javascripthttps://fluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000justin000.github.io] https://www.openphish.com/feed.txt000justin000.github.io
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"X_Powered_By": "DISPLAY_UTF8", "Keep_Alive": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Link": "DISPLAY_UTF8", "Alt_Svc": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "X_Powered_By": ["PHP/7.4.33"], "Keep_Alive": ["timeout=5, max=100"], "Vary": ["Accept-Encoding"], "Server": ["LiteSpeed"], "Connection": ["Keep-Alive"], "Link": ["<https://acilacikveteriner.com/wp-json/>; rel=\"https://api.w.org/\""], "Alt_Svc": ["h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\""], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"]}87.248.157.102
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:03:2F:04:BB:BC)33.6170672,-111.90564645297056
2023-05-12 02:54:20HTTP HeadersNoCensys0040None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H06PCVJ4HBKTDMM1V2TTSTEZ"], "Date": ["<REDACTED>"], "Server": ["Netlify"]}2600:1f18:2489:8200::c8
2023-05-12 03:10:04Co-Hosted Site - Domain NameNoDNS Resolver0030Nonecloudflare.comcdnjs.cloudflare.com
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonescratch (Category: coding) https://scratch.mit.edu/users/ayhu/ayhu
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider4030Nonehttps://funny.battleb0t.xyz/gallery.csshttps://funny.battleb0t.xyz/
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NonePP2104 (Net ID: 00:19:CB:7B:6C:D7)40.2024, 29.0398
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "webmailsession=%3ai7RZ7smCZHbrrA3k%2cc6f59b16b1db3e998a7645b6e2984b9e; HttpOnly; path=/; port=2095", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2095", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "roundcube_cookies=enabled; HttpOnly; expires=Fri, 10-May-2024 13:43:03 GMT; path=/; port=2095"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeensGroep (Net ID: 00:01:21:1C:17:B0)52.3759, 4.8975
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneKNOLBEHEER (Net ID: 00:01:24:F0:5F:22)52.3759, 4.8975
2023-05-12 02:50:29Physical AddressNoGLEIF1030None2155 E. GoDaddy Way, Tempe, US-AZ, US, 85284Go Daddy, LLC
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider2030Nonehttps://pics.battleb0t.xyz/images/reveloder.jpghttps://pics.battleb0t.xyz/
2023-05-12 02:56:30Physical LocationNoFraudguard0030NoneGermany, Hesse, Frankfurt am Main207.154.228.169
2023-05-12 03:09:46Affiliate - Internet NameNoDNS Resolver0040None66.170.74.34.bc.googleusercontent.com34.74.170.66
2023-05-12 02:44:35Co-Hosted Site - Domain NameNoDNS Resolver0030Nonenetlify.appnetlify.app
2023-05-12 02:44:15Co-Hosted SiteNoSSL Certificate Analyzer0120Nonenetlify.appfunny.battleb0t.xyz
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c57adae9fbb90f2-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.96.1
2023-05-12 03:34:02Raw File Meta DataNoBinary String Extractor0040NoneIDATx m_p Y 0a6-X h5Zh5b 4L8uS >m7xY YGhP5 10IMLR bc<p0 :"CGlZ k>04D A nL/ "KBt:-t h\dHkQU 2<qC jg>v\i AW$@C V3\/g :>2'F WF93l IDATV S93lg `f--p >m'xY3t` :'9Pp .C-Z1 0BL@'x IgL<S` b5la- ?sbrH Bq18x A92tp f!34_ 4tk 3F@s.F y by2 .z23c :\i_U 0`S7g 0.H@1 VXR/t DeuLK L5g0s o:LGXb Q3w5c af`03 3EEito D:hSE p6!X3 L<vf: T>wke M46@LR AY5:3 NGqyG mFEmF ujL l s"978b avEV1 T.f>Bo `t3@V jvQ@M9 4:k?u\ a\'c03q fjAYU XT7B/ Nt3te -94tc TOM' L<fv? :1teL? KeTN3 R1G3@ L2rf: z94-L 95K95 p_KcW 8-X8eR 4qZ0qR`l \5Q F yLSzA'm1 YC5NV 6/F1/z rRZ21 >ifp3 9CI<c\ Tfx2B Ql2 l 8rFLV !Lrlv Otu43a k`XjcT 3l9? _JbXI Z\qcd3 aF<3L aDs?cc@uF \.:8_u 0.WF<5_ 0Tfx H`U?X 7IaSahttps://funny.battleb0t.xyz/images/kappi_1.png
2023-05-12 02:53:56Netblock IPv6 MembershipNoCensys0020None2606:50c0:8001::/482606:50c0:8001::153
2023-05-12 02:46:55Internet NameNoDNS Resolver0020Nonepanel.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:04 2022 GMT Not After : Feb 15 09:44:03 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77: 53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b: 73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62: 24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2: 03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36: 58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85: 49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48: 2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84: 3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52: e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6: 40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33: d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc: e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc: 3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4: 81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39: 5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43: e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa: 77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b: 0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb: ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf: a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f: 41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b: 1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9: 9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd: d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac: 58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32: bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8: 3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48: 40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28: 19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e: a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3: 69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af: f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65: 82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16: 21:a3:69 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:05.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:6A:5D:4C:DD:33:BA:F4:6D:06:CD:62:8E: 62:A6:29:12:73:7E:C4:39:CD:7D:CB:4D:69:0D:6B:E6: 45:D1:49:BA:02:20:62:DC:B1:D6:60:8B:66:25:C3:6B: 92:41:2D:6B:D9:09:69:75:B3:D8:0A:B3:0D:7C:54:94: 66:20:F5:CC:6B:CE Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 10:44:05.107 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:83:1E:C1:82:64:68:53:D0:B4:02:DB: 57:9B:B5:22:1E:9E:35:DC:46:F1:4F:28:01:0D:8C:E2: 45:59:C5:A9:E3:02:21:00:96:C6:99:D6:12:DF:9E:19: D7:CD:44:66:3D:89:58:9B:65:51:7C:84:99:4A:C9:3C: 8B:FE:37:A8:47:DE:C3:56 Signature Algorithm: sha256WithRSAEncryption 41:96:b5:7d:95:d4:ae:2d:a9:b4:a2:a9:03:e1:6c:2c:ea:0b: 12:67:47:89:ea:84:af:bc:58:df:6e:9e:7a:17:58:2c:fc:ee: 11:c4:75:03:fe:d2:23:80:47:ef:3d:f5:e5:85:f3:73:e7:e9: a1:39:06:c3:b0:7b:8d:b5:5d:d0:86:03:d3:f0:e2:af:ce:56: 94:97:70:df:5f:13:c2:f2:0c:0e:3f:44:5f:9e:08:77:8b:e6: 63:50:70:6c:63:3d:92:b8:47:22:c8:bb:cb:d9:49:34:87:f7: e2:00:f1:f4:7c:31:9b:cf:cf:90:32:54:5b:7a:ef:36:94:28: 65:2b:6e:da:99:67:84:fc:a6:85:ec:a5:21:86:4c:1e:b9:bf: c1:78:0c:7d:6f:7b:a9:50:f0:ef:72:58:32:06:0c:16:de:59: 67:a5:1c:78:dd:a6:2d:3d:28:7f:42:c7:3b:53:0e:90:8f:81: 59:03:3d:d2:aa:47:fb:09:53:87:e3:c8:82:e2:86:64:89:77: d1:60:50:5c:4a:fa:5f:c3:d3:98:9d:1d:83:27:60:ff:97:a3: 81:ce:78:29:a2:b7:68:63:8d:a5:42:50:56:9e:a6:9b:1c:0b: e6:30:3b:4d:cb:fe:88:86:0f:0c:9c:8b:ca:5a:30:20:2e:22: ad:5a:67:9d
2023-05-12 03:09:16Co-Hosted Site - Domain WhoisNoWhois3030NoneDomain Name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com Updated Date: 2022-10-23T13:11:02.954Z Creation Date: 2022-09-09T13:47:20.593Z Registry Expiry Date: 2023-09-09T13:47:20.593Z Registrar: NAMECHEAP Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Fax: REDACTED FOR PRIVACY Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: wesley.ns.cloudflare.com Name Server: rachel.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<< For more information on domain status codes, please visit https://icann.org/epp The WHOIS information provided in this page has been redacted in compliance with ICANN's Temporary Specification for gTLD Registration Data. The data in this record is provided by Uniregistry for informational purposes only, and it does not guarantee its accuracy. Uniregistry is authoritative for whois information in top-level domains it operates under contract with the Internet Corporation for Assigned Names and Numbers. Whois information from other top-level domains is provided by a third-party under license to Uniregistry. This service is intended only for query-based access. By using this service, you agree that you will use any data presented only for lawful purposes and that, under no circumstances will you use (a) data acquired for the purpose of allowing, enabling, or otherwise supporting the transmission by e-mail, telephone, facsimile or other communications mechanism of mass unsolicited, commercial advertising or solicitations to entities other than your existing customers; or (b) this service to enable high volume, automated, electronic processes that send queries or data to the systems of any Registrar or any Registry except as reasonably necessary to register domain names or modify existing domain name registrations. Uniregistry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. All rights reserved. Domain name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-09T13:47:20.59Z Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Name Server: rachel.ns.cloudflare.com Name Server: wesley.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<< For more information on Whois status codes, please visit https://icann.org/eppnom-nom.link
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.200): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonereflektions (Net ID: 00:01:38:8D:E0:8C)37.7642, -122.3993
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneUnited States001viet.com
2023-05-12 03:23:09Open TCP PortNoPulsedive0030None188.114.96.0:2053188.114.96.0/24
2023-05-12 02:54:21HTTP HeadersNoWeb Spider2050None{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:21 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:21 GMT", "cf-ray": "7c5f60688e300ce1-EWR", "content-type": "text/css", "x-frame-options": "DENY"}http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneUnited States Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2015-10-20T06:46:53Z Creation Date: 2009-02-17T22:08:05Z Registry Expiry Date: 2024-02-17T22:08:05Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARE.NET Name Server: NS2.CLOUDFLARE.NET Name Server: NS3.CLOUDFLARE.NET Name Server: NS4.CLOUDFLARE.NET Name Server: NS5.CLOUDFLARE.NET DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2022-03-16T19:39:08Z Creation Date: 2009-02-17T22:08:05Z Registrar Registration Expiration Date: 2024-02-17T22:08:05Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Name Server: ns1.cloudflare.net Name Server: ns2.cloudflare.net Name Server: ns3.cloudflare.net Name Server: ns4.cloudflare.net Name Server: ns5.cloudflare.net DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited States+14806242505
2023-05-12 02:54:21Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.teamtailor.com/?utm_content=email-logo&amp%3Butm_source=can_recommend&amp%3Butm_medium=email&amp%3Butm_campaign=poweredby', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_8ac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8ac_ConnHashTable<2220>_HashTable_Mutex"\n "IsoScope_8ac_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_8ac_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_8ac_IE_EarlyTabStart_0x9a4_Mutex"\n "IsoScope_8ac_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2220"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.83.23.240:443"\n "34.102.226.70:443"\n "185.199.109.153:443"\n "172.217.12.104:443"\n "104.18.40.148:443"\n "142.250.189.174:443"\n "142.251.2.156:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cookie-cdn.cookiepro.com"\n "site.teamtailor-cdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"b,"vert.pix");break;case "PERCENT":Fy(d.verticalThresholds,b,"vert.pct")}Ev("sdl","init",!1)?Ev("sdl","pending",!1)||J(function(){return Gy()}):(Cv("sdl","init",!0),Cv("sdl","pending",!0),J(function(){Gy();if(Hy()){var e=Iy();qc(z,"scroll",e);qc(z,"resize",e)}else Cv("sdl","init",!1)}));return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "l=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gf:d,Ef:e,Ff:f,lg:g,mg:h,gd:l,Xa:b},p=z.YT,q=function(){Vy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Yy(w,"iframe_api")||Yy(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Py&&Wy(x[A],n.gd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "Py=!0,b});return b}Zy.M="internal.enableAutoEventOnYouTubeActivity";var $y;function az(a){var b=!1;return b}az.M="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},R(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Hh.ia+"&cx=c";hs()&&(f+="&sign="+Hh.se);var g=Qh||Zh?gs(b,f):void 0;g||(g=So("https://","http://",Hh.Gd+f));Cl().destination[a]={state:1,context:c};mc(g)}};function is(){if(xl()){return!0}return!1};var ls=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ms={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ns={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Yv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,l){var n=a(),p=n.Lf,q=void 0!==l?Math.round(l):void 0!==h?Math.round(n.Lf*h):Math.round(n.Uh),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Hk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Av(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "gb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-white-boozt-08d85fbec897e7d82f0a6036c9faf79f_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-white-arcticshores-e99943515962c301c3dabac179c35bbc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "PONSSE-Mono_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "YUJTL01Z.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YUJTL01Z.txt]- [targetUID: 00000000-00003556]\n "otPcCenter_1_.json" has type "JSON data"- [targetUID: N/A]\n "BHE6KHYQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BHE6KHYQ.txt]- [targetUID: 00000000-00003556]\n "thumbnail-tailify_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 56x56 segment length 16 Exif Standard: [TIFF image data little-endian direntries=8 description=Screenshot orientation=upper-left xresolution=122 yresolution=130 resolutionunit=3 software=GIMP 2.10.32 datetime=2023:03:03 15:41:04] comment: "Screenshot" progressive precision 8 800x447 components 3"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "otBannerSdk_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "RecoveryStore._257433F5-CA39-11ED-BBDD-0800270C1BB7_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "EH4F6MUO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EH4F6MUO.txt]- [targetUID: 00000000-00002220]\n "SD5F50OT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SD5F50OT.txt]- [targetUID: 00000000-00002220]\n "VOMTWSHD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VOMTWSHD.txt]- [targetUID: 00000000-00003556]\n "U7ASHGL6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U7ASHGL6.txt]- [targetUID: 00000000-00003556]\n "EM4GSH39.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EM4GSH39.txt]- [targetUID: 00000000-00003556]\n "_257433F7-CA39-11ED-BBDD-0800270C1BB7_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC8E8017BFE37FFB6.TMP" has type "data"- Location: [%TEMP%\\~DFC8E8017BFE37FFB6.TMP]- [targetUID: 00000000-00002220]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://tailwindcss.com"\n Pattern match: "https://+c"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "https://github.com/zloirock/core-js/blob/v3.29.0/LICENSE,source:https://github.com/zloirock/core-js"\n Pattern match: "http://fb.me/use-check-prop-types"\n Pattern match: "https://github.com/jonsuh/hamburgers"\n Pattern match: "https://jonsuh.com/hamburgers"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://www.teamtailor.com/en//"\n Pattern match: "https://www.googletagmanager.com/gtm.js?id=\'+i+dl+\'\';f.parentNode.insertBefore(j,f)"\n Pattern match: "MUID3B8AEA96FB9767392F82F848FADB66E8msn.com/10252761920003110112568170117331022662*"\n Pattern match: "google-analytics.com/g/collect},pA=function(){var"\n Pattern match: "www.youtube.com,www.youtube-nocookie.com],Oy,Py=!1"\n Heuristic match: "cookie-cdn.cookiepro.com"\n Pattern match: "https://+g,l=http://+g,n=1,p=H.getElementsByTagName(script),q=0;q"\n Pattern match: "https://td.doubleclick.net:https://googleads.g.doubleclick.net};var"\n Pattern match: "www.teamtailor.co185.199.109.153
2023-05-12 03:31:58Open TCP PortNoPulsedive0030None188.114.97.0:8080188.114.97.0/24
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: close Content-Type: text/html; charset="utf-8" Date: <REDACTED> Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Set-Cookie: whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Set-Cookie: whostmgrsession=%3a6IuBt4aiK1K5mEWt%2ce37772b57ce45a47eb222a7bbd7feb28; HttpOnly; path=/; port=2086 Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2086 Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086 Cache-Control: no-cache, no-store, must-revalidate, private X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Encoding: gzip Content-Length: 12420 87.248.157.102
2023-05-12 02:51:07Malicious IP AddressYesVirusTotal0120NoneVirusTotal [172.67.135.9] https://www.virustotal.com/en/ip-address/172.67.135.9/information/172.67.135.9
2023-05-12 03:08:47Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.225104.196.30.220
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.215): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:31Internet Name - UnresolvedNoDNS Resolver0020Nonetiktok.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:00:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.22): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:15Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.135): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:56:56Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 21:24:59 2022 GMT Not After : Mar 18 21:24:58 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc: d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47: aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0: 0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e: 2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0: da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8: b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff: fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97: a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b: 6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03: 22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d: 9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac: 24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21: da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af: 7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7: 26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81: bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82: d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12: 18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d: 99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0: cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80: d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb: 59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72: 2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7: ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba: 53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33: 69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80: 18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23: 36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13: 84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4: 48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43: bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52: 0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1: 30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c: 5b:43:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a0:b0:46:e1:61:f3:0f:d5:bd:4b:02:c1:d6:75:b9:f8:08:3f: 64:70:3e:0a:8e:05:b2:6a:d5:2d:f4:c2:44:2e:a1:69:fc:5f: a9:1c:d9:a6:04:60:12:75:b1:76:52:fb:f1:ff:75:9e:04:19: 67:aa:4f:00:aa:4d:57:a4:a3:68:1c:aa:cb:35:1d:41:8c:dc: 11:dd:f7:90:a2:ae:7c:e8:50:6f:3b:c0:1b:42:7c:1c:15:9c: 91:57:04:35:95:16:bb:4c:ff:22:e0:0c:44:a1:11:6c:76:07: 39:1f:59:4c:5d:c4:6b:b6:12:26:1e:1d:32:67:40:25:44:dc: e3:1a:dc:31:b4:f1:92:10:ce:d6:3c:cd:02:c8:22:d7:81:50: ea:ac:04:3b:1f:4b:51:ae:33:f4:24:8b:7f:2e:d9:ff:38:ef: db:4c:3c:9b:ec:f5:3c:20:af:9a:a6:6e:49:52:0d:57:8a:fe: 12:8f:6b:6e:14:14:d7:22:a3:1b:92:9c:e8:00:cd:fb:2f:a9: 04:b2:c9:5f:ce:7b:7e:43:9a:5c:9d:bc:db:c0:27:6e:61:a2: 00:b8:76:ec:1b:e2:30:04:0a:2e:39:6e:d4:82:d8:1e:28:94: 6b:51:10:7b:2b:3f:22:2b:a5:a4:34:1d:1e:d0:b6:84:c0:7c: de:7e:13:7e
2023-05-12 02:44:24Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.109.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonedraadloos (Net ID: 00:01:E3:4A:CD:74)52.3759, 4.8975
2023-05-12 02:59:51Affiliate - Email AddressNoE-Mail Address Extractor0030Nonejloup@gzip.org[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&amp;hl=en-US&amp;client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu
2023-05-12 03:11:20Physical CoordinatesNoAbstractAPI0030None50.1188, 8.6843165.232.113.85
2023-05-12 02:57:24Internet NameNoCertificate Transparency0010Nonenwapi.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:47:55SSL Certificate - Raw DataNoCertificate Transparency2010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 15 23:40:10 2023 GMT Not After : Jun 13 23:40:09 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90: 49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84: 18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef: 4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34: 46:4c:ee:fd:f2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3c:23:1a:4a:59:35:02:c1:c6:ee:ce:b0:90:2b:32:ff:c3:73: 00:60:2e:9e:f9:30:da:4e:15:e2:5a:99:e8:dc:18:9e:39:ed: 69:f1:83:a4:0a:04:28:db:64:81:bf:64:61:e9:65:9c:4b:bf: 43:b4:21:89:ab:e2:5c:b4:ea:8e:55:b3:f4:e4:d9:42:3e:20: e0:83:2a:75:f9:b5:2c:98:6f:90:e7:e4:4a:86:e5:ab:f3:97: c8:a9:85:ff:6a:e9:35:8d:3d:30:f6:db:5e:e0:f1:27:f3:d3: e7:f7:29:be:31:75:49:43:f6:99:93:6d:06:65:d1:3e:4c:29: 66:fd:2f:93:e9:c6:ec:30:8a:f2:58:08:03:45:02:a0:57:b1: 3b:0b:b4:a9:ed:aa:8b:9f:ac:43:5a:55:10:bb:1e:31:d5:e4: c1:37:cd:22:a3:bd:26:b6:f1:01:e1:68:e2:c6:50:80:44:4b: cd:a0:4a:80:cc:93:e4:1b:7e:d7:af:21:2c:ce:f2:c1:d0:70: 17:ad:3a:29:15:d4:b9:ee:11:c8:aa:7f:fa:b4:9a:33:05:ef: 47:de:10:55:c2:f1:9f:19:e4:ad:0a:83:ff:a1:86:3d:18:bd: 73:d4:39:8b:bb:51:02:17:cb:89:c6:27:d9:b8:f2:7c:d7:bd: a5:b5:9a:11 battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Noneoconnell (Net ID: 00:02:2D:2F:3E:1F)34.0544, -118.244
2023-05-12 03:32:15Open TCP PortNoPulsedive0030None188.114.97.8:443188.114.97.0/24
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.196): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:51HTTP HeadersNoCensys0030None{"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06G1NS24K8856E7B6C2JF02"], "Server": ["Netlify"]}34.74.170.74
2023-05-12 03:00:36Affiliate - Email AddressNoE-Mail Address Extractor0040None28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Domain Name: CLOUDWAYSAPPS.COM Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-09-12T18:44:13Z Creation Date: 2012-01-04T12:17:34Z Registry Expiry Date: 2028-01-04T12:17:34Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-1086.AWSDNS-07.ORG Name Server: NS-2016.AWSDNS-60.CO.UK Name Server: NS-222.AWSDNS-27.COM Name Server: NS-854.AWSDNS-42.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: cloudwaysapps.com Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-06-22T11:27:03.11Z Creation Date: 2012-01-04T12:17:34.00Z Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Name Server: ns-222.awsdns-27.com Name Server: ns-854.awsdns-42.net Name Server: ns-1086.awsdns-07.org Name Server: ns-2016.awsdns-60.co.uk DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:57:23Internet NameNoCertificate Transparency0010Noneoldfluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:37:42Physical LocationNoMetaDefender0030NoneFrankfurt Am Main, Germany45.131.109.53
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget2020None0.github.io185.199.111.153
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5b6bb0ea398702-ORD 188.114.97.1
2023-05-12 03:33:50Raw File Meta DataNoBinary String Extractor0040None pHYs iTXtXML:com.adobe.xmp <xmp:CreatorTool>Adobe ImageReady</xmp:CreatorTool> <tiff:Orientation>1</tiff:Orientation> </rdf:Description> </rdf:RDF> </x:xmpmeta> IDATx zZrC "6k!6 JlJQI 5.-q _ y5b HBT 7 h_'/o "6a"B 3fL@rR 6L NR $6qm. vc0dj p<N Q 8aS'_?G Iz/S. h'edI 8IRg\ UfnX'c NjQX00B@ IVcM\ uTYkr gjwus HtHCj q G9$ ?J__YQy USSS` OBj c 'QOoL GpyU7 ybe@ ? QIZVg O$MMMu @.X0E <5!`2E ?bczo IlH0c https://fluid.battleb0t.xyz/gp_badge.png
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2082188.114.97.1
2023-05-12 02:58:45SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 0c:e3:f4:1c:e8:cb:bb:cf:13:f7:6c:6f:36:5e:c2:eb Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Feb 11 05:22:10 2023 GMT Not After : May 12 05:22:09 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ce:18:28:ee:1e:4b:a0:54:f5:b2:a8:46:72:fa: 7a:1b:b5:83:d9:b7:b9:85:b6:7e:b8:27:ed:42:bb: f5:8d:d9:0c:96:a1:ac:39:e8:ba:ac:6a:f9:9f:0d: 46:7d:1d:65:d4:56:4a:89:c7:ac:f3:42:0e:7d:79: 7a:b0:01:1a:1e:df:5a:64:96:92:41:7b:76:b3:71: 65:05:d4:d3:ac:cb:dd:ed:f6:10:2e:3d:94:bc:fe: b8:5d:9b:af:1f:73:66:41:55:24:91:8f:6a:93:09: c4:a9:4e:cc:3f:db:83:53:92:be:e5:79:63:d7:c0: f2:ad:fb:15:4c:da:cf:26:0f:ae:09:13:32:5e:2f: 61:79:df:43:b7:2e:3e:7a:3f:f1:71:51:6a:d0:2c: 51:14:2b:e5:5a:3a:2a:63:a7:80:69:d6:dd:ff:21: c9:3a:6c:59:b1:94:d7:a0:d6:e0:c5:59:62:0d:45: 33:fc:cc:08:f3:b9:08:a9:ea:24:98:5f:22:3c:5b: 51:7a:ef:2a:db:8c:ca:b6:bd:39:1c:ec:e9:76:19: 54:df:f7:38:11:32:20:7f:02:4a:bb:97:a7:34:fd: a8:8b:36:ea:36:af:62:53:9d:78:4a:b7:98:3a:a9: 07:8f:74:9e:43:31:08:ab:be:62:c0:5e:01:ec:ce: 53:dd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: F7:A7:5E:24:2E:1C:7A:7A:2A:90:36:DF:66:18:6B:A7:17:36:7E:3E X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_NaLKSGSIEY CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/fXbrD094iyQ.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 09:bc:ea:b6:cf:53:d5:18:fa:35:01:f5:1a:84:b4:db:1b:35: a8:21:d4:b0:1c:8c:61:d9:0a:ed:8a:98:0e:ec:59:d1:7e:8a: 57:4f:81:85:21:9d:81:17:a5:6d:50:b7:02:17:30:3f:51:39: 0f:0d:a8:d9:9c:3b:6f:9f:16:6b:f6:f6:71:30:1e:f6:cd:df: 76:28:c1:38:b4:2a:e8:d2:ce:d8:22:7a:dc:2b:32:d6:cb:47: 88:b5:09:84:fa:12:6c:6e:e0:35:16:bb:24:8c:97:ba:91:7e: 45:50:9e:95:dc:7b:ff:96:e1:f9:37:11:30:5c:89:2e:ed:a5: 42:7f:26:b7:5c:84:0f:5f:e0:da:f9:32:fa:e2:bd:aa:52:51: 70:cd:f0:79:e0:2d:8e:67:56:3c:ba:c2:1e:d9:2f:a6:4b:13: 8c:cf:70:85:8b:05:86:ea:ed:7a:8a:75:c4:87:c4:fc:b8:11: 72:8c:37:b1:f0:08:21:35:fa:6a:0a:a7:28:58:06:2e:4b:74: 11:70:1e:20:5f:d2:60:2c:f6:42:ca:fa:2c:6e:50:27:2a:ea: bd:8f:2d:c2:66:e4:e3:0c:69:4a:0b:47:18:a2:29:2b:ca:35: 4e:52:e9:78:dd:08:a8:e2:6b:51:5d:78:d4:f2:8b:19:66:55: d1:aa:21:f5 ayhu.xyz
2023-05-12 02:44:07Software UsedYesTool - Wappalyzer0010NoneVarnishbattleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneiTrack at Milbank (Net ID: 00:02:2D:2D:57:34)34.0544, -118.244
2023-05-12 02:51:45Raw Data from RIRsNoHybrid Analysis2020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=a85668108cb3&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3704:120:WilError_01"\n "SM0:3704:304:WilStaging_02"\n "Local\\SM0:3704:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3704:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.122:443"\n "142.251.2.157:443"\n "151.101.0.176:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "142.251.46.164:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.14325218193887401859"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.5569041425166893211"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\shopping.js]- [targetUID: 00000000-00002332]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir2332_1139505351\\Ruleset Data]- [targetUID: 00000000-00002332]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00002332]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00002332]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2332_751382652\\Filtering Rules]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2332_1705320843\\edge_driver.js]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\edge_driver.js]- [targetUID: 00000000-00002332]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2332_1705320843\\vendor.bundle.js]- [targetUID: 00185.199.108.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonedatezone (Category: XXXPORNXXX) https://www.datezone.com/users/login/login
2023-05-12 02:55:15Software UsedYesCensys0030Noneopenssh165.232.113.85
2023-05-12 02:54:07Netblock IPv6 MembershipNoCensys0020None2606:4700:3031::/482606:4700:3031::ac43:8709
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneJacobson1 (Net ID: 00:09:5B:C6:54:54)39.0469, -77.4903
2023-05-12 02:54:51Physical LocationNoCensys0030NoneNorth Charleston, South Carolina, 29418, United States, North America34.74.170.74
2023-05-12 03:33:50Raw File Meta DataNoBinary String Extractor0040None pHYs tEXtSoftware ezgif.com IDATx owqpphF \\\`gg !LHH EEEF3 HJJBDD //Oq bcc1o mll84 jerrrLl Q_dv4k <x _! 8xOOO 322H\\ BHnn.y vvv$..NI 22QQQr J2QQQJ hlOKKS zuxzz d @ta qzmm5 sGQF1 ///DDD .lK!$$D 199Y. D"""t kSlll bDGGc !HIIQ \\\PTT 777dgg q740L$ App0u U9xgg ppp@QQ QTTTF UItt4 r@8::b kn3xc rssCPP 899!"" HO6'\\\ xyyiu q?WWW HOOGII nwwwr SoII >_6rss ZBBB4 _RRB> 8q"qww Ye<<< 5Cxx8 klOKK :t@TT BBB8s <RRR4 .gggxyy @`` o @iF0>2 vzyyq x\$'' \\\x?.Pz fRRR0i kYe6m ux"33 dgnn. gggGF /_"!! 322Lh - `2 JJJtQM R'SRR D"Y?z 5tEXtComment https://fluid.battleb0t.xyz/app_badge.png
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonedevRant (Category: coding) https://devrant.com/users/loginlogin
2023-05-12 02:54:48Open TCP PortNoCensys0030None34.148.97.127:8034.148.97.127
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}104.21.6.166
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneMS54GURN (Net ID: 00:0D:3A:70:7B:09)39.0469, -77.4903
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00nave198.github.io] https://www.openphish.com/feed.txt00nave198.github.io
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None00:02:2D:05:7E:8A (Net ID: 00:02:2D:05:7E:8A)37.780462,-122.390564
2023-05-12 02:45:44Physical CoordinatesNoAbstractAPI43020None37.751, -97.8222606:50c0:8002::153
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NonejQuery CDNfunny.battleb0t.xyz
2023-05-12 02:44:07Internet NameNoCertSpotter44010Nonewww.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneVIGO (Net ID: 00:01:E3:4A:C7:EB)50.1188, 8.6843
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:77:9F:5D)33.336199,-111.89446440830702
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonefse2 (Net ID: 00:01:38:A0:A1:09)37.780462,-122.390564
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c564d9c4d65692b-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.97.1
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None7717 7361 (Net ID: 00:00:C5:FC:FE:34)37.7813933,-122.3918002
2023-05-12 02:52:05Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://hassan-gamall.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6760:304:WilStaging_02"\n "SM0:6760:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6760:304:WilStaging_02"\n "Local\\SM0:6760:120:WilError_01"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httpshassan-gamall.github.ionetflix")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006768]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006768]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006768]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006768]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006768]\n "Tabs_13327998438932197" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13327998438932197]- [targetUID: 00000000-00006768]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006768]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5d847ab1-2881-4324-a2c6-29fe1a950926.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\5d847ab1-2881-4324-a2c6-29fe1a950926.tmp]- [targetUID: 00000000-00006768]\n "88a6edb1-7ca5-423a-948d-baf040324d05.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\88a6edb1-7ca5-423a-948d-baf040324d05.tmp]- [targetUID: 00000000-00006768]\n "a969316a-dad8-4b0d-bf02-210809eb9653.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\a969316a-dad8-4b0d-bf02-210809eb9653.tmp]- [targetUID: 00000000-00006768]\n "6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp]- [targetUID: 00000000-00006768]\n "be503e2a-334b-416d-8133-7309c5f020e8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\be503e2a-334b-416d-8133-7309c5f020e8.tmp]- [targetUID: 00000000-00006768]\n "3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp]- [targetUID: 00000000-00006768]\n "ba18673a-06ca-42f2-836f-2b95dafc094e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ba18673a-06ca-42f2-836f-2b95dafc094e.tmp]- [targetUID: 00000000-00006768]\n "8a917af9-8d36-4842-b176-78503ca8e5cb.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8a917af9-8d36-4842-b176-78503ca8e5cb.tmp]- [targetUID: 00000000-00006768]\n "Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor]- [targetUID: 00000000-00006768]\n "Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies]- [targetUID: 00000000-00005860]\n "Network Action Predictor-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor-journal]- [targetUID: 00000000-00006768]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\000003.log]- [targetUID: 00000000-00006768]\n "222527e1-3f73-4acc-a332-f69002db3178.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\222527e1-3f73-4acc-a332-f69002db3178.tmp]- [targetUID: 00000000-00006768]\n "f838898f-efdb-43ba-a200-ee2debfcb004.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\f838898f-efdb-43ba-a200-ee2debfcb004.tmp]- [targetUID: 00000000-00006768]\n "9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp]- [targetUID: 00000000-00006768]\n "7f4cd2f4-322e-419e-b872-153c4df2b660.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7f4cd2f4-322e-419e-b872-153c4df2b660.tmp]- [targetUID: 00000000-00006768]\n "4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp]- [targetUID: 00000000-00006768]\n "Cookies-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies-journal]- [targetUID: 00000000-00005860]\n "History-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00006768]\n "urlref_httpshassan-gamall.github.ionetflix" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00006768]\n "000004.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Session Storage\\000004.log]- [targetUID: 00000000-00006768]\n "0a0f3415-fbdd-4dcb-895f-bbcb036930f4.tmp" has type "ASCII text with very long lines with no line terminators"- L185.199.108.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonetc (Net ID: 00:12:BF:FD:D7:70)40.2024, 29.0398
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMaingau (Net ID: 00:02:2D:74:7A:73)50.1188, 8.6843
2023-05-12 02:52:45Malicious IP AddressYesVirusTotal0030NoneVirusTotal [35.229.48.116] https://www.virustotal.com/en/ip-address/35.229.48.116/information/35.229.48.116
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneYILBEKKIMYA (Net ID: 00:02:CF:C6:17:D5)40.2024, 29.0398
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:26:98:C5)33.336199,-111.89446440830702
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.240): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonekids (Net ID: 00:0C:41:FC:94:E2)39.0469, -77.4903
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonemyLGNet (Net ID: 00:01:36:41:8C:04)50.1188, 8.6843
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5e6685bb0686ab-ORD 188.114.96.1
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.96): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget1020None001viet.com185.199.111.153
2023-05-12 02:44:35SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:22:44 2022 GMT Not After : Feb 15 13:22:43 2023 GMT Subject: CN=www.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8: 01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55: 3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01: 75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed: a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5: 3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08: ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e: 21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5: d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd: 4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7: c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b: 82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21: 90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d: 9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19: f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17: 7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81: ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad: f0:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 14:22:44.733 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:7D:43:FE:B2:8F:39:1E:47:D3:4E:E0:E7: C1:B1:8B:57:06:D2:76:ED:81:DE:13:92:4B:59:E1:0D: E1:54:A6:2E:02:20:27:F3:A5:E3:4D:A0:5B:74:9C:AE: 24:19:49:4F:5A:4D:03:EC:31:45:B7:6C:88:42:8E:2E: D2:BE:8C:FB:57:B0 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 14:22:44.759 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:67:2A:3E:AE:5B:FA:9D:21:E6:78:C9:B5: 32:84:F5:3A:5F:3D:2C:3F:95:0F:DC:A5:59:86:0D:C8: 0B:41:11:D2:02:20:63:16:72:2A:95:56:D8:41:75:BA: 49:9E:23:2F:53:25:77:A6:63:94:8C:F3:B6:53:AF:2A: A8:59:D1:A9:9C:CD Signature Algorithm: sha256WithRSAEncryption 69:f6:10:de:4a:59:85:12:cb:0c:73:ae:07:34:65:83:35:84: f1:e5:d1:1e:aa:81:f0:fa:c1:7d:ee:43:55:61:61:1e:9a:45: 59:44:67:b5:db:f6:4c:78:25:c7:53:7c:97:8b:4a:fb:11:dc: e0:51:d3:53:45:91:34:32:cb:90:47:86:dc:ed:a1:bd:fc:40: e0:a4:14:29:bc:25:da:55:40:59:c3:ef:db:fe:30:93:c5:20: 36:cc:8b:d7:fc:4b:50:d2:9b:3f:37:90:2f:31:18:82:e6:3f: 62:9d:55:68:5f:c7:cc:a4:c8:0d:5f:fd:5c:04:b8:f7:81:3f: f8:b5:3b:7a:5a:ce:e7:04:7f:b8:8e:e7:e7:b8:de:fe:45:18: 97:a0:82:7c:ec:ee:27:75:85:c8:99:88:62:de:9e:d4:17:24: 92:d4:62:f4:bf:04:0c:53:8e:c9:0d:cf:b1:fe:cf:33:b8:c3: de:c2:59:25:4d:da:c4:cc:15:c1:19:62:b5:0e:04:65:79:3e: 2f:e1:2d:3a:0e:b5:1f:59:5f:24:31:fb:44:b9:a9:7b:5b:d0: 1a:d5:2d:c5:8a:f4:b5:d2:15:a9:55:4e:d6:8d:41:10:d0:3d: 11:3d:f3:ae:e5:6d:45:ec:47:8d:7f:36:ac:00:31:76:64:4a: f9:2f:a2:25 battleb0t.xyz
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.140): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneBrandis Wifi 2GHz (Net ID: 00:01:9F:20:CA:50)34.0544, -118.244
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2087104.21.6.166
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMainSurf (Net ID: 00:02:2D:8B:15:E0)50.1188, 8.6843
2023-05-12 02:55:21Software UsedYesCensys0030NoneUbuntu Linux207.154.228.169
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCFS (Net ID: 00:18:39:0C:15:86)32.8608, -79.9746
2023-05-12 02:49:32Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://app-mobile-link.ml', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3DJ9Mp_mSllOFscLbgTD69Yd5M4iZvJ2paH7zkSD0m2J2dAKbXAH-2BqpVRSKcCjXP2k6p2y4nrVy7lmBrfgOzMBh71z-2FxzpQdOSEWu-2BZu6bLzGdNpAef0msgWTQ8GjPF3HDwIREahUwNjJmuPNPOCq8kmJFsGkQuKDPvi3VJ-2BwWOm3SROtMgrYyhDlnRSELMQK13gLTLKNNOp2u9AW5EZxz6MgcQRFVPz8yG-2BrL1av-2FleG35b4hBziNJLJOnOKWJG9RES5MX1Ek-2FPBzBGpdQpeubFqiI89NGHHrQdpAH4cQB4XK6aVSi4cb7kNExF6e-2FQvzWvrpfLOIXmI4-2FGMnpeFCmay0PMKN53-2FQ6jYyBtH8aR8JFs8BhbQdGQP9tDru83lOXy-2FNdatgyeZMIx-2BvI781sKgkBr3eSPJn-2BFZFLkDDqZl5OwlE5BiL0L-2FeFx9NYfYRUjJog', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e68_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_e68_ConnHashTable<3688>_HashTable_Mutex"\n "IsoScope_e68_IESQMMUTEX_0_519"\n "IsoScope_e68_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e68_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3688"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_e68_IE_EarlyTabStart_0xa10_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3688"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.120:80"\n "52.25.204.60:443"\n "209.197.3.8:80"\n "142.250.188.10:443"\n "18.155.202.116:443"\n "172.217.12.104:443"\n "54.161.241.46:443"\n "185.199.110.153:443"\n "108.138.245.108:443"\n "142.250.191.74:443"\n "172.217.164.99:443"\n "108.139.1.40:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.251.46.238:443"\n "18.155.202.12:443"\n "91.199.212.52:80"\n "204.141.43.48:443"\n "136.143.191.144:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crt.usertrust.com"\n "maciejsawicki.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF3EF.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003216"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fe14b9e5dab5b2dea0a2754_nav-onboarding_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f098f011ed08c55c1c6_nav-travel_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fffc8d255c2700249c77f91_icon-arrow-rigth-wh_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e333be007ebd657a9e2_Powerfull-notice_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "625514f697cb9539930c08dc_arrow_lists_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ad16e1b572e8f24659_nav-compliance_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d39997f0b639e8d1db34_icon_solutions_4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff5c5146d1b1ad22260e36b_seamless-integration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb58c9b980b499eebc9666f_nav-fraud-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f03728d607c48960ad7_nav-educational_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73c18f306a879a966_nav-law_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f03a68318a6830bfa8d_nav-ecommerce_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6307aad46dbfb3ff5914cc43_arrow_direction_right_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b4e74d60fd6b7c05e3_nav-kyc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003216.00000000.66665.00C41000.00000020.mdmp\n 00000000-00003216.00000000.66676.00C41000.00000020.mdmp]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter")\n "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-20', u'name': u'HTTP request contains Base64 encoded artifacts', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1132/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1132.001', u'relevance': 7, u'threat_level': 0, u'type': 7, u'description': u'"n"\n "v"\n "f"\n "9"\n "t"\n "="\n "<"\n "6"\n "`"\n "X"\n ">"\n "c"\n ")"\n "A"\n "w"\n "L"\n "u"\n "L"\n "y"\n """, "L", ";", "J", """\n "<"\n "2"\n "}"\n "2"\n "S"\n "0"\n "y"\n "3"\n "h"\n "~"\n " "\n "b"\n "v"\n "t"\n "\\"\n "U"\n "E"\n """, "5", "N", ".", "\'", "\\", "`", "k", "~", "0", "{", "=", ":", "P", "t", "Z", "f", "/", "1", "6", "I", "d", "h", "q", "D", "j", "0", "6", "2", "f", "O", "8", "*", "b", "E", "i", "-", "\'", "`", "p", "X", "I", "2", "\n", "x", "L", "4", "v", "F", "q", " ", "q", "E", "T", "m", "Z", "a", "e", "x", "m", "o", "A", "#", "I", "\n", "8", "D", "K", "I", "6", "s", "j", "]", "B", "l", "Z", "#", "M", "q", "A", "@", "R", "C", "D", "^", "T", "/", "k", "!", "y", "a", "F", "2", "z", "^", ")", "C", "(", "w", "T", ":", "G", "E", "a", "m", "F", "@", "185.199.110.153
2023-05-12 02:54:20HTTP Status CodeNoWeb Spider0040None200https://funny.battleb0t.xyz/gallery.css
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.207): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneVienna (Net ID: 00:09:5B:B1:9F:16)33.617190550339146,-111.90827887019054
2023-05-12 02:53:17IPv6 AddressNoMnemonic PassiveDNS16010None2a06:98c1:3120::1ayhu.xyz
2023-05-12 02:59:59Affiliate - Email AddressNoE-Mail Address Extractor0030Nonerobert@broofa.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66
2023-05-12 02:53:20IP AddressNoMnemonic PassiveDNS0020None64.226.81.43kekw.battleb0t.xyz
2023-05-12 02:53:32BGP AS MembershipNoCensys0020None54113185.199.111.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneBSL (Net ID: 00:02:2D:39:EF:C9)37.7642, -122.3993
2023-05-12 03:10:00Affiliate - Domain NameNoDNS Resolver2050Noneondigitalocean.comnetherlands-18708423.mongo.ondigitalocean.com
2023-05-12 02:59:56Affiliate - Email AddressNoE-Mail Address Extractor0030Nonefernando.r@alliedglobal.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'Voicemail Message (Elodie Raven_ Fernando R ) From_(178-077-5401)_part_001.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:443"\n "185.199.110.153:443"\n "13.227.74.112:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5828:304:WilStaging_02"\n "Local\\SM0:5828:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8140:304:WilStaging_02"\n "Local\\SM0:8140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6188:304:WilStaging_02"\n "Local\\SM0:6188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"\n "zeptojs.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n Dropped file: "product_page.js" - Location: [%TEMP%\\5828_1708721866\\product_page.js]- [targetUID: 00000000-00005828]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\5828_946205218\\adblock_snippet.js]- [targetUID: 00000000-00005828]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\5828_1708721866\\auto_open_controller.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_checkout_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\5828_1708721866\\shoppingfre.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_tracking_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005828]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00005828]\n "Part-DE" has type "data"- Location: [%TEMP%\\5828_946205218\\Part-DE]- [targetUID: 00000000-00005828]\n "6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp]- [targetUID: 00000000-00006188]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005828]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE]- [targetUID: 00000000-00005828]\n "75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp]- [targetUID: 00000000-00005828]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00005828]\n "7de06ccc-e1f1-446e-9777-eeec16b06646.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7de06ccc-e1f1-446e-9777-eeec16b06646.tmp]- [targetUID: 00000000-00005828]\n "e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp]- [targetUID: 00000000-00005828]\n "d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp]- [targetUID: 00000000-00005828]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005828]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00005828]\n "39d75e53-4923-4b9e-bc44-d169ef496172.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\39d75e53-4923-4b9e-bc44-d169ef496172.tmp]- [targetUID: 00000000-00005828]\n "72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp]- [targetUID: 00000000-00005828]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00005828]\n "8590c4d3-1805-4c87-83be-f642e5ed3447.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8590c4d3-1805-4c87-83be-f642e5ed3447.tmp]- [targetUID: 00000000-00005828]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\5828_1392880218\\_metadata\\verified_contents.json]- [targetUID: 00000000-00005828]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"\n Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki':
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-timer: S1683860053.299752,VS0,VE13{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None^[^_^_^Y^I (Net ID: 00:02:2D:6F:81:A0)34.0544, -118.244
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5b5dccec8f8690-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.168.252
2023-05-12 02:44:28SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:55:50 2022 GMT Not After : Mar 13 15:55:49 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67: df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e: 90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08: 2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01: c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62: 5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb: 5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3: 2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed: 49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57: fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83: 2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64: 39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb: fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf: 4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8: 0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74: 76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b: 97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24: 3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0: c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46: 67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88: 04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85: 91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80: bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f: 4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1: 29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95: 35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57: e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4: 44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da: 1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2: 66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16: 75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a: b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2: ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd: f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad: 19:0b:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 13 16:55:50.449 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:83:63:FF:85:C1:92:6A:F0:48:97:56: 6A:A1:9A:CD:CD:96:31:BB:FB:75:C5:76:C0:D5:93:B6: FA:22:8A:0A:B2:02:21:00:D0:25:C4:C4:9C:87:C7:8A: D8:88:7C:0F:ED:E3:EE:A9:F5:8D:1E:8A:7D:57:63:8B: 34:EA:A9:AA:0E:B7:1F:86 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 16:55:50.476 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:54:A3:38:5D:40:4F:67:06:7D:10:18:A9: 8D:94:8F:5C:FA:96:C9:CD:18:CE:28:22:68:39:92:D0: 96:C8:FF:F6:02:20:1D:2D:AD:B7:86:08:EE:7E:EE:05: FA:EC:70:98:F7:7B:A0:74:8A:7A:10:64:BF:3C:10:A9: 7A:16:EC:A7:CC:4B Signature Algorithm: sha256WithRSAEncryption 20:7b:5f:2b:bd:28:eb:4d:bf:d7:77:bb:a0:1a:8f:df:78:60: 37:c8:a6:0a:7a:b4:17:f5:92:59:69:c6:b8:6a:7b:eb:7c:d1: 4d:b7:1f:8a:b6:a8:fe:6f:70:f7:71:12:28:35:3b:1d:c9:e2: 3e:5a:b9:ce:51:09:75:8e:66:10:ba:ac:7a:bf:80:93:80:59: 81:68:1a:f1:4b:74:5d:68:98:fd:b9:d6:3c:7d:27:77:0e:6b: c3:83:68:c1:53:51:8c:92:a8:96:95:40:f7:6c:ab:93:47:5e: 47:42:3f:43:61:57:3a:c1:fd:4a:c1:60:c0:f5:9f:e5:3f:aa: cd:53:b5:a3:5d:e8:f4:0a:26:e5:70:df:34:b0:ae:1c:99:2a: 3c:31:a1:a9:06:b4:05:fd:9b:44:cb:42:87:c4:a0:d2:e7:7a: 95:fc:6a:ad:e6:f1:50:0d:21:cd:f5:24:0f:dc:98:36:59:3b: 40:6e:0f:4b:38:de:68:41:9a:1e:f9:be:5b:6a:36:f0:9b:22: e3:a1:e1:ad:96:f6:ba:a2:d1:f4:e2:12:cb:ab:1f:bb:9a:53: 07:6b:08:bd:4c:58:68:74:4f:75:3c:83:28:de:71:51:c8:1c: 8f:ca:5e:df:81:b4:f2:74:1f:18:af:29:fa:69:d6:b5:65:a9: 11:13:ef:a4 battleb0t.xyz
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:208387.248.157.102
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None10:37:58 (Net ID: 00:02:2D:28:06:03)37.7642, -122.3993
2023-05-12 02:44:09Co-Hosted Site - Domain NameNoSSL Certificate Analyzer2110Nonegithub.iobattleb0t.xyz
2023-05-12 02:44:17IPv6 AddressNoDNS Resolver0030None2606:50c0:8002::153www.battleb0t.xyz
2023-05-12 02:56:57Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:47 2022 GMT Not After : Mar 27 01:46:46 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73: ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3: 24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1: 1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c: 7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75: bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64: 25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35: 82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30: 5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5: 3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91: 70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3: 52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92: e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56: a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64: aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98: 02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b: 8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa: b6:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3e:fe:f9:21:a8:b9:ff:5b:d7:4e:56:e9:01:36:22:e4:80:7b: 32:28:4f:35:ce:d9:fe:79:61:21:91:08:a4:5a:99:cb:49:8d: 59:33:d8:1c:63:9a:1f:c2:49:d5:16:41:55:df:2b:23:f2:e9: b3:cc:0e:45:14:b2:fe:94:7d:98:ee:51:3e:fe:8e:d3:e9:26: e4:d9:13:e1:5b:9d:72:18:78:d0:8e:68:17:2a:3e:77:ec:ab: 7d:44:bc:01:fc:dc:0f:8f:d3:cb:10:ee:22:15:6e:05:13:f7: e6:22:b4:eb:f4:fb:8e:2b:69:d7:32:d7:d5:70:69:43:51:d5: 4b:6b:0b:f8:e5:1a:2e:d7:2d:1d:78:46:8f:ca:f0:7d:23:fd: 88:d0:03:3c:9a:6c:c7:d3:59:0a:bf:a1:53:93:a9:52:44:05: 4e:9a:e7:34:e3:cf:4e:d3:8f:b2:a4:32:fc:7a:56:50:19:02: 1d:b0:d0:f6:ba:1e:0f:f4:0e:1e:fe:53:40:02:f1:88:3c:f3: 9b:b6:f5:bd:4d:b4:cd:f4:5c:5c:d1:5e:1f:d8:bc:e4:0a:75: d6:3d:a2:7f:13:a1:4d:66:3a:7b:eb:4a:cf:7e:00:5d:ee:3b: c3:4d:5a:49:d1:0b:e5:67:dc:0a:d3:3c:d7:f1:60:9d:30:79: 0a:39:a4:60
2023-05-12 02:44:13IP AddressNoDNS Resolver107010None185.199.109.153battleb0t.xyz
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.12435.229.48.116
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget2020None000.github.io185.199.111.153
2023-05-12 02:58:43Vulnerability - CVE MediumYesTool - testssl.sh0210NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.ayhu.xyz
2023-05-12 03:31:33Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@namecheap.comDomain Name: ASHU.XYZ Registry Domain ID: D279374777-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2023-03-28T08:17:54.0Z Creation Date: 2022-03-03T09:34:10.0Z Registry Expiry Date: 2024-03-03T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant State/Province: Capital Region Registrant Country: IS Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: GRACE.NS.CLOUDFLARE.COM Name Server: LOGAN.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: ashu.xyz Registry Domain ID: D279374777-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-02-22T23:31:01.00Z Creation Date: 2022-03-03T09:34:10.00Z Registrar Registration Expiration Date: 2024-03-03T23:59:59.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Name Server: grace.ns.cloudflare.com Name Server: logan.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:17:37.40Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2052188.114.97.1
2023-05-12 02:54:30Physical LocationNoCensys1030NoneFrankfurt am Main, Hesse, 60306, Germany, Europe64.226.81.43
2023-05-12 02:45:10Raw Data from RIRsNoHybrid Analysis1010None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kekw.battleb0t.xyz/jar', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:348:120:WilError_01"\n "SM0:348:120:WilError_01"\n "SM0:348:304:WilStaging_02"\n "Local\\SM0:348:304:WilStaging_02"\n "SM0:7052:120:WilError_01"\n "SM0:7052:304:WilStaging_02"\n "Local\\SM0:7052:120:WilError_01"\n "Local\\SM0:7052:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:120:WilError_01"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-220', u'name': u'Executes batch file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1059', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1059', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Process "msedge.exe" with commandline "--single-argument http://kekw.battleb0t.xyz/jar" (UID: 00000000-00007052)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"64.226.81.43:49750"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kekw.battleb0t.xyz"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007052]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00007052]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007052]\n "Session_13324411891984663" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\manifest.fingerprint]- [targetUID: 00000000-00007052]\n "c920e640-3cd4-4291-b5a7-5ed9af660f2d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp]- [targetUID: 00000000-00007052]\n "8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp]- [targetUID: 00000000-00007052]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007052]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007052]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7052_1944693387\\manifest.json]- [targetUID: 00000000-00007052]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp]- [targetUID: 00000000-00007052]\n "Tabs_13324411893998198" has type "data"- [targetUID: N/A]\n "643a517a-ab51-4a47-a7fa-e8480b929b43.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\643a517a-ab51-4a47-a7fa-e8480b929b43.tmp]- [targetUID: 00000000-00007052]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokenAndKey\\LOG]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://kekw.battleb0t.xyz/jar"\n Pattern match: "Math.PI/180"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://kekw.battleb0t.xyz"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "kekw.battleb0t.xyz/jar"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\shoppingfre.js]- [targetUID: 00000000-00007052]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007052]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007052]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7052_16790919\\adblock_snippet.js]- [targetUID: 00000000-00007052]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\auto_open_controller.js]- [targetUID: 00000000-00007052]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping.js" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007052]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\shopping_iframe_driver.js]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.0battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None7567 3371 (Net ID: 00:00:C5:F7:76:3C)41.8781, -87.6298
2023-05-12 02:56:52Internet NameNoDNS Resolver0030Nonenwapi.battleb0t.xyz[{"url": "https://nwapi.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneCross-platform softwarecdn-185-199-111-153.github.com
2023-05-12 03:34:36BGP AS MembershipNoRIPE0040None4448645.131.109.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonedefault (Net ID: 00:11:6B:13:88:06)50.8897, 6.0563
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0030NonePEER 1: http://www.peer1.com/64.226.81.43
2023-05-12 03:01:00Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.105): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneMy Passport (2.4 GHz) - 07B79D (Net ID: 00:00:C0:07:B7:9D)37.7813933,-122.3918002
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneMCName (Minecraft) (Category: gaming) https://mcname.info/en/search?q=battleb0tbattleb0t
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneAudiojungle (Category: music) https://audiojungle.net/user/loginlogin
2023-05-12 02:54:23Open TCP PortNoCensys0040None2600:1f18:2489:8201::c8:802600:1f18:2489:8201::c8
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneIceland Domain Name: CLOUDWAYSAPPS.COM Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-09-12T18:44:13Z Creation Date: 2012-01-04T12:17:34Z Registry Expiry Date: 2028-01-04T12:17:34Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-1086.AWSDNS-07.ORG Name Server: NS-2016.AWSDNS-60.CO.UK Name Server: NS-222.AWSDNS-27.COM Name Server: NS-854.AWSDNS-42.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: cloudwaysapps.com Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-06-22T11:27:03.11Z Creation Date: 2012-01-04T12:17:34.00Z Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Name Server: ns-222.awsdns-27.com Name Server: ns-854.awsdns-42.net Name Server: ns-1086.awsdns-07.org Name Server: ns-2016.awsdns-60.co.uk DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:49:22Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_86c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_86c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_86c_IE_EarlyTabStart_0xb4c_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_86c_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2156"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_86c_ConnHashTable<2156>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_86c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarC7FB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC87A.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003280"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC7EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "_1281DC16-BCE6-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003364]\n "RecoveryStore._62E344AD-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "9L52N55G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9L52N55G.txt]- [targetUID: 00000000-00002156]\n "ISM1RHVV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ISM1RHVV.txt]- [targetUID: 00000000-00003364]\n "1Y9ROK9B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1Y9ROK9B.txt]- [targetUID: 00000000-00002156]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "0JE7DDOB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JE7DDOB.txt]- [targetUID: 00000000-00002156]\n "DE9QSFBN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DE9QSFBN.txt]- [targetUID: 00000000-00002156]\n "59XOOQKO.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\59XOOQKO.htm]- [targetUID: 00000000-00003364]\n "QJEP1X8E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QJEP1X8E.txt]- [targetUID: 00000000-00002156]\n "_62E344AF-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFEC7BEACF44F2BD56.TMP" has type "data"- Location: [%TEMP%\\~DFEC7BEACF44F2BD56.TMP]- [targetUID: 00000000-00002156]\n "CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC879.tmp]- [targetUID: 00000000-00003364]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003364]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003280.00000000.65937.003B1000.00000020.mdmp\n 00000000-00003280.00000000.65970.003B1000.00000020.mdmp]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"\ufffd\ufffd\ufffdy\ufffd\ufffd\u01b6gb^\ufffd\ufffd\ufffd}\ufffd\ufffdi\ufffd6\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdGU\ufffd=F\ufffd\ufffdo\ufffd\ufffd*\ufffd<hB`\ufffdw\ufffd[,\ufffd\ufffd\ufffd\u04bc\ufffd\\\ufffd\ufffd\ufffdu\u04ae\ufffdWW\ufffdOU\ufffd\ufffdVW\ufffd\ufffdG\ufffd\u06f4\ufffd#\ufffd\ufffd\ufffd0:W\ufffd\ufffd,\u0151\ufffd\u0491Z\ufffd7{\ufffd`!3\ufffdx^O0\ufffd\ufffdM\ufffd\ufffd\ufffdU\ufffdS\ufffd,\ufffd\ufffd@4\ufffdF\ufffd#\ufffdmG\ufffd\ufffd\ufffdg\ufffd\ufffd\ufffd`\ufffd\\\ufffd\ufffd\ufffd\'6k\ufffd4\ufffdNXr\ufffdm&\ufffd?\u02db\ufffd\ufffd\ufffd\ufffd{\ufffd.C/!\ufffd\ufffd\ufffdNTf\ufffd\ufffd|G\ufffd6\ufffd:\ufffd7\ufffd\ufffd\ufffd\ufffd\ufffdmr\ufffd\u061b\ufffd\ufffd\ufffd<\ufffd\ufffd+\ufffd!\ufffd/\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffd\ufffd\ufffdL\ufffdC\ufffd\ufffdp(\ufffd\xe1\ufffdKRX\ufffdd\ufffd!<\ufffd=\ufffd\ufffd\ufffd\ufffd\ufffd\\\ufffd\ufffdz\ufffd\ufffd\ufffd\ufffdJ\u0522\u0277\ufffd\ufffd\ufffd\ufffdL\ufffd\ufffd\ufffdo\ufffd\ufffdM\ufffd:\ufffd\ufffd\ufffd\ufffd\u07c5\ufffd\ufffd\ufffd\ufffd\ufffd\u05cd|\ufffd|,d_vQ\ufffd\ufffd3\ufffdB\ufffd\ufffd-?\ufffdi\ufffd\ufffd\ufffd\ufffdT\ufffd\\\ufffd\ufffd\ufffd\ufffd\ufffdu\ufffd\ufffdW @\ufffdA;0,\ufffd\ufffd-\ufffd\ufffd\ufffd~\ufffd\ufffd\ufffd\ufffd\ufffd{0i}(\ufffdAw.R\ufffd|\ufffd\ufffd\ufffd??.\ufffd\ufffdpq\u0259\ufffd&z\ufffd\ufffd\ufffdg\ufffd"/\ufffdQ\ufffd\ufffd\ufffd}\ufffdyj\ufffd\ufffd[f\ufffdS\ufffd2&Q\ufffd&t\ufffd/\ufffd\u077a\ufffds\ufffd\ufffdD\ufffd\ufffdA\ufffd\ufffdz\ufffd\ufffd1CSp\ufffd }\ufffdz4\ufffd\ufffdQ\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdD\ufffd\ufffd\ufffd|\ufffd\ufffd4\ufffdq\ufffd\ufffd\ufffd\ufffd\ufffdT\ufffdO5\u0175mz=_\ufffd\ufffd\u02ad\ufffdh\ufffd\ufffd\ufffd\ufffd\ufffd]\u061b\ufffdh\u039e\ufffd\ufffd\ufffd\ufffdXI\ufffd185.199.110.153
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha1-etm@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:03:17Internet NameNoDNS Resolver0020Nonewww.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d
2023-05-12 03:10:24Malicious IP AddressYesThreat Jammer0120NoneThreat Jammer - Risk score: 40 (MEDIUM) https://threatjammer.com/info/188.114.97.1188.114.97.1
2023-05-12 02:53:35Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://shivanimakvana.github.io/netflix-clone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://shivanimakvana.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"iexplore.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 762E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l1-1-0.dll" at 75A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 76620000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 77940000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 77990000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 76960000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-version-l1-1-0.dll" at 75820000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\version.dll" at 74C70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-user32-l1-1-0.dll" at 75800000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 76550000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 75B90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\lpk.dll" at 76070000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\usp10.dll" at 76080000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-normaliz-l1-1-0.dll" at 75830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\normaliz.dll" at 76130000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll" at 75840000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 764E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 000E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 75BE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 75AC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 755F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shell32-l1-1-0.dll" at 72980000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 76BA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\fltLib.dll" at 6CBB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-core-synch-l1-2-0.dll" at 721C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 75430000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 70E00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\webio.dll" at 70DA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 750C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wship6.dll" at 750B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 74C50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winnsi.dll" at 74C40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 768D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6F2B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 738B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 75100000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 00F90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 74E90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\RpcRtRemote.dll" at 75690000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6E4D0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\ieproxy.dll" at 69B60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WSHTCPIP.DLL" at 74B70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dnsapi.dll" at 74F80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rasadhlp.dll" at 71F10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\FWPUCLNT.DLL" at 73620000\n "iexplore.exe" loaded module "%WINDIR%\\Fonts\\StaticCache.dat" at 03630000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 76140000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 75720000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 758A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wshqos.dll" at 70F30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\credssp.dll" at 74DC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\schannel.dll" at 74F00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 75230000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 75210000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 74DD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 759F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gpapi.dll" at 74CD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 75C80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 75850000\n "iexplore.exe" loaded module "%WINDIR%\\Globalization\\Sorting\\SortDefault.nls" at 00B90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieframe.dll" at 6D200000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 76770000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 766D0000\n "iexplore.exe" loaded module "%WINDIR%\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\\comctl32.dll" at 74650000\n "iexplore.exe" loaded module "%WINDIR%\\WindowsShell.Manifest" at 00E70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 75A30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 76540000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 75580000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\IEShims.dll" at 69B10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\comdlg32.dll" at 75C00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcss.dll" at 00590000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 743E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\urlmon.dll" at 76390000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-ole32-l1-1-0.dll" at 75810000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wininet.dll" at 75DC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 757E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 75700000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 73E30000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\sqmapi.dll" at 721D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l2-1-0.dll" at 71450000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat" at 005A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll" at 69740000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 73C60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 73C50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\srvcli.dll" at 75310000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 73C40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\apphelp.dll" at 755A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 758C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 75710000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieui.dll" at 69A90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\user32.dll.mui" at 01050000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WindowsCodecs.dll" at 73CF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 6D110000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaccrc.dll" at 021F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ExplorerFrame.dll" at 71470000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\duser.dll" at 73F40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dui70.dll" at 73FB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msimg32.dll" at 72210000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\msctf.dll.mui" at 02940000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 735C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 74B80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mlang.dll" at 6CB80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 74420000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 74C10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Wldap32.dll" at 75A70000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000030.db" at 029B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 666E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 65290000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 029A0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db" at 02AF0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 029E0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver185.199.109.153
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.5): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:67:D8)50.1188, 8.6843
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.159): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:29:45Blacklisted IP AddressYesUCEPROTECT0130NoneUCEPROTECT - Level 2 (some false positives) (46.101.229.70)46.101.229.70
2023-05-12 02:44:27Software UsedYesTool - Wappalyzer0020NoneHTTP/3nwapi.battleb0t.xyz
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None172.67.168.252nuke.battleb0t.xyz
2023-05-12 03:10:23Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0040NoneVOIPBL Publicly Accessible PBX List [207.154.224.0/20] http://www.voipbl.org/update207.154.224.0/20
2023-05-12 02:55:14Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://itm4n.github.io/lsass-runasppl', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.251.46.234:443"\n "151.101.1.229:443"\n "142.250.189.163:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e10_IE_EarlyTabStart_0x784_Mutex"\n "IsoScope_e10_IESQMMUTEX_0_331"\n "IsoScope_e10_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e10_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3600"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e10_ConnHashTable<3600>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "magnific-popup.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF15F73B092E2A1400.TMP" has type "data"- Location: [%TEMP%\\~DF15F73B092E2A1400.TMP]- [targetUID: 00000000-00003600]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "L4C1VR4B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L4C1VR4B.txt]- [targetUID: 00000000-00003600]\n "~DFE6DB0B57F3EA4B8A.TMP" has type "data"- Location: [%TEMP%\\~DFE6DB0B57F3EA4B8A.TMP]- [targetUID: 00000000-00003600]\n "clipboard.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_01DE0D99-B1E0-11ED-B635-080027FA00EA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "lsass-runasppl_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "localizedFormat.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "GS7U5M1T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GS7U5M1T.txt]- [targetUID: 00000000-00003600]\n "S6uyw4BMUTPHvxo_1_.woff" has type "Web Open Font Format TrueType length 34020 version 1.1"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "simple-jekyll-search.min_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "bootstrap-toc.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "lsass-runasppl_2_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_0C8AED11-B1E0-11ED-B635-080027FA00EA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bootstrap-toc.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://itm4n.github.io/lsass-runasppl"\n Pattern match: "https://itm4n.github.io"\n Pattern match: "https://itm4n.github.io/lsass-runasppl/"\n Heuristic match: "Lsc\'.si"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /lsass-runasppl HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: itm4n.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 301 Moved Permanently\nConnection: keep-alive\nContent-Length: 162\nServer: GitHub.com\nContent-Type: text/html\npermissions-policy: interest-cohort=()\nx-origin-cache: HIT\nLocation: https://itm4n.github.io/lsass-runasppl/\nAccess-Control-Allow-Origin: *\nStrict-Transport-Security: max-age=31556952\nexpires: Tue, 21 Feb 2023 13:15:27 GMT\nCache-Control: max-age=600\nx-proxy-cache: MISS\nX-GitHub-Request-Id: 285E:9A97:2F5E56:376309:63F4C196\nAccept-Ranges: bytes\nDate: Tue, 21 Feb 2023 13:05:27 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10044-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1676984727.973288,VS0,VE86\nVary: Accept-Encoding\nX-Fastly-Request-ID: 8917d38f4255e27c3ee7d2913db826c19a210b67"\n "<html>\n<head><title>301 Moved Permanently</title></head>\n<body>\n<center><h1>301 Moved Permanently</h1></center>\n<hr><center>nginx</center>\n</body>\n</html>"\n "GET /lsass-runasppl/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: itm4n.github.io\nConnection: Keep-Alive\nDNT: 1"\n "}rF;fRR,KrlHtrR5U $a4 *v.@%gX^z{_?t~"YEFZH;x/?~(2eNo_Ld1kYKwo]rif5^6?!|7p\n~wCqGWN;C?j#jzjnq"lG{cST|qL]4 H]:??[vNA[]#J;=`w?e$R,nih$G\nAX30G^<QBFn?@\n;}@(pgq-)J)Ro&\'Y[yRF"o2v3\nL[q\nI\nq*&naG\nf@&.!_R)@B6(sx>StA<qDi@0TUQ[s=gMX\nlq*-_jp\'jl~$Y<\n__GG UUiQ~@Uj\n_oksl8O{{lnuM\nM=MMc$X8baYNF<^87YkX5mzIk)S6/=x9+A]ZRb{-4eHF+:5: eEwI--K4xa:xAv\\\ndIO2V>;uj}y7BLup5wmuu\\z/gzJJDl\nz7$mj2N]K<\\PI56\n#Ano\nnkqLMT%tU}HeK%gt4\n\'PK/tq%JP2FpN!8I|!~R2o}*L SGKB@/wB/\':mG2[|[lHrvJm};tC?2oon~*Ik1 w$8SY&/w:gP>#Zw/wn{Fx]\\G;We2J*/V", ":$N0]U:O?`/kT~p\'0 he/_L}|y*<D+[3z/Lt/mjW/N{4S/QSdi>b\nMU3_4):GKzDOqBJVb}LD`(oD`N$,Yj2\n^ATkug@"Zkkm#5 A?\n=U@XwS(C@MuQHU4D1! JwZkl8=avM*[D4D*(^_(mX|-%6|r\nfgY<MG4AHpm2K`\\U\ne;gM1|ok1>xfY:3iy#.jS7Fs\n3[J FK\\y`\n"w@PHN~<L`@"$f@co}W){{lO7D,d*>o[ZLpe;d`;Z<bzIB{i-d~ZiNg`@vZB(,DT)oAdn\nR@08s+)}O[M?8@GFQ7*GFnOxH83cLQ<-Fp1bxyKpL=bQ\n/2M]aTVdHqoc=y]C:TPT}j-!?YSPU|m @aDRuo~\'Nwsr$rXh\'b2~c1a?(]O"v|47:x*tV n&G,K<`H7\\w/NO.+sGKA/NuCn@GoNX;t^"9?bPzW5!i,2b}a$SP::JE#^s,*I\\HE 4Ru#TXmlGL9:vU-a~J7qM\n>*bBVCE&8:C)=WVFLj0TQZi\n((lMO2CX}M|KH;I=g-C8l7HogoP2V}v)Jn?}[", "k;YFDF*JpP#[K*j^njV4mf:4G|!-;-{<t*@;&x8l"9`e\n]nmF/FlhlojNH\nU%p:%G0r]\nzz#8f_w5Olio]ccu\'Q;3C;dKyj0\nB/dh7v};OvpzqLJ 2?OB=ac&x!pwhAEpYK-QJ_M%$5[Z~)#D31]FqZL~bM>cQ$_~c=>D}c(*S\';Cq/:Vt\\^/hp"ArZ?z)rj}`*\nqZ3e1Zi1*(4|\nP)B\nTh\n$8\\a-N1^THp+i.|pR#gm`"nuKlJJ-j3\nBGJ3&DQ~NO!QQp|(\'4G 9<pS4M0J2O]Khz=@La2z2AHB~hsN@DI;9Z$,@q7iqD=Qh/NjAC*\'<Eq&HX\n1L_2)GJpU%\n8Z5$1KaxV+y@C7aF\\u8:fx6u:XwSoAx"\'fEjc:<8)Tk9;N!Q<tYKA_I0@*!4?W!\'!ZS"KZ@998s(TG#R|k5"qed c*tj5 Se[d~jUkpES`\nqO`DcUID|<\ncT[lz*{$X\n(UxofrN]W"G"X~4/kM O|xn A^,Y.`lcNf1}|gc\n?mJD`QSP3x0 ?$tCiTjj+&{W`3);iQp9LC)BSjbR mN\\rx", "QG`\\-*(9i@$&h~j)V DOLE\' JCR(\'VU@mpu`CYR@dXkPl+[@[+40!HHm4`jE\nN||^l1@BI`k?U0}sn2|H6yh>W\nK_pC>\n\nA<4l~Z]ZP5*4$q\\ZY2%!Fk Eq`Jx=I~GeVjkC6\nK0K-pXp>rl=Z8}.GuP)k+3f(FQ$&6g@p\nc.qRfLJ0*;+Rx{%]==\n*\'|4S;xE,mHo+CLqc%Je+@BeymB-6dTjnI%uE8thbk2SjA&=2w%nen&0Us4<1hT6V$&ZE11Lqd0Qbzpc}K.z}8Lf \nS<\nh&Z~!ZGR"FeE?T\nN#!L/B.8Gq=`TV4mUxl@6iBT}V3(E\\nQQcr>?2\n C9b|}$k6"zN1:>Uz\n\nBI,%) ~$(XcjBtpq6Wr`3~++g"aNGM8QUd~5G<Z<l\n?"lqrR%\n4DhX#=o< Wgn$ue_\\x2ZKL8zEWlnA(;0,G}qC.y"[3ZTKx<G\n>]D+^Kv1p(6J^0XfQs\nH=u1bD\\egp+", "wB?"_kQq;fEB[*11 BJ+(sp6X%S00[L1(DP%26x2&\n@M8B8QK\ng"N3D$mFgONy8a~\'n%D7)McoCVKy\n\n8?Z;z\n#paI{{QHtq@\nVtb>J^)^S+eg6o6?qpO\\v\n@~eiPP0lbG`N`Od!?arYxfqG\\\nPk)$AL~g(wg;Orsw n\nu7\n6[+pujp%>fuu*l7D@YI\n"+U ~$M(1yE,IAtp[GI`G*3Nv N&\nfaU:wgS9D1/2kCOU?m0%iI`cGv>zg?n>vuwp_U[L7sc@UKcUu1w|CPn3=lPRK,G\'xyh\'?}<}wwqfWt>dvz9]5=WE\nn47>wW!DF&e`!&_],hTr:2[If/rBq,a>!h}~5XAu`DZpFb>73O\\|Pq0f:\nwN1&e~W*e}I"WWxQc4)p+}Tw=;mrLqRX3A\np]WZanUR~m:#Sic-al+Mk{3k\n2kg!(Fq]4"?L=/ JrMgsg\\0f-5z^%dPUfY66#q:S60p~zlMd\\Bu]GhB6,.gw$h%Mws?c-Ho_[/L]1-dN3HJ^T9/& a(", "3nvE{A2gr4l&m 1!JvI/?0\ni(lUBRh<ei3%f!\'D?@cSt/+1$#Cc&eL+t"_4q?V1\\O\\>h2e+)pNDSA`OtSn:*"x|0cd+@b`6.AELXrj*A$J(^Ld"ob6TugT+hEmRqFIJe:l "U%e]QPM| :t(`NP^#d%]M5j{h;Cs\nx_*.~K!\'V3)+g\\}4q2tv im\n2"">a6,QjlWHQ jEL\n($x(&j\'CYvL#<XI,k06xCVf3X0\\z7}\nyA\'/#+9\'omM50@GL|lQ0jo*?H\\#6_rG)4)J<z>T,:Dc_dglZ9U9/j+!6K)Iv%1\n4BlKR\\*+`s 4QV*YC$B)!|!ys2jaWP=;u)a(R7g`)bB1\nia-2Is_A& u0$0(iLa[}~\njW9pZz\\)HxR${!~_AZ&Wjkb^DNuX\n\n8x6!$5CZ/"E185.199.109.153
2023-05-12 03:16:24Raw Data from RIRsNoipapi.co0020None{u'region_code': u'NH', u'country_tld': u'.nl', u'ip': u'188.114.97.1', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 17231017, u'country_code': u'NL', u'timezone': u'Europe/Amsterdam', u'city': u'Amsterdam', u'network': u'188.114.96.0/22', u'languages': u'nl-NL,fy-NL', u'version': u'IPv4', u'latitude': 52.3759, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Netherlands', u'country_capital': u'Amsterdam', u'org': u'CLOUDFLARENET', u'postal': u'1012', u'asn': u'AS13335', u'country': u'NL', u'region': u'North Holland', u'longitude': 4.8975, u'country_calling_code': u'+31', u'country_area': 41526.0, u'country_code_iso3': u'NLD'}188.114.97.1
2023-05-12 03:33:13Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5e7988238a')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="y6.jA_9kQFy3M6YOg.QQj0I7RDwRq_S0_mJGsO_2b80-1683861862-0-AcgqVWkb5rc1wRzq8CruZzqixRf2dFZvnnpeMqPo3y2RR7Jx_-WXovg8bbE5-sP--_UlGfcV7z4_V2dzBcMQgc0YMGe-kEUsKgbTagVXmpUA4ghc-4PKKMUpkHtuZz1pOKMcK0utLj3hccZMUZnWLxuhkTuTIuQG4o4TSyLTO5DkVUoXElS5eAJBZDveAXcM-BMmbtyiS5OZrdIj-mSAmfLaL706pmvV2Fnl5vtOScBdKynAsN6R2sxLPULzhy1STjWMiZSraZ6Ew2wxtjJHN1h4TKQbcQWPXgeC7N8JO4M701hR33k8KGtSEURoh0GVidfXau0xJ5Jr_OGYkw5FwTBNxUlh_dNr8sS8DOR88UaR5CKeXC5a8lA8uHqsSe_vEPdtQ6ldEQsz8iyhLDK-toyNqpISWEaAU-LNzhQYcTSFycIkBAwjz1zpN5j-awjwVXg6RSi8xKpcwkSr--vTKuOd6x5Ta6zVKvVa1ZDb1BUG5hCEGVVAylLih2TiGym6K9ZGtKfmo5uFC383bpOhjywcXyRzMeHVb0-6rTS3z63iX3ajtvlcxXXHBtT7ZYhauWYn6f0gWo9iG78z0gFNWMboZLU8duYgFtCeIooI5W88WdaOwHui00SnK7AZf-I1NO1RlI5CzrcfcBEcVnBP-f_yBVIgGca2GM5pwr7RuguWROnl62QKlF8-RLW3LA5gZmJXKAJZeG1tfcH7m64xxmCx5ACGWrjrUMscOUmz4eHVBUSovlHfs3fcaIk9rIcxhwwBJRVDZ7oKn49L5lwNMgQFGDH_uzu8lK7M31bKNSdUqZK_4nMd7x2dSJvuX6x1f0d5_OcVPHJZxZ3t19Y2v21qYtJUwk_l3orppRJLdYFyIFSiVGRp27InLA-bNsaoFJuYkaXhMvKIRYQcI57Gu9t5UJBJyHfItWPN13CPHmTRR-xesXCsUCGNSlrn27LW82G3vB0LsnqsDVH9D7CmoXk767loN6MRiMM6E9lV7pktIJEgRREZerErCz-Gw9056q07NCPJYQafcy44fhA0Ayu8GVn0zQYz2hW6ho8NtCxWLxQfDeVyMn6PMsg4IcHVBtGEwWH4OhHGTM9Y96fCik0WwBZwbXdS00HiRtlSReGbhDYPFuGYXFHlUkiHUQ8TNNjJwXP8HrnSnr-Tv6HMk8DT21iZM1t8Ws-Z1VPVHIUqMpqoj6bYoJTKdTHCyWVXSoymcDjiiAr_dGcQ70iCvCfjEHAw9_ZFb11mKAVckSFfHs_OhqOxwVZ8fWFWX5CRVYjb8-2Mg4cL3IvIHLOVh97Eo-8uZhAyESkAuV2iGT1_77CGqcRlglDGfKHj9D0j_GrA2lys8V_W4n84xH9sB9BtW8YrWDnEH4r1lV4ZaxbUDArRwxqP9P1FzSMMjtcVzsgzIRpF2ste2ogtL1ku1f750t7TYDkzGvNZnmSp--sTxTZcyZjvZuT-kxIOnFkQudjV92D0dpRia33x6FdgV44_rvGqDtNVBEvpDVRPc5F7iWJTGkpG_0wSt-t0pHAlpnVj5960VNsQ1fIVqzIjyeTRIupoKny56OID3zofBUX9GXMMvftzuBxkvH568kA-nhoghfb5gJUTU4dQVs3R3lvIMsLJW_0OugCzVwa7bbjSi3yNlNTmyyZSUaQHqMOYwEHt04GQZ_JQBpDCQvIGLq1fOLeArqr97ZPrGgk_x7n2c6MIQK0vFFlSI1sI8OS4yi8D0V-GNr2Bt_G2Ue_TKIZGNfQPaWAM0jGlpc1nPWIZS-sYxW-8ui-6eexGBFZ5-zLr2uaHNG_xNol2Di7iRI4TW5JoZOZTUx2wSZVCmafA5viAw12czMeK4Ymm36GiAo0mTnIrrghObXpHRydCjEOD-ie6KdVTajZGWvZP24dk25nzrx7uELmxfIPaAvIALx9AdiYBCbeQ0Yz_UH9uDQF6Eh_AqthmXwQQH1F4IA_32McFzcxir6Txr6Mur3t22mOZF963IcNMqvP7vPcccq_rufb25sF8o6nhmaVg8cgPEKIwNeq8Yai0pVnLlllLMVSWIHePNfLuLOdg9LDG1pq1rafu4Rgb-yc2Aoh4enGvHZkuRe6wlOLCDdREAADDoXkFVowEW_DGLxK1pMON0uU78NiTV9_r2o4osZBaOPn8heMmK90xPpnLokgH3gubppwq1gfmaT0RIIPWt7RVKpJRXQ_wSjLVjILALRXQY6PbelUym6TQ1z5fJfHRmrHxVnQvY6aogsFcFGtQVSrl8OCNEwv9P3oaH1GWxoSabHdrSKZmlLs2m-l9LJf4El9FKIA3NBr09u94xMLRSPmEHb4Ol-KPCw5RJiAwyBy2nrohjehlLLjGIgbGh_hTPi8G-yGwVEOyQB8GJBts_O8-g8mz65tw5NpdS_SbFPOasS6txd-b_DzeOnkkcJgqOwM_x3VH39HvzlVBkxqyTu-7yh1ffXA3EAxe-TkXe6foRnX1wH3iJh2_MCDDGxTOkk8Xj59t6wAawmHCKnU2CvogDUE"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '13063', cRay: '7c5f8c5e7988238a', cHash: 'ba708169066f393', cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'YtLw1r+G4BXsd0FkRMvka85wm7Lw/iR0rXUYENjW5JZbvNWZBYa0q0+Il8LjyNehJabAqUtaWf767wbCNaYgySnBqnpPsMoOa0cKWt1fZp4gdy+C8LU/pGEGRmyTt+1SC3FdTYu6cI8WiDs6EYfaolZ1Q4GzSM9aW8XcriqivgIDXT1BzBjJwTzpAp1U3aRGBhldnftnEosz5IN8cZ/ZfjD59KxZxCk4YJ82hAC/4p5NK53nkqtCB8+yebFdC+eEhhByuy+cDGuW019GQtjFSS9CeSHMkq0X5vvnjvWzUwgZWatWT4cb7H1DRCSbe56JnIW2SqUEUemPQIyx8r8XETw2r/jfEGJaIkWc0xNQcTIwyTo7s7DjvWVDpJZwE8RGlfo+XMla1yJOLJeQ4p8yS62WkxGCezqaUSIRC9W7/EJZB2hizQMBsQ33Qut7vH5/uRFNuCVFUoIv1B6FDgjnGpAfl6VMz5kByy7JL0ytkDTuSpiY63YcvOGMdbIIR3h4udGCBX1zULf54DaAq4yJPJFFrDJ28oS3TKgFFoFGJa2VsTR4xn/6LIYLPcOgI6uz', t: 'MTY4Mzg2MTg2Mi4xNjAwMDA=', m: 'c3pqWAYwgRkhuI1rZgTpwNhg2e/0sRGYZUtHGzVigsI=', i1: 'NNf66iKUbSi3dpVZsq8TXQ==', i2: 'dYlWHTj6TB0dDvgfdZy2xA==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5e7988238a'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5e7988238a'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneMOZAMBIQUE345 (Net ID: 00:01:E3:54:D4:57)52.3759, 4.8975
2023-05-12 02:54:57Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-08T23:15:43.655Z", "ip": "2a06:98c1:3120::1", "location_updated_at": "2023-04-30T00:57:18.734276Z", "autonomous_system_updated_at": "2023-04-30T00:57:18.734351Z", "location": {"province": "England", "city": "Hounslow", "country": "United Kingdom", "coordinates": {"latitude": 51.46839, "longitude": -0.36092}, "postal_code": "TW3", "country_code": "GB", "timezone": "Europe/London", "continent": "Europe"}, "dns": {"records": {"karriere-job-booster.com": {"record_type": "AAAA", "resolved_at": "2023-03-23T15:40:36.428770073Z"}, "uncoveryourconfidence.org": {"record_type": "AAAA", "resolved_at": "2023-03-24T20:43:37.500409594Z"}, "panel.moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-28T16:39:39.161526355Z"}, "sub.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-10-03T20:37:50.410080500Z"}, "kfplastics.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:37.294872821Z"}, "ozvi.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:04:48.328410124Z"}, "romainebrain.dev": {"record_type": "AAAA", "resolved_at": "2023-02-18T04:11:46.139927410Z"}, "persaldo-treuhand.ch": {"record_type": "AAAA", "resolved_at": "2023-01-07T12:29:30.392242949Z"}, "133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-10-05T17:45:47.967622672Z"}, "static.sampledu.com": {"record_type": "AAAA", "resolved_at": "2023-02-01T22:23:03.363402875Z"}, "cpcontacts.madares.app": {"record_type": "AAAA", "resolved_at": "2023-04-16T12:14:57.712576745Z"}, "vadyba.lt": {"record_type": "AAAA", "resolved_at": "2023-03-19T16:29:40.486687881Z"}, "openspeedtest.ovride.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:05:02.904720123Z"}, "www.3e-wellness.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:03:48.794666765Z"}, "sign.moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-28T16:39:39.465293148Z"}, "405.hjs.my.id": {"record_type": "AAAA", "resolved_at": "2023-04-12T11:14:59.074372516Z"}, "password.moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-25T16:38:19.046997106Z"}, "mail.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "www.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-09-25T19:02:08.754559807Z"}, "beautybeyondhair.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T18:46:00.761081322Z"}, "beautybeyondhair.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "askapkmod.com": {"record_type": "AAAA", "resolved_at": "2022-12-26T12:52:46.077237913Z"}, "gbdfdm.cn": {"record_type": "AAAA", "resolved_at": "2023-02-17T02:28:21.988085793Z"}, "www.cylindermowers.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:39.710895641Z"}, "moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-30T15:32:44.686639976Z"}, "gh.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-09-24T19:46:42.025854438Z"}, "karriere-job-booster.at": {"record_type": "AAAA", "resolved_at": "2023-04-30T12:17:10.484433310Z"}, "www.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-16T17:06:44.448663582Z"}, "de.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-10-04T17:06:49.855589981Z"}}, "names": ["www.wolny.poker", "www.133335.xyz", "wolny.poker", "uncoveryourconfidence.org", "karriere-job-booster.com", "static.sampledu.com", "ozvi.net", "de.133335.xyz", "panel.moeking.me", "gh.133335.xyz", "sub.133335.xyz", "www.cylindermowers.com.au", "vadyba.lt", "beautybeyondhair.buzz", "cpcontacts.madares.app", "133335.xyz", "kfplastics.com.au", "openspeedtest.ovride.net", "password.moeking.me", "405.hjs.my.id", "beautybeyondhair.net", "moeking.me", "romainebrain.dev", "sign.moeking.me", "www.3e-wellness.com", "gbdfdm.cn", "persaldo-treuhand.ch", "karriere-job-booster.at", "askapkmod.com", "mail.wolny.poker"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://[2a06:98c1:3120::1]/"}, "response": {"body": "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js ie7 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 8]> <html class=\"no-js ie8 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if gt IE 8]><!--> <html class=\"no-js\" lang=\"en-US\"> <!--<![endif]-->\n<head>\n<title>Direct IP access not allowed | Cloudflare</title>\n<meta charset=\"UTF-8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"robots\" content=\"noindex, nofollow\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\" />\n<link rel=\"stylesheet\" id=\"cf_styles-css\" href=\"/cdn-cgi/styles/main.css\" />\n\n\n<script>\n(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){var c=document.getElementById(\"error-feedback-survey\"),d=document.getElementById(\"error-feedback-success\"),b=new XMLHttpRequest;a={event:\"feedback clicked\",properties:{errorCode:1003,helpful:a,version:1}};b.open(\"POST\",\"https://sparrow.cloudflare.com/api/v1/event\");b.setRequestHeader(\"Content-Type\",\"application/json\");b.setRequestHeader(\"Sparrow-Source-Key\",\"c771f0e4b54944bebf4261d44bd79a1e\");\nb.send(JSON.stringify(a));c.classList.add(\"feedback-hidden\");d.classList.remove(\"feedback-hidden\")};document.addEventListener(\"DOMContentLoaded\",function(){var a=document.getElementById(\"error-feedback\"),c=document.getElementById(\"feedback-button-yes\"),d=document.getElementById(\"feedback-button-no\");\"classList\"in a&&(a.classList.remove(\"feedback-hidden\"),c.addEventListener(\"click\",function(){e(!0)}),d.addEventListener(\"click\",function(){e(!1)}))})}})();\n</script>\n\n<script defer src=\"https://performance.radar.cloudflare.com/beacon.js\"></script>\n</head>\n<body>\n <div id=\"cf-wrapper\">\n <div class=\"cf-alert cf-alert-error cf-cookie-error hidden\" id=\"cookie-alert\" data-translate=\"enable_cookies\">Please enable cookies.</div>\n <div id=\"cf-error-details\" class=\"p-0\">\n <header class=\"mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased\">\n <h1 class=\"inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight\">\n <span data-translate=\"error\">Error</span>\n <span>1003</span>\n </h1>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">Ray ID: 7c443d4879e76326 &bull;</span>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">2023-05-08 19:51:47 UTC</span>\n <h2 class=\"text-gray-600 leading-1.3 text-3xl lg:text-2xl font-light\">Direct IP access not allowed</h2>\n </header>\n\n <section class=\"w-240 lg:w-full mx-auto mb-8 lg:px-8\">\n <div id=\"what-happened-section\" class=\"w-1/2 md:w-full\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_happened\">What happened?</h2>\n <p>You've requested an IP address that is part of the <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">Cloudflare</a> network. A valid Host header must be supplied to reach the desired website.</p>\n \n </div>\n\n \n <div id=\"resolution-copy-section\" class=\"w-1/2 mt-6 text-15 leading-normal\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_can_i_do\">What can I do?</h2>\n <p>If you are interested in learning more about Cloudflare, please <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">visit our website</a>.</p>\n </div>\n \n </section>\n\n <div class=\"feedback-hidden py-8 text-center\" id=\"error-feedback\">\n <div id=\"error-feedback-survey\" class=\"footer-line-wrapper\">\n Was this page helpful?\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-yes\" type=\"button\">Yes</button>\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-no\" type=\"button\">No</button>\n </div>\n <div class=\"feedback-success feedback-hidden\" id=\"error-feedback-success\">\n Thank you for your feedback!\n </div>\n</div>\n\n\n <div class=\"cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300\">\n <p class=\"text-13\">\n <span class=\"cf-footer-item sm:block sm:mb-1\">Cloudflare Ray ID: <strong class=\"font-semibold\">7c443d4879e76326</strong></span>\n <span class=\"cf-footer-separator sm:hidden\">&bull;</span>\n <span id=\"cf-footer-item-ip\" class=\"cf-footer-item hidden sm:block sm:mb-1\">\n Your IP:\n <button type=\"button\" id=\"cf-footer-ip-reveal\" class=\"cf-footer-ip-reveal-btn\">Click to reveal</button>\n <span class=\"hidden\" id=\"cf-footer-ip\">2602:80d:1000:b0cc:e:2:5:7</span>\n <span class=\"cf-footer-separator sm:hidden\">&bull;</span>\n </span>\n <span class=\"cf-footer-item sm:block sm:mb-1\"><span>Performance &amp; security by</span> <a rel=\"noopener noreferrer\" href=\"https://www.cloudflare.com/5xx-error-landing\" id=\"brand_link\" target=\"_blank\">Cloudflare</a></span>\n \n </p>\n <script>(function(){function d(){var b=a.getElementById(\"cf-footer-item-ip\"),c=a.getElementById(\"cf-footer-ip-reveal\");b&&\"classList\"in b&&(b.classList.remove(\"hidden\"),c.addEventListener(\"click\",function(){c.classList.add(\"hidden\");a.getElementById(\"cf-footer-ip\").classList.remove(\"hidden\")}))}var 2a06:98c1:3120::1
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.64): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:18Vulnerability - GeneralYesTool - Retire.js0040NoneCVE-2018-14042 Score: Unknown Description: Unknownhttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:11:21Physical LocationNoAbstractAPI0030NoneFrankfurt am Main, Hesse, 60313, Germany, Europe46.101.229.70
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneFruityWifi-004 (Net ID: 00:04:E2:F4:8A:F5)33.6170672,-111.90564645297056
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.158): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:22Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.108.153
2023-05-12 02:48:03Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://gabu0912.github.io/netflux/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_e10_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e10_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3600"\n "IsoScope_e10_ConnHashTable<3600>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_e10_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e10_IE_EarlyTabStart_0x880_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "104.194.8.120:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"gabu0912.github.io"\n "i.ibb.co"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "netflux_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar37C6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3023.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2DAE.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2F85.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2CA1.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2CD1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2C80.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2C80.tmp]- [targetUID: 00000000-00002972]\n "Cab37C5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab37C5.tmp]- [targetUID: 00000000-00002972]\n "Cab2F84.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2F84.tmp]- [targetUID: 00000000-00002972]\n "Cab3022.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3022.tmp]- [targetUID: 00000000-00002972]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002972]\n "Cab2CC1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2CC1.tmp]- [targetUID: 00000000-00002972]\n "Cab2DAD.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2DAD.tmp]- [targetUID: 00000000-00002972]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe78175b9357b566b.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{616d4f39-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df550c4a9bcc627f72.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{616d4f3b-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{616d4f39-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe78175b9357b566b.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{616d4f3b-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df550c4a9bcc627f72.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar37C6.tmp" has type "data"- Location: [%TEMP%\\Tar37C6.tmp]- [targetUID: 00000000-00002972]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab2C80.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2C80.tmp]- [targetUID: 00000000-00002972]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003600]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has185.199.110.153
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneMicrosoft subsidiariescdn-185-199-111-153.github.com
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.84): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:16Internet NameNoDNS Resolver0020Nonewww.ayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NoneBootstrapfunny.battleb0t.xyz
2023-05-12 02:55:58Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://mu-ldn.com/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f04_IE_EarlyTabStart_0xf70_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_f04_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3844"\n "IsoScope_f04_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f04_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f04_ConnHashTable<3844>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3844"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1F16.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1EA6.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1F15.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1EA5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "8G5IMZ7J.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8G5IMZ7J.txt]- [targetUID: 00000000-00003844]\n Dropped file: "SKIYYQQ6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SKIYYQQ6.txt]- [targetUID: 00000000-00003844]\n Dropped file: "JIRKGKO6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JIRKGKO6.txt]- [targetUID: 00000000-00003844]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003984]\n "~DF43978725F0AD1A9B.TMP" has type "data"- Location: [%TEMP%\\~DF43978725F0AD1A9B.TMP]- [targetUID: 00000000-00003844]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._E36934C7-825A-11ED-BF59-080027782352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF0DA2B49B9610E864.TMP" has type "data"- Location: [%TEMP%\\~DF0DA2B49B9610E864.TMP]- [targetUID: 00000000-00003844]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_1FE77DAC-825D-11ED-BF59-080027782352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab1F15.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1F15.tmp]- [targetUID: 00000000-00003984]\n "Tar1F16.tmp" has type "data"- Location: [%TEMP%\\Tar1F16.tmp]- [targetUID: 00000000-00003984]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003844]\n "Tar1EA6.tmp" has type "data"- Location: [%TEMP%\\Tar1EA6.tmp]- [targetUID: 00000000-00003984]\n "manifest_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003984]\n "~DFF051838F7FD5BBCA.TMP" has type "data"- Location: [%TEMP%\\~DFF051838F7FD5BBCA.TMP]- [targetUID: 00000000-00003844]\n "8G5IMZ7J.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8G5IMZ7J.txt]- [targetUID: 00000000-00003844]\n "~DF0DFB95FF6079C014.TMP" has type "data"- Location: [%TEMP%\\~DF0DFB95FF6079C014.TMP]- [targetUID: 00000000-00003844]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "SKIYYQQ6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SKIYYQQ6.txt]- [targetUID: 00000000-00003844]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://mu-ldn.com/manifest.webmanifest"\n Pattern match: "https://mu-ldn.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive"\n "84x384"\n"type":"image/png"}\n{"src":"icons/icon-512x512.png?v=b44b0926b149aa4cd85edcd506979c33"\n"sizes":"512x512"\n"type":"image/png"}]}", "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public\n max-age=0\n must-revalidate\nContent-Length: 962\nContent-Type: application/octet-stream\nDate: Fri\n 23 Dec 2022 01:35:59 GMT\nEtag: "33b3e5c95c7e0830ca5bead07af4cfd0-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMY9YV97T1TAAQKCFFGSK6XR\n\n{"name":"gatsby-starter-default"\n"short_name":"starter"\n"start_url":"/"\n"background_color":"#663399"\n"display":"minimal-ui"\n"icons":[{"src":"icons/icon-48x48.png?v=b44b0926b149aa4cd85edcd506979c33"\n"sizes":"48x48"\n"type":"image/png"}\n{"src":"icons/icon-72x72.png?v=b44b0926b149aa4cd85edcd506979c33"\n"sizes":"72x72104.196.30.220
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Noneflinck (Net ID: 00:01:24:F1:89:80)52.3759, 4.8975
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007jedgar.github.io] https://www.openphish.com/feed.txt007jedgar.github.io
2023-05-12 03:09:37Affiliate - Internet NameNoDNS Resolver0040None224.30.196.104.bc.googleusercontent.com104.196.30.224
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"Content_Length": ["163"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Keep_Alive": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Last_Modified": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Keep_Alive": ["timeout=5, max=100"], "Server": ["LiteSpeed"], "Connection": ["Keep-Alive"], "Last_Modified": ["Wed, 17 Jun 2020 20:01:33 GMT"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"], "Accept_Ranges": ["bytes"]}87.248.157.102
2023-05-12 03:03:30Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0065paula.github.io
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0030Nonehttps://pics.battleb0t.xyz/images/master058_1.PNGhttps://pics.battleb0t.xyz/
2023-05-12 03:34:29Affiliate - IP AddressNoDNS Look-aside1030None45.131.109.6245.131.109.53
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [etherum-libs.github.io] https://www.openphish.com/feed.txtetherum-libs.github.io
2023-05-12 02:54:27Open TCP PortNoCensys0040None2600:1f18:2489:8202::c8:802600:1f18:2489:8202::c8
2023-05-12 02:44:09Open TCP PortNoSSL Certificate Analyzer0010Nonebattleb0t.xyz:443battleb0t.xyz
2023-05-12 02:44:05Web TechnologyNoTool - WAFW00F0010NoneCloudflare Inc. Cloudflareayhu.xyz
2023-05-12 02:44:21Internet NameNoDNS Resolver0020Nonenuke.battleb0t.xyzCN=nuke.battleb0t.xyz
2023-05-12 02:45:36Raw DNS RecordsNoDNS Raw Records0020Nonefunny.battleb0t.xyz. 300 IN CNAME frabjous-lebkuchen-324004.netlify.app.funny.battleb0t.xyz
2023-05-12 02:49:34Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://jonwhitestudio.com/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base 54ab0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base 51b20000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\IMM32.DLL" at base 55510000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 51b20000\n "msedge.exe" loaded module "%WINDIR%\\TEMP\\VXOLE64.DLL" at base 44ff0000\n "msedge.exe" loaded module "NTMARTA.DLL" at base 50ad0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 54ab0000\n "msedge.exe" loaded module "COMBASE.DLL" at base 54f70000\n "msedge.exe" loaded module "OLE32.DLL" at base 547e0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 4ffd0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3236:120:WilError_01"\n "Local\\SM0:2928:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:2928:120:WilError_01"\n "Local\\SM0:3236:304:WilStaging_02"\n "SM0:3236:120:WilError_01"\n "SM0:3236:304:WilStaging_02"\n "Local\\SM0:3236:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3236:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3236:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3236:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cloud.typenetwork.com"\n "jonwhitestudio.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "142.250.191.40:443"\n "151.101.1.91:443"\n "142.250.189.238:443"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsjonwhitestudio.com" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00003236]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003236]\n "f_00023e" has type "Web Open Font Format (Version 2) CFF length 42632 version 2.0"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00005628]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003236]\n "71b8d211-731c-4c7b-833c-eb5281c135d2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\71b8d211-731c-4c7b-833c-eb5281c135d2.tmp]- [targetUID: 00000000-00003236]\n "f_000243" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 3090x1512 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00005628]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\3236_351054471\\manifest.json]- [targetUID: 00000000-00003236]\n "f_00023d" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 1000x489 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00005628]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.fingerprint]- [targetUID: 00000000-00003236]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.4\\edge_autofill_field_data.json]- [targetUID: 00000000-00003236]\n "49bd05701c59769f_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\49bd05701c59769f_0]- [targetUID: 00000000-00003236]\n "16973868-0a70-4008-a528-95f61f45524c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\16973868-0a70-4008-a528-95f61f45524c.tmp]- [targetUID: 00000000-00003236]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00004972]\n "e0680e1b-98b7-4c75-9bb0-40225dedbc07.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e0680e1b-98b7-4c75-9bb0-40225dedbc07.tmp]- [targetUID: 00000000-00003236]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003236]\n "b4ff48f4-20ee-483b-a145-b93992192217.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b4ff48f4-20ee-483b-a145-b93992192217.tmp]- [targetUID: 00000000-00003236]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\3236_1474835879\\adblock_snippet.js]- [targetUID: 00000000-00003236]\n "52c697f3-a2b7-49a3-af0f-66bf07c9173d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\3236_351054471\\deny_domains.list]- [targetUID: 00000000-00003236]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://jonwhitestudio.com/"\n Pattern match: "https://jonwhitestudio.com"\n Heuristic match: "cloud.typenetwork.com"\n Heuristic match: "jonwhitestudio.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/93 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.43" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.43"'}], u'threat_level': 0, u'size': None, u'job_id': u'6404e67292fd2ef63a0cf584', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'suspicious_identifiers': [], u'attck_id': u'T1129', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Shared Modules', u'informative_identifiers': [], u'tactic': u'Execution', u'informative185.199.110.153
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:57:25Co-Hosted SiteNoCertificate Transparency1010Nonefunny-face-pictures.nom-nom.linkbattleb0t.xyz
2023-05-12 02:54:23HTTP Status CodeNoWeb Spider0040None403https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU
2023-05-12 03:09:59Affiliate - Internet NameNoDNS Resolver1040Nonestage-sdb-n1-fra1.amcodev.me165.232.113.89
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<hidden ssid> (Net ID: 00:01:E3:55:E9:E6)52.3759, 4.8975
2023-05-12 03:24:51CountryNoCountry Name Extractor0070NoneUnited States Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:40:26Z Creation Date: 2018-06-27T20:51:35Z Registry Expiry Date: 2024-06-27T20:51:35Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:41:04Z Creation Date: 2018-06-27T20:51:35Z Registrar Registration Expiration Date: 2024-06-27T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32256 Registrant Country: US Registrant Phone: +1.5707088622 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Admin ID: Admin Name: PERFECT PRIVACY, LLC Admin Organization: Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Admin City: Jacksonville Admin State/Province: FL Admin Postal Code: 32256 Admin Country: US Admin Phone: +1.5707088622 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Tech ID: Tech Name: PERFECT PRIVACY, LLC Tech Organization: Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Tech City: Jacksonville Tech State/Province: FL Tech Postal Code: 32256 Tech Country: US Tech Phone: +1.5707088622 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned Registrar Abuse Contact Email: domain.operations@web.com Registrar Abuse Contact Phone: +1.8777228662 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en This listing is a Network Solutions Private Registration. Mail correspondence to this address must be sent via USPS Express Mail(TM) or USPS Certified Mail(R); all other mail will not be processed. Be sure to include the registrant's domain name in the address. The data in Networksolutions.com's WHOIS database is provided to you by Networksolutions.com for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. Networksolutions.com makes this information available "as is," and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; or (2) enable high volume, automated, electronic processes that apply to Networksolutions.com (or its systems). The compilation, repackaging, dissemination or other use of this data is expressly prohibited without the prior written consent of Networksolutions.com. Networksolutions.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
2023-05-12 02:57:21Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://www.transferxl.com/download/00jJFzX0NZqb7p?utm_source=downloadmail&utm_medium=e-mail', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2324 -s 132" (UID: 00000000-00002912)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2808"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_IE_EarlyTabStart_0x9fc_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_ConnHashTable<2808>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_af8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00002912) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2324 -s 132" (UID: 00000000-00002912)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"WYB4R6U0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WYB4R6U0.txt]- [targetUID: 00000000-00002656]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002808]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002656]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002656]\n "~DFB15116EB5FBF7B60.TMP" has type "data"- Location: [%TEMP%\\~DFB15116EB5FBF7B60.TMP]- [targetUID: 00000000-00002808]\n "6WOW82V3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6WOW82V3.txt]- [targetUID: 00000000-00002808]\n "5GUZREIC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5GUZREIC.txt]- [targetUID: 00000000-00002808]\n "~DF5BE77E41A257D58D.TMP" has type "data"- Location: [%TEMP%\\~DF5BE77E41A257D58D.TMP]- [targetUID: 00000000-00002808]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002808]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002808]\n "~DF92B96BB1C37A95B3.TMP" has type "data"- Location: [%TEMP%\\~DF92B96BB1C37A95B3.TMP]- [targetUID: 00000000-00002808]\n "~DFF80803886237AC2B.TMP" has type "data"- Location: [%TEMP%\\~DFF80803886237AC2B.TMP]- [targetUID: 00000000-00002808]\n "F85GEI1A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\F85GEI1A.txt]- [targetUID: 00000000-00002808]\n "~DFB7284AFC956ADC04.TMP" has type "data"- Location: [%TEMP%\\~DFB7284AFC956ADC04.TMP]- [targetUID: 00000000-00002808]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002656]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.transferxl.com/download/00jJFzX0NZqb7p?utm_source=downloadmail&utm_medium=e-mail"- [Source: Input]\n Pattern match: "https://www.transferxl.com"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 7, u'description': u'TCP traffic to 35.229.48.116 on port 443 is sent without HTTP header'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: http://willowy-cupcake-2efcf0.netlify.app/ (AV positives: 13/88 scanned on 08/04/2022 13:33:55)\n URL: https://omgcart.netlify.app/ (AV positives: 7/88 scanned on 08/04/2022 13:18:38)\n URL: https://tic-tac-toe-react-app-by-sanya.netlify.app/ (AV positives: 1/88 scanned on 08/04/2022 13:10:36)\n URL: http://transcendent-biscochitos-52e96b.netlify.app/ (AV positives: 9/88 scanned on 08/04/2022 13:05:52)\n URL: https://liftfoils.com/lift3f?utm_source=email&utm_medium=email&utm_campaign=[8/4/2022]%20Aff.%20Lake%20Tahoe%20-%20Efoils%20(RYS6ki)&month=may22&_kx=Mo7kojSj2pUghQm-RuyN-8gnceqmH6QJ4sDpJAKWTkl6Wo2oi2uErNZDGQOZTIqt.UxDLky (AV positives: 1/88 scanned on 08/04/2022 13:04:18)\n File SHA256: caf16699abb61a32fc60f7e822749eeb2f93bae1d29c037c3741a62e3b99d03f (AV positives: 8/73 scanned on 07/28/2022 23:29:37)\n File SHA256: 16d7a459dcc8bcdd8b62981852d62d7f7d70670ca2b0eb5e367e6ecce60181ac (AV positives: 23/75 scanned on 07/23/2022 23:08:28)\n File SHA256: ebc7b30a1d4892e47800a99f8e13bec72e1697e0c70b8c1627e1678256618653 (AV positives: 10/75 scanned on 07/23/2022 17:53:46)\n File SHA256: 1dd1a8dd4f876bac98671e060542cec1749a7375840690571f589e3a1279120e (AV positives: 1/73 scanned on 07/19/2022 11:55:41)\n File SHA256: 998912b92e6145b37b3f17498f240e4550dd3a766d25c534aa5d406ccde2a395 (AV positives: 21/73 scanned on 07/11/2022 09:40:30)'}], u'threat_level': 0, u'size': None, u'job_id': u'62ebcf1020213241597b9103', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificat35.229.48.116
2023-05-12 03:00:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.45): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneDMHS (Net ID: 00:02:2D:0B:17:3E)34.0544, -118.244
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-B3C2 (Net ID: 00:1D:D4:40:B3:C0)32.8608, -79.9746
2023-05-12 03:09:27Co-Hosted Site - Domain WhoisNoWhois2040None Domain Name: 00RZ.COM Registry Domain ID: 1545841665_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-12-26T09:10:34Z Creation Date: 2009-03-07T02:16:40Z Registry Expiry Date: 2024-03-07T02:16:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS17.DOMAINCONTROL.COM Name Server: NS18.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:19Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: 00RZ.COM Registry Domain ID: 1545841665_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-26T04:10:32Z Creation Date: 2009-03-06T21:16:40Z Registrar Registration Expiration Date: 2024-03-06T21:16:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Name Server: NS17.DOMAINCONTROL.COM Name Server: NS18.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:27Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice. 00rz.com
2023-05-12 02:44:24Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.109.153
2023-05-12 02:54:12Web Content TypeNoWeb Spider0010Nonetext/html;charset=utf-8battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneGarmin connect (Category: health) https://connect.garmin.com/modern/profile/loginlogin
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:DB:1C:01)33.6170672,-111.90564645297056
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonebl?htwlan (Net ID: 00:02:72:5E:F0:C4)50.1188, 8.6843
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:209687.248.157.102
2023-05-12 02:54:13Raw Data from RIRsNoCensys0040None{"last_updated_at": "2023-05-11T21:43:49.790Z", "ip": "2606:4700:3030::ac43:a8fc", "location_updated_at": "2023-05-05T16:26:00.823616Z", "autonomous_system_updated_at": "2023-05-05T16:26:00.823705Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"aimeetessendorff.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T12:47:45.461955940Z"}, "repvetentieloc.ml": {"record_type": "AAAA", "resolved_at": "2022-11-19T15:10:10.180278821Z"}, "distschertertilise.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:07.597674627Z"}, "webmail.plafonpvcklaten.com": {"record_type": "AAAA", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "ciasanbeverroca.ga": {"record_type": "AAAA", "resolved_at": "2023-04-13T02:45:50.515988463Z"}, "newbabyswing.com": {"record_type": "AAAA", "resolved_at": "2023-01-14T15:30:21.414055738Z"}, "cdn-1.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T14:00:08.829408117Z"}, "bacmyto.gq": {"record_type": "AAAA", "resolved_at": "2023-04-29T17:30:56.299623606Z"}, "www.adwokat-pancerz.pl.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-03T02:35:21.068173226Z"}, "go789.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:34:21.509585450Z"}, "www.breakthruagent.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T21:12:12.423073791Z"}, "lakadestpageli.tk": {"record_type": "AAAA", "resolved_at": "2022-12-28T17:28:31.912298526Z"}, "easardo.gq": {"record_type": "AAAA", "resolved_at": "2022-12-05T14:57:48.157662110Z"}, "cosmicstory.info": {"record_type": "AAAA", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "trueallureforevershinejewelry.com": {"record_type": "AAAA", "resolved_at": "2023-04-04T16:44:01.264807017Z"}, "clean.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.177595997Z"}, "maycijackmo.gq": {"record_type": "AAAA", "resolved_at": "2023-01-02T14:40:23.496602167Z"}, "domainwheel.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-04T22:48:08.612020608Z"}, "take2s.com": {"record_type": "AAAA", "resolved_at": "2023-04-26T16:42:32.449014857Z"}, "zouksedalme.cf": {"record_type": "AAAA", "resolved_at": "2023-01-08T12:26:58.333904645Z"}, "mistwarctolylong.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "wiki.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.887086684Z"}, "tung-asia-sushi.de": {"record_type": "AAAA", "resolved_at": "2023-04-26T17:23:12.366213756Z"}, "ciorabutnewsmort.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:31.076583498Z"}, "offer.buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:39:01.965135008Z"}, "cloud.topmax.dev": {"record_type": "AAAA", "resolved_at": "2022-11-09T14:16:47.770763186Z"}, "tiaticviwatch.cf": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:47:13.799688411Z"}, "myecorpartwildbet.tk": {"record_type": "AAAA", "resolved_at": "2023-04-28T22:47:31.486765688Z"}, "fisbopowertools.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T14:43:38.993993919Z"}, "dgvsm.com": {"record_type": "AAAA", "resolved_at": "2023-03-18T21:11:44.668409595Z"}, "it-a-br-newcarok.live": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T14:32:56.241553693Z"}, "ritsar.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-03T22:17:27.736952452Z"}, "www.advocateclaims.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T13:25:19.560491085Z"}, "hkjku-liop.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-21T17:17:14.415081307Z"}, "hotel-taormina.info": {"record_type": "AAAA", "resolved_at": "2023-05-04T18:10:13.310895111Z"}, "blacklotusaudio.com": {"record_type": "AAAA", "resolved_at": "2023-01-02T13:02:23.981054734Z"}, "cdn.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T19:28:04.759393053Z"}, "routsaygeehekdest.ga": {"record_type": "AAAA", "resolved_at": "2023-04-14T02:12:59.832119313Z"}, "www.farasoacademy.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "slanchogled.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "www.mischerhexe.de": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:40:14.150921538Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "brousebiology.com": {"record_type": "AAAA", "resolved_at": "2023-02-02T13:05:34.500687558Z"}, "www.brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "dubadub.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T14:40:56.310744261Z"}, "martohacabe.ga": {"record_type": "AAAA", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "road.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "searchtermresults.com": {"record_type": "AAAA", "resolved_at": "2023-04-27T16:36:47.951727992Z"}, "artisttel.com": {"record_type": "AAAA", "resolved_at": "2023-04-14T17:49:46.342407896Z"}, "www.24hrupdate.online": {"record_type": "AAAA", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "www.sripersada.com": {"record_type": "AAAA", "resolved_at": "2022-11-19T14:03:00.698431487Z"}, "kids.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T22:13:24.698234660Z"}, "sentimelt.com": {"record_type": "AAAA", "resolved_at": "2023-04-23T16:01:11.742725624Z"}, "walledgarden.global": {"record_type": "AAAA", "resolved_at": "2023-05-03T00:39:45.829214813Z"}, "xn--b1agjto.xn--p1acf": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:13:25.943966163Z"}, "fatdomisecools.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:22.776371266Z"}, "webmail.buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:07:59.090137905Z"}, "renalfa.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:47:46.479184263Z"}, "mujeresalaobra.org": {"record_type": "AAAA", "resolved_at": "2023-05-08T21:50:08.391075868Z"}, "hbomedtoday.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:49:34.524954322Z"}, "nieqiulemoru.gq": {"record_type": "AAAA", "resolved_at": "2023-05-03T17:22:24.190764207Z"}, "tegafoods.mx": {"record_type": "AAAA", "resolved_at": "2023-04-26T19:27:47.975723009Z"}, "www.a2zbiotics.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-04-28T20:07:55.631943899Z"}, "aaditrifood.com": {"record_type": "AAAA", "resolved_at": "2022-09-30T12:45:20.759363789Z"}, "baklibabsaringram.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:08.988220251Z"}, "www.judedeveraux.com": {"record_type": "AAAA", "resolved_at": "2022-12-24T13:29:43.200670281Z"}, "ylcaloketpmentluv.gq": {"record_type": "AAAA", "resolved_at": "2022-12-13T15:15:42.169837303Z"}, "certidao.srv.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:45:01.697407879Z"}, "anactikazida.ga": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:52:35.596026353Z"}, "abkapp.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "certifiedlocal.org": {"record_type": "AAAA", "resolved_at": "2023-05-03T04:18:58.146026898Z"}, "www.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-28T12:17:10.511292940Z"}, "conimexsa.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:25:21.075230785Z"}, "neglectmillspark.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-07T12:49:27.362981875Z"}, "brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:15:03.687712788Z"}, "garluco.ga": {"record_type": "AAAA", "resolved_at": "2023-04-27T18:33:39.654380379Z"}, "auth.gay": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:54:43.280273275Z"}, "www.tizhoo.ir": {"record_type": "AAAA", "resolved_at": "2022-12-03T15:10:06.028885766Z"}, "nencafuvilate.ml": {"record_type": "AAAA", "resolved_at": "2023-05-10T18:02:40.500759466Z"}, "gusteiplexmola.tk": {"record_type": "AAAA", "resolved_at": "2023-03-27T05:18:03.996467271Z"}, "diageherpost.ga": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:33:56.882157561Z"}, "pennportcoun.tk": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:45:04.713699318Z"}, "zunbazapecomfo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:52:13.680560969Z"}, "tiosmarigin.tk": {"record_type": "AAAA", "resolved_at": "2023-03-11T19:39:44.575906671Z"}, "ndkfe-vjwc.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-05-03T00:07:50.549712076Z"}, "buvade.ml": {"record_type": "AAAA", "resolved_at": "2023-04-27T19:50:04.921168507Z"}, "webmail.sylhetbarta24.com": {"record_type": "AAAA", "resolved_at": "2023-02-11T14:21:26.991769121Z"}, "autodiscover.dfwtaxi.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:15:13.192169963Z"}, "vpn-home.mycloudcontroller.com": {"record_type": "AAAA", "resolved_at": "2023-05-06T15:34:10.626225602Z"}, "merrellphboots.com": {"record_type": "AAAA", "resolved_at": "2022-11-30T19:31:43.146946537Z"}, "webdisk.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-11-02T12:25:12.468054624Z"}, "nsdkfj-gier90.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-05-03T16:47:18.914465870Z"}, "webmail.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-24T12:18:30.715835062Z"}, "mail.kasabugraphics.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T14:52:30.444010315Z"}, "www.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:27:44.166657192Z"}, "jadehost.xyz": {"record_type": "AAAA", "resolved_at": "2022-11-02T17:53:20.233482468Z"}, "searhasbsub.tk": {"record_type": "AAAA", "resolved_at": "2023-05-11T21:42:54.350620579Z"}, "vikk-play.space": {"record_type": "AAAA", "resolved_at": "2023-01-29T18:05:12.078217209Z"}, "edocoutercenma.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:25.411014530Z"}}, "names": ["go789.ga", "hotel-taormina.info", "webmail.cienciaexam2606:4700:3030::ac43:a8fc
2023-05-12 02:54:57Physical LocationNoCensys1020NoneHounslow, England, TW3, United Kingdom, Europe2a06:98c1:3120::1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonejeja.pl (Category: misc) https://www.jeja.pl/user,loginlogin
2023-05-12 03:04:06Malicious IP on Same SubnetYesGreensnow0040Nonegreensnow.co [64.226.80.0/20] https://blocklist.greensnow.co/greensnow.txt64.226.80.0/20
2023-05-12 02:59:50Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@ecloanmoney.com[{u'page_text': None, u'domain': u'ecloanmoney.com', u'virus_total': u'Yes', u'n_times_seen_ip': 0, u'abuse_contact': u'abuse@ecloanmoney.com', u'ip': u'104.21.6.166', u'google_safebrowsing': u'Yes', u'threat_crowd': u'Yes', u'n_times_seen_domain': 0, u'alexa_rank_host': None, u'id': 8064681, u'city': u'', u'abuse_ch_malware': u'No', u'countrycode': u'US', u'title': u'Not Acceptable!', u'ssl_subject': None, u'technology': None, u'date_update': u'2022-01-16T13:03:33.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': 4.5, u'vulns': None, u'latitude': u'37.7510', u'regionname': u'', u'hash': u'16279a2e936344880462a47af65885b3a095b205bf036efd2e68751b3aa57f5b', u'threat_crowd_subdomain_count': 0, u'screenshot': None, u'n_times_seen_host': 0, u'ssl_issuer': None, u'domain_registered_n_days_ago': 399, u'regioncode': u'', u'host': u'ecloanmoney.com', u'date': u'2022-01-16T12:11:21.000Z', u'asn': u'AS13335', u'tags': u'cdn', u'bgp': u'104.16.0.0/12', u'url': u'https://ecloanmoney.com/dhl/card.php', u'isp': u'CLOUDFLARENET, US', u'longitude': u'-97.8220', u'ports': u'80, 443, 2086, 2087, 2096, 8080, 8443', u'countryname': u'United States', u'threat_crowd_votes': u'Suspicious', u'http_server': None, u'tld': u'com', u'os': None, u'http_code': 403}]
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneforumprawne.org (Category: misc) https://forumprawne.org/members/login.htmllogin
2023-05-12 02:44:17SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:05:11 2023 GMT Not After : May 25 03:05:10 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9: ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69: 7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2: 36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91: 79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82: ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50: 74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b: 60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89: 0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee: c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e: 24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b: 96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4: 80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45: 12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93: 2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb: f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1: ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68: ca:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption af:5e:3d:7d:a9:f5:42:9c:1d:2f:03:2d:1b:0d:2f:10:cb:50: f1:b5:52:99:81:26:41:e3:0e:8b:3f:d6:44:9c:4d:76:a0:c9: 2e:6c:74:7c:a4:74:32:5e:57:3b:4d:1a:2e:c8:ca:50:8a:41: 64:52:bd:34:33:b5:79:5d:6f:b7:40:8d:f2:19:bb:9c:7a:f4: 53:d5:b8:14:be:47:eb:83:11:3f:9b:a8:6d:e6:50:9c:00:fd: 45:a4:e9:b5:c8:1a:e6:9f:65:a0:32:31:9a:f4:eb:55:67:d1: e8:ef:64:3e:f6:9d:83:1d:d7:4f:bc:78:a6:79:31:b0:72:dc: bc:76:08:92:82:2c:2d:62:96:6a:ea:10:aa:8b:9f:01:37:82: 68:e8:21:18:0b:93:ec:a2:d9:e4:7d:db:8d:03:6c:29:66:26: 48:37:dc:c6:b4:07:9f:89:13:5d:3c:d0:15:d9:f0:41:fb:6f: a6:03:d7:5c:9d:60:ab:11:be:88:8c:49:85:6b:01:3f:1f:cf: 9f:fe:17:89:e9:00:42:c3:57:e3:c8:42:f8:cd:c4:7b:bc:1f: 29:1b:d5:94:0f:7c:11:23:e1:b3:ae:8d:51:5a:7e:0b:bb:e0: 95:37:98:35:9f:61:ad:e4:68:dc:1c:77:b3:9e:f7:ce:95:dd: 52:35:dd:a6 battleb0t.xyz
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0060NoneMarkMonitor Inc. Domain Name: GOOGLEUSERCONTENT.COM Registry Domain ID: 1528918319_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-10-16T09:27:01Z Creation Date: 2008-11-17T15:58:29Z Registry Expiry Date: 2023-11-17T15:58:29Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.GOOGLE.COM Name Server: NS2.GOOGLE.COM Name Server: NS3.GOOGLE.COM Name Server: NS4.GOOGLE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000407.github.io] https://www.openphish.com/feed.txt000407.github.io
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-timer: S1683860053.050131,VS0,VE21{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 02:54:14HTTP HeadersNoWeb Spider1020None{"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:14 GMT", "content-type": "text/html"}kekw.battleb0t.xyz
2023-05-12 03:24:47CountryNoCountry Name Extractor0040NoneUnited StatesNorth Charleston, South Carolina, SC, United States, US
2023-05-12 02:58:34SSL Certificate - Raw DataNoCertificate Transparency2010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 18:07:07 2022 GMT Not After : Mar 13 18:07:06 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5: cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40: 8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da: 78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a: 56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00: cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85: b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4: 1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d: 86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9: c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0: 2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f: 7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28: 87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb: 3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9: ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf: fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce: a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1: d3:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 19:07:08.083 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D0:FF:78:AE:C3:62:89:90:F2:A9:F6: CF:41:A5:B6:AB:51:6D:6E:FB:5E:D8:9D:88:9E:50:39: 26:BD:EC:AC:34:02:21:00:BC:89:FB:E2:F1:35:F7:00: 0B:4C:4C:DE:C4:12:88:E0:4F:52:7D:18:21:0D:AC:62: BC:76:DD:A2:F8:3F:5B:1D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 13 19:07:08.583 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:51:94:B0:CF:3C:86:38:A4:D9:80:6F:E3: EC:3D:37:CB:B4:65:E2:35:17:5E:BA:96:76:F4:A6:90: 1D:6A:AE:4B:02:21:00:9D:89:ED:FC:FA:3F:52:5C:6A: FF:DA:D2:C4:54:F3:CB:81:7B:1B:4B:4F:01:26:9F:C1: 04:B7:D6:CE:B9:77:B8 Signature Algorithm: sha256WithRSAEncryption 91:4e:e2:bf:36:57:41:de:a3:6f:91:fb:a2:73:ec:c8:9e:f7: 1f:0d:59:7b:c6:09:e3:fb:bf:a4:c2:8a:32:fa:c4:f6:df:3f: aa:05:e0:24:98:16:08:84:62:26:41:b9:6f:39:f4:71:d6:ee: 5c:b1:36:f4:e8:21:c1:33:ce:b6:3c:af:4d:e7:18:2f:6c:27: 6e:cd:40:66:5d:d7:bd:71:74:93:04:96:39:63:25:d2:be:99: 3b:37:81:f8:a4:eb:0b:81:a4:3b:25:e3:9f:76:85:e0:0f:1a: 92:b6:27:46:71:61:51:3a:f7:5d:72:65:00:9d:09:05:5c:de: c1:d4:54:d5:5a:d7:d7:34:d4:2c:67:0d:f8:a4:f0:c4:3a:47: 80:3c:8b:81:06:a8:34:d6:42:45:55:c8:42:f9:cf:43:4d:ee: bd:e9:55:d7:d8:77:a3:d9:4c:76:08:4a:3c:a8:97:42:30:c9: 07:48:ea:bf:5e:b8:93:d2:56:00:0f:04:1c:00:01:69:ac:de: 20:d1:8a:7a:88:01:7c:94:e0:3d:d3:30:5e:a9:3c:d3:38:56: 5b:30:14:08:f5:b9:a1:f9:56:6c:72:be:02:ce:ad:d8:53:46: 35:20:ba:70:c5:77:bf:fa:4e:08:fb:a6:cd:30:77:f4:dc:52: 90:b6:5b:91 ayhu.xyz
2023-05-12 03:11:24Raw Data from RIRsNoAbstractAPI0030None{u'format': {u'international': u'+14805058800', u'local': u'(480) 505-8800'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14805058800', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'}+14805058800
2023-05-12 03:29:46Blacklisted IP AddressYesUCEPROTECT0130NoneUCEPROTECT - Level 2 (some false positives) (207.154.228.169)207.154.228.169
2023-05-12 02:55:21HTTP HeadersNoCensys0030None{"Content_Length": ["46"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "X_Xss_Protection": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8"}, "X_Xss_Protection": ["1; mode=block"], "X_Content_Type_Options": ["nosniff"], "Vary": ["Origin"], "Server": ["Caddy"], "Content_Type": ["application/json; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"]}207.154.228.169
2023-05-12 03:24:48CountryNoCountry Name Extractor0040NoneUnited StatesNorth Charleston, South Carolina, 29415, United States, North America
2023-05-12 02:44:13Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonegithub.comwww.battleb0t.xyz
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None0101kvmt.github.io185.199.111.153
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneGit (software)battleb0t.github.io
2023-05-12 02:44:12Open TCP PortNoSSL Certificate Analyzer0020Nonewww.battleb0t.xyz:443www.battleb0t.xyz
2023-05-12 02:57:22Internet NameNoCertificate Transparency0010Nonekekw.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:09:31Affiliate - Internet NameNoDNS Resolver2030Nonecdn-185-199-111-154.github.com185.199.111.154
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.127): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:35:41Physical LocationNoipapi.co1030NoneEygelshoven, Limburg, LI, Netherlands, NL45.131.109.53
2023-05-12 02:47:30Open TCP PortNoPulsedive0020None104.21.6.166:443104.21.6.166
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:23 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:23 GMT", "cf-ray": "7c5f60721cb70f8d-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMaxx Hotel (Net ID: 00:02:2D:37:37:61)50.1188, 8.6843
2023-05-12 02:44:12Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonecloudwaysapps.comkekw.battleb0t.xyz
2023-05-12 03:09:03Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10387.248.157.102
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None001328.github.io185.199.111.153
2023-05-12 03:04:12Malicious Co-Hosted SiteYesabuse.ch0120Noneabuse.ch URLhaus (Domain) [github.com] https://urlhaus.abuse.ch/downloads/csv_recent/github.com
2023-05-12 02:53:03Web TechnologyNoTool - WAFW00F0020NoneNone Nonepics.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNet8FBA (Net ID: 00:01:36:5C:8F:B8)37.780462,-122.390564
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneayu.xyzayhu.xyz
2023-05-12 02:44:23SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 Validity Not Before: Feb 21 00:00:00 2023 GMT Not After : Mar 20 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f: a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af: ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24: 29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09: 23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a: 5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed: f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99: 4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77: c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2: 38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3: f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57: 77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee: 3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76: b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1: 95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f: 43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97: 2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07: 24:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4 X509v3 Subject Key Identifier: 8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Feb 21 15:03:41.179 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD: F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24: D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25: A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53: A4:D8:EF:86:C7:5C:70:1A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6: 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5 Timestamp : Feb 21 15:03:41.162 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7: 09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3: 74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A: 04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37: AB:35:8B:24:23:B9:2B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Feb 21 15:03:41.130 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09: BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45: 49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98: 13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E: 4F:4E:1C:82:A5:B3 Signature Algorithm: sha256WithRSAEncryption 37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08: 1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79: 13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22: 8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37: 4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0: 4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43: 64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef: 4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c: f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a: fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da: 33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08: e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8: 28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96: d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75: 27:d0:e3:df 185.199.109.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneWireless (Net ID: 00:09:5B:34:6B:03)33.6170672,-111.90564645297056
2023-05-12 02:54:44Physical LocationNoCensys0030NoneNorth Charleston, South Carolina, 29418, United States, North America35.229.48.116
2023-05-12 03:18:06Externally Hosted JavascriptNoPage Information0030Nonehttp://code.jquery.com/jquery-3.2.1.js<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:09:01Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.9687.248.157.102
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Nonescoop.sh185.199.110.153
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.167): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:10BGP AS MembershipNoCensys0020None133352606:4700:3031::6815:6a6
2023-05-12 02:56:25BGP AS MembershipNoRIPE0030None13335188.114.97.0/24
2023-05-12 02:59:45Similar Domain - WhoisNoWhois2020NoneDomain Name: BATTLEBOT.XYZ Registry Domain ID: D199559633-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2022-09-05T15:48:14.0Z Creation Date: 2020-09-07T05:35:36.0Z Registry Expiry Date: 2023-09-07T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant State/Province: Capital Region Registrant Country: IS Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: battlebot.xyz Registry Domain ID: D199559633-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-08-08T05:51:35.56Z Creation Date: 2020-09-07T05:35:36.00Z Registrar Registration Expiration Date: 2023-09-07T23:59:59.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:59:45.60Z <<< For more information on Whois status codes, please visit https://icann.org/eppbattlebot.xyz
2023-05-12 03:05:41Vulnerability - CVE LowYesTool - testssl.sh0220NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.nuke.battleb0t.xyz
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.237): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:54Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.99
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNet2EE2 (Net ID: 00:01:36:5B:2E:E0)37.780462,-122.390564
2023-05-12 03:09:28Co-Hosted SiteNoSSL Certificate Analyzer1030Nonewww.donation.ecash-pay.com165.232.113.85
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:36:56:5A)34.0544, -118.244
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonegfycat (Category: misc) https://gfycat.com/@loginlogin
2023-05-12 02:45:34DNS SPF RecordNoDNS Raw Records0010Nonev=spf1 include:_spf.mx.cloudflare.net ~allbattleb0t.xyz
2023-05-12 02:59:00Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.74.170.74', u'104.16.88.20', u'104.21.63.54'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://www.trustsign.com.br/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"\n "o.ss2.us"\n "ocsp.pki.goog"\n "crl.rootg2.amazontrust.com"\n "crl.pki.goog"\n "crls.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar87F.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3764"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_eb4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_eb4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_eb4_IE_EarlyTabStart_0xdd0_Mutex"\n "IsoScope_eb4_ConnHashTable<3764>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3764"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "184.31.135.120:80"\n "142.250.217.72:443"\n "142.250.217.106:443"\n "104.16.88.20:443"\n "108.139.0.36:443"\n "104.21.63.54:443"\n "108.138.245.11:80"\n "142.250.217.99:80"\n "108.138.245.125:80"\n "142.251.33.110:80"\n "108.139.0.48:80"\n "108.138.245.30:80"\n "108.139.0.178:80"\n "216.239.32.178:443"\n "142.250.217.99:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab86E.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ_1_.woff" has type "Web Open Font Format TrueType length 20712 version 1.1"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002908]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003764]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002908]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00002908]\n "7e80dcacf1_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "~DF6E9EB864F8E8C92C.TMP" has type "data"- Location: [%TEMP%\\~DF6E9EB864F8E8C92C.TMP]- [targetUID: 00000000-00003764]\n "YMKUF9Q6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YMKUF9Q6.txt]- [targetUID: 00000000-00003764]\n "CPM6V2NP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CPM6V2NP.txt]- [targetUID: 00000000-00002908]\n "IGBW5PPN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IGBW5PPN.txt]- [targetUID: 00000000-00002908]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002908]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00002908]\n "RecoveryStore._E80B3267-2D93-11ED-AA59-08002740601A_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar87F.tmp" has type "data"- Location: [%TEMP%\\Tar87F.tmp]- [targetUID: 00000000-00002908]\n "ce5327c52694093aede79fbdda65cf4496210956_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "jquery-3.1.0.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEFRAME.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IPHLPAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\ieproxy.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DWMAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEUI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\MSHTML.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\OUTLLIB.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\OUTLLIB.DLL.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\sqmapi.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\BCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\APPHELP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\GROOVEEX.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Java\\jre1.8.0_151\\bin\\ssv.dll"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.trustsign.com.br\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.74.170.74]\n\n "de3\n[[~(.E]Kjk;5IZE0$%9vH<}X"u:2\nsw/.q0>?\n?iiG?>v%R`gG~:fxOJ?v>b8e\\GS3i4VgX\nZ^4Bq#Ch7O|yn;thhrry?)NI19:~35;57y"Xg<##Ox&hTqDA:i|y5[aX2II(n:0e\nC9<vHQ"m&\nB1ON}|RTL"C@S^\'J(f"eN2$\na!3YiAez|N-j2sETgX(Rx(1D:Y\'CECP}j4K6nV0@f Vig4Lw=g.;tiBfVf~hp@-A#?\'\nH+ic NsODso2={GK%(\'}--TgUdpwNuM>:OHY*ks\'-=^t~&\nzr9\n ]3LHDX$<>c]JBI\n7wE6g;C8)10:5_o#DiRC.G;*AP\n"X*%-hn3HmtmLG&@\'}l8{=a&\\1]d)(-as%\nLW\nR.M-kN$L*\ng>m/Rg!y3T#<IZ\\"\'F|>Z{V3G`HN4\n-f)j`,\n2p62X3T&#\\V3j3z9%s8=:^1/sXr=42\\7+%\n;qz%U+#W9gp!\\h7/*vsJ+IerH4!=`~\\s_&"GGl2b+Q+PI~<>akh8[,7}#JN+rDv}}MlLI,Q-Dz:<sU\'>Ghe9[8M4-p%m*:\nX*pkZBwg<r0G`<2ZI34.74.170.74
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.238): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:10:06Malicious IP AddressYesVoIPBL OpenPBX IPs0120NoneVOIPBL Publicly Accessible PBX List [185.199.108.153] http://www.voipbl.org/update185.199.108.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:51:66:85)37.7642, -122.3993
2023-05-12 02:44:42Internet NameNoDNS Resolver0020Nonepanel.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:26 2022 GMT Not After : Feb 15 17:26:25 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8: 0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6: 87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77: 89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51: 03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57: 77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6: 6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c: bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4: 7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3: 39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01: 8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3: f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0: ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63: dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40: ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92: 92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9: 16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87: cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef: 92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce: 9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3: 75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa: f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93: ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d: 65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20: 31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5: 33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee: da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed: 36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e: 49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af: 27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11: cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f: 12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35: 9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e: dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13: f8:ae:73 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption ac:60:96:91:2c:ed:62:e3:68:ab:ed:e4:c1:61:0e:e3:90:31: 8e:31:a9:4b:46:c3:8d:c5:e0:8d:6a:1f:71:38:56:82:9c:31: ee:2d:1e:c2:98:27:b8:9a:55:a7:78:ac:42:82:80:5a:1a:3f: 46:90:d5:fc:3f:8e:74:b4:e7:d4:76:72:66:4f:64:e7:54:46: 71:43:bb:42:84:c6:ab:aa:25:38:1c:ad:60:ca:08:fb:2f:af: 6b:e9:0e:62:15:97:73:27:ee:39:ae:11:a2:19:fc:87:93:31: 01:c6:c2:bd:5e:38:b1:3d:e5:5a:62:7e:60:8c:17:d0:3e:6e: 32:57:eb:54:28:cc:4a:0d:97:2a:6c:f6:c3:5d:8d:fc:27:99: db:56:f3:bf:e2:b4:48:94:fb:dc:8e:3d:27:43:4b:4a:90:a7: 5c:68:44:45:9f:de:e6:ec:0b:1d:70:e4:c8:83:60:12:96:7f: ec:53:10:4f:3d:05:06:c8:b9:0f:d6:87:14:c3:ad:47:7e:54: 4f:22:a7:90:86:28:be:cb:1b:db:56:26:75:23:0a:0e:be:e0: 7a:ad:c8:af:3f:81:81:ab:65:ab:91:6f:ac:eb:f0:ed:29:05: 3a:74:6a:ac:41:f3:d3:ea:c7:b8:d2:98:d6:a4:8f:dc:f6:59: 7a:f9:d5:0f
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5e66a4c91910fb-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.96.1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneANY (Net ID: 00:04:E2:0E:BB:DF)33.336199,-111.89446440830702
2023-05-12 02:45:49Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:48'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'172.67.135.9', u'continent': u'North America', u'region_iso_code': u'IL'}172.67.135.9
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonepalnet (Category: finance) https://www.palnet.io/@loginlogin
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:07:40:61:40:4D)33.6170672,-111.90564645297056
2023-05-12 03:09:18Vulnerability - GeneralYesTool - Retire.js0040NoneCVE-2018-14040 Score: Unknown Description: Unknownhttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:03:19Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-001-0.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneASE VISITORS (Net ID: 00:03:52:A1:3D:40)33.336199,-111.89446440830702
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:59:05)50.8897, 6.0563
2023-05-12 02:54:51BGP AS MembershipNoCensys0030None39698234.74.170.74
2023-05-12 03:11:25Physical LocationNoAbstractAPI0030NoneArizona, United States+14806242505
2023-05-12 03:03:27Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00089.github.io
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:53:15IPv6 AddressNoMnemonic PassiveDNS0010None2606:50c0:8000::153battleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneGBC_Insaat (Net ID: 00:14:C1:0B:28:CC)40.2024, 29.0398
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonecelikpalas (Net ID: 00:12:17:70:0F:C1)40.2024, 29.0398
2023-05-12 02:54:13Open TCP Port BannerNoCensys0040NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5016a1cc062a51-ORD Content-Encoding: gzip 2606:4700:3030::ac43:a8fc
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.210): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneImageShack (Category: images) https://imageshack.com/user/ayhuayhu
2023-05-12 02:59:51Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemadler@alumni.caltech.edu[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&amp;hl=en-US&amp;client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu
2023-05-12 03:03:31Co-Hosted Site - Domain NameNoDNS Resolver1030None007316.xyz007316.xyz
2023-05-12 03:23:21Open TCP PortNoPulsedive0030None188.114.96.6:8080188.114.96.0/24
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:2287.248.157.102
2023-05-12 02:52:41Raw Data from RIRsNoHybrid Analysis3020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000185.199.108.153
2023-05-12 02:56:36Raw Data from RIRsNoHybrid Analysis2030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'54.196.16.164'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://hilarious-kelpie-473db1.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd"\n "www.herokucdn.com"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d00_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_d00_ConnHashTable<3328>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d00_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d00_IESQMMUTEX_0_519"\n "IsoScope_d00_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3328"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d00_IE_EarlyTabStart_0x424_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "54.196.16.164:80"\n "99.84.238.168:80"\n "99.84.238.168:443"\n "99.84.224.224:80"\n "99.84.224.90:80"\n "99.84.224.108:80"\n "99.84.224.214:80"\n "99.84.224.3:80"\n "99.84.224.217:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"TR7K5OKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TR7K5OKT.txt]- [targetUID: 00000000-00003328]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00001732]\n "~DFC7FE55AAA15340B0.TMP" has type "data"- Location: [%TEMP%\\~DFC7FE55AAA15340B0.TMP]- [targetUID: 00000000-00003328]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003328]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003328]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00001732]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00001732]\n "2C9HMCBU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2C9HMCBU.txt]- [targetUID: 00000000-00003328]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003328]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00001732]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00001732]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003328]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003328]\n "BCB67D7ECB470284AF35679F339E879F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BCB67D7ECB470284AF35679F339E879F]- [targetUID: 00000000-00001732]\n "~DF9154BC8BBA72FEBA.TMP" has type "data"- Location: [%TEMP%\\~DF9154BC8BBA72FEBA.TMP]- [targetUID: 00000000-00003328]\n "FVK5E2PX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FVK5E2PX.txt]- [targetUID: 00000000-00003328]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003328]\n "~DF4D25D5B6C6F1C182.TMP" has type "data"- Location: [%TEMP%\\~DF4D25D5B6C6F1C182.TMP]- [targetUID: 00000000-00003328]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd" seems to be random\n "www.herokucdn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hilarious-kelpie-473db1.netlify.app/"- [Source: Input]\n Pattern match: "https://hilarious-kelpie-473db1.netlify.app"- [Source: Input]\n Pattern match: "www.herokucdn.com"- [Source: PCAP]\n Pattern match: "http://unsub1.cfd/"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootg2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootca1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA11CXliCX0s5ZbPbTWItcU%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /sca1b-1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.sca1b.amazontrust.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_104.196.30.220
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneFruityWifi-003 (Net ID: 00:07:0E:65:CF:39)33.6170672,-111.90564645297056
2023-05-12 02:45:51Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:50'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3031::6815:6a6', u'continent': u'North America', u'region_iso_code': u'QC'}2606:4700:3031::6815:6a6
2023-05-12 02:44:26Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCN=*.battleb0t.xyz
2023-05-12 02:55:28Physical LocationNoURLScan.io0020NoneDEkekw.battleb0t.xyz
2023-05-12 03:03:24Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0000-bigtree.github.io
2023-05-12 02:45:34Raw DNS RecordsNoDNS Raw Records0010Nonebattleb0t.xyz. 300 IN MX 21 route2.mx.cloudflare.net. battleb0t.xyz. 300 IN MX 60 route3.mx.cloudflare.net. battleb0t.xyz. 300 IN MX 68 route1.mx.cloudflare.net.battleb0t.xyz
2023-05-12 03:17:56Malicious IP on Same SubnetYesCINS Army List0040Nonecinsscore.com [64.226.80.0/20] http://cinsscore.com/list/ci-badguys.txt64.226.80.0/20
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None2WIRE630 (Net ID: 00:02:2D:23:E0:24)37.7642, -122.3993
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneHB (Net ID: 00:01:36:35:4A:AA)34.0544, -118.244
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneashu.xyzayhu.xyz
2023-05-12 03:00:56Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.89): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWEST4541 (Net ID: 00:12:0E:7E:7A:31)32.8608, -79.9746
2023-05-12 02:51:49Raw Data from RIRsNoHybrid Analysis2020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://click9.bigmarker.com/links/BY79pHvYX2Z/QPJiO7I68/tMwYeVPDKIXG/IN5CQt3PP-?bu=7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff5125d2b050eecdfd56122f5766da81f9380883c6330281152549d890a090250ca7457e3d6af512de37a44ef72cc832a7cff15e41cb02af8a17863d1d3fd8b23804d4f2277ba16828665e73cb7759a78343309ede93ee8fcceaf565cf60789ea78d923ffa76fe3d', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:2872:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:2872:120:WilError_01"\n "SM0:2872:120:WilError_01"\n "SM0:2872:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.231.70.218:443"\n "138.91.254.96:443"\n "3.235.65.215:443"\n "13.227.21.122:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "151.101.0.176:443"\n "142.251.2.156:443"\n "151.101.2.137:443"\n "162.247.241.14:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "click9.bigmarker.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\favicons"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\636_742791881\\shopping.js]- [targetUID: 00000000-00000636]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000636]\n "Ruleset Data" has type "da185.199.108.153
2023-05-12 03:09:27SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com188.114.97.1
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.250): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:50:23Blacklisted IP AddressYesHoneypot Checker0120NoneHoneypotproject (104.21.6.166): Search Engine Last Activity: 0 days ago Threat Level: 29104.21.6.166
2023-05-12 02:53:56Open TCP PortNoCensys0020None2606:50c0:8001::153:802606:50c0:8001::153
2023-05-12 02:57:25Internet NameNoCertificate Transparency0010Nonefunny.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0030Nonehttps://funny.battleb0t.xyz/images/master058_1.PNGhttps://funny.battleb0t.xyz/
2023-05-12 02:45:50Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:49'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3031::ac43:8709', u'continent': u'North America', u'region_iso_code': u'QC'}2606:4700:3031::ac43:8709
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.145): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5b59d17bc80231-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.97.1
2023-05-12 02:44:38SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96: 1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75: 40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9: 3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08: 7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1: 5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a: f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29: e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c: 63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5: 7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4: dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63: 1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec: a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2: cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50: 67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41: 68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e: 5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d: f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66: 06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e: 93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9: 3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55: 62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89: c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22: 42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12: 36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90: 99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc: 15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47: b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10: f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40: 29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90: ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4: 1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f: 0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87: 64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e: e2:87:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:02.310 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:A0:8D:98:FA:F9:D9:C8:59:5F:87:D3: BB:68:8E:C2:BB:E7:07:F3:66:F0:BF:C4:32:F7:17:14: 85:A0:6B:D1:81:02:21:00:E1:E7:8A:92:A4:1B:C4:8C: 79:7C:C9:6A:17:B8:C7:84:C4:57:6B:7F:E9:88:F3:FA: 7F:17:65:61:BF:48:50:7D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Nov 17 10:44:02.268 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:8A:CF:A1:DE:F1:EC:82:39:97:4B:3B: E7:19:AD:34:CE:C3:F8:D5:48:1A:55:78:09:18:4D:A5: 36:34:CF:46:A1:02:20:77:AE:18:F8:2D:70:F3:32:66: 62:44:0D:F1:40:70:3E:89:21:C3:7B:CF:8C:98:9B:A8: 93:78:E1:26:FD:75:C4 Signature Algorithm: sha256WithRSAEncryption 85:47:39:10:69:02:19:cb:50:8c:08:91:e6:11:b3:5f:9d:fa: b8:b1:83:e5:ff:e8:1d:ed:c5:00:66:a8:84:ff:8c:00:23:34: e3:46:98:32:83:6e:3d:e3:58:01:45:e8:a3:86:95:02:4e:5e: 0c:2e:72:f2:22:72:8e:a0:b1:06:5d:d0:13:ed:5c:d8:a1:70: 83:1c:43:aa:b9:57:4d:3c:0c:d8:a7:d4:a3:f6:94:cb:e4:d0: 4b:e5:4b:8f:fc:90:9f:6a:f2:f7:82:9b:08:f2:f3:44:1b:86: 18:89:5e:72:af:ca:a9:09:1e:e2:c5:ae:e1:9c:e5:9c:5e:66: 8e:8b:22:8a:36:54:2a:4e:6a:d6:82:11:53:86:c5:74:e3:90: 90:6f:46:a5:ce:07:f8:45:77:70:d4:77:73:14:c3:71:96:31: 7a:30:09:e0:7b:e0:e8:34:13:61:49:d3:bf:fa:aa:2e:da:45: 5f:25:e3:22:f8:d8:94:10:30:4c:38:a3:69:e5:a9:44:0f:99: ab:4f:8a:ac:8b:23:68:e6:f5:dc:3a:a2:45:58:75:61:f0:50: 88:14:ff:16:c7:72:ba:24:24:ed:84:3a:6f:d4:e8:8e:26:df: 24:ff:a8:40:5d:67:21:98:6b:ad:ae:da:d7:ae:81:57:3d:a1: 46:7c:24:9a battleb0t.xyz
2023-05-12 03:03:39Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01-scripts.github.io
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonea-zoom (Net ID: 00:01:38:D4:87:A3)37.7813933,-122.3918002
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 500 Internal Server Error X-Powered-By: Express Content-Security-Policy: default-src 'none' X-Content-Type-Options: nosniff Content-Type: text/html; charset=utf-8 Content-Length: 1391 Date: <REDACTED> Connection: keep-alive 87.248.157.102
2023-05-12 03:31:29Affiliate - Email AddressNoE-Mail Address Extractor0050Noned3fc0n6@protonmail.com Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://porkbun.com Updated Date: 2022-09-07T10:53:59Z Creation Date: 2021-09-13T01:07:39Z Registry Expiry Date: 2024-09-13T01:07:39Z Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: 5038508351 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: CURITIBA.NS.PORKBUN.COM Name Server: FORTALEZA.NS.PORKBUN.COM Name Server: MACEIO.NS.PORKBUN.COM Name Server: SALVADOR.NS.PORKBUN.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign's ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://www.porkbun.com Updated Date: 2022-01-28 17:32:18 Created Date: 2021-09-13 01:07:39 Registrar Registration Expiration Date: 2024-09-13 01:07:39 Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: +1.5038508351 Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Registrant Name: d3f c0n6 Registrant Organization: Boat Rolling Inc Registrant Street: 10 Voie de l&#39;Excelsior Registrant City: Val-de-Reuil Registrant State/Province: Normandy Registrant Postal Code: 27100 Registrant Country: FR Registrant Phone: +33:FR.268605683 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: d3fc0n6@protonmail.com Registry Admin ID: Admin Name: d3f c0n6 Admin Organization: Boat Rolling Inc Admin Street: 10 Voie de l&#39;Excelsior Admin City: Val-de-Reuil Admin State/Province: Normandy Admin Postal Code: 27100 Admin Country: FR Admin Phone: +33:FR.268605683 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: d3fc0n6@protonmail.com Registry Tech ID: Tech Name: d3f c0n6 Tech Organization: Boat Rolling Inc Tech Street: 10 Voie de l&#39;Excelsior Tech City: Val-de-Reuil Tech State/Province: Normandy Tech Postal Code: 27100 Tech Country: FR Tech Phone: +33:FR.268605683 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: d3fc0n6@protonmail.com Name Server: curitiba.ns.porkbun.com Name Server: fortaleza.ns.porkbun.com Name Server: salvador.ns.porkbun.com Name Server: maceio.ns.porkbun.com URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net >>> Last update of WHOIS database: 2022-01-28 17:32:18 <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Porkbun!
2023-05-12 03:11:12Physical CoordinatesNoOpenStreetMap77040None33.6170672,-111.9056464529705614455 North Hayden Rd, Scottsdale, US-AZ, US, 85260
2023-05-12 02:44:17IPv6 AddressNoDNS Resolver0030None2606:50c0:8003::153www.battleb0t.xyz
2023-05-12 02:44:15Software UsedYesTool - Wappalyzer0020NoneExpressnwapi2.battleb0t.xyz
2023-05-12 02:59:44Co-Hosted Site - Domain WhoisNoWhois1020None Domain Name: GITHUBUSERCONTENT.COM Registry Domain ID: 1845671923_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-01-05T09:12:39Z Creation Date: 2014-02-06T21:17:00Z Registry Expiry Date: 2024-02-06T21:17:00Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: DNS1.P01.NSONE.NET Name Server: DNS2.P01.NSONE.NET Name Server: DNS3.P01.NSONE.NET Name Server: DNS4.P01.NSONE.NET Name Server: NS-1411.AWSDNS-48.ORG Name Server: NS-181.AWSDNS-22.COM Name Server: NS-1867.AWSDNS-41.CO.UK Name Server: NS-596.AWSDNS-10.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. githubusercontent.com
2023-05-12 02:54:13Web Content TypeNoWeb Spider0030Nonetext/csshttps://ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonemail.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Noneeminent819 (Net ID: 00:14:5C:87:8C:58)50.8897, 6.0563
2023-05-12 03:00:56Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.88): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None2WIRE681 (Net ID: 00:02:2D:68:92:B3)37.7642, -122.3993
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050Nonetripadvisor (Category: social) https://www.tripadvisor.com/Profile/AltpapierAltpapier
2023-05-12 03:24:33Malicious AffiliateYesVXVault.net0140NoneVXVault Malicious URL List [cdn-185-199-108-154.github.com] http://vxvault.net/URL_List.phpcdn-185-199-108-154.github.com
2023-05-12 02:53:56SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 29 13:55:16 2022 GMT Not After : Mar 29 13:55:15 2023 GMT Subject: CN=tiktok.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:tiktok.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3c:48:04:ac:20:99:db:ca:ca:6a:cc:70:e1:43:3e:81:e0:75: d7:27:b2:3e:bf:0a:2c:b9:85:20:f8:d1:95:d7:8e:f6:e5:e7: 34:bf:dd:34:59:cd:80:f7:bc:54:a0:98:88:5b:c3:c9:31:8c: d5:fb:f3:f4:99:19:e3:f7:7b:0e:cf:b8:fd:2e:98:1e:df:5e: bd:32:3e:95:6e:85:fd:3c:39:51:1e:b7:ca:45:bb:af:6c:d9: 7d:bb:b2:5a:16:0a:ba:b6:2c:18:38:cf:10:14:91:d1:4e:1e: 9e:4a:61:8d:0a:4f:5a:cd:71:50:15:21:8b:cd:1e:13:69:3b: 32:8b:47:84:8b:ff:c8:9a:db:3a:ad:fc:8a:2a:31:1f:ec:36: 13:1f:de:24:59:1f:25:65:d4:e8:c7:48:dd:a5:f3:44:51:45: 44:37:47:80:9f:8c:0d:17:6e:d2:9a:8a:53:98:c4:b7:c5:92: 92:58:25:fc:e6:3b:4e:df:03:44:8a:de:9f:fe:7a:58:8e:b2: 30:ab:13:3d:69:81:47:99:7f:37:6f:80:60:8a:d3:9e:ba:df: ab:68:1e:a3:61:1c:dd:77:2a:1c:ae:ee:b6:17:f1:05:72:d2: ee:bb:6e:b1:5f:2b:66:a2:ce:5c:75:86:24:dc:66:4d:87:3e: 95:cd:4d:fe battleb0t.xyz
2023-05-12 02:56:56Internet NameNoDNS Resolver0060Nonewww.ayhu.xyz<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '64193', cRay: '7c5f60726fad1912', cHash: '710742417ab72e7', cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE', t: 'MTY4Mzg2MDA2My4xMDMwMDA=', m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=', i1: 'WdeoMAtxqx1knlB7AiLouA==', i2: 'PLvf+P/FOv6sb4wuUck9Eg==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:B9:5F:B7)33.336199,-111.89446440830702
2023-05-12 03:15:36Physical LocationNoipstack0020NoneColombia188.114.97.1
2023-05-12 02:53:56BGP AS MembershipNoCensys0020None541132606:50c0:8001::153
2023-05-12 02:50:30Legal Entity IdentifierNoGLEIF0030None54930014QNWWH8OAC930GoDaddy.com, LLC
2023-05-12 02:54:12Linked URL - InternalNoWeb Spider0010Nonehttp://battleb0t.xyzbattleb0t.xyz
2023-05-12 03:24:50CountryNoCountry Name Extractor0040NoneSaint Helenascoop.sh
2023-05-12 02:54:21HTTP HeadersNoWeb Spider3030None{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"}vscode.battleb0t.xyz
2023-05-12 02:53:35Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America185.199.110.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None7717 7361 (Net ID: 00:00:C5:FC:FE:34)37.780462,-122.390564
2023-05-12 03:41:52Open TCP PortNoCensys0030None45.131.109.53:44545.131.109.53
2023-05-12 02:44:10Co-Hosted SiteNoSSL Certificate Analyzer2110Nonegithubusercontent.combattleb0t.xyz
2023-05-12 02:46:49SSL Certificate - Raw DataNoSSL Certificate Analyzer0030NoneCertificate: Data: Version: 3 (0x2) Serial Number: 02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 Validity Not Before: Dec 21 00:00:00 2022 GMT Not After : Jan 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae: cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d: b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88: 23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86: 5a:94:02:42:28 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A X509v3 Subject Key Identifier: 3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F X509v3 Subject Alternative Name: DNS:*.netlify.app, DNS:netlify.app X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Dec 21 09:03:52.902 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB: C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17: 00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58: FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86: 6C:21:15:5D:B2:9C:A1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Dec 21 09:03:52.857 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B: 44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD: 03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D: D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8: 5D:FA:B6:44:79:49:3C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B: 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17 Timestamp : Dec 21 09:03:52.852 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D: 58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23: F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9: 3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8: 4E:E8:E8:BE:9A:FD:22 Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea: 95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e: 80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02: 31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03: ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6: 8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49 104.196.30.220
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneMGOKCEN (Net ID: 00:14:C1:2B:03:F6)40.2024, 29.0398
2023-05-12 02:44:06Domain RegistrarNoWhois0010NoneGoDaddy.com, LLCayhu.xyz
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}172.67.168.252
2023-05-12 03:32:17Open TCP PortNoPulsedive0030None188.114.97.9:443188.114.97.0/24
2023-05-12 02:44:20SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 26 02:43:31 2023 GMT Not After : Jul 25 02:43:30 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 6e:46:f1:1e:e1:9f:06:66:b4:a8:76:85:82:4c:61:2f:de:37: 70:5e:a3:ab:ce:31:a5:e4:63:10:5d:02:f9:ef:bd:c4:11:85: 80:6c:fc:c5:84:b0:c5:6b:a0:c4:07:ac:78:f3:1f:48:7e:f7: 86:c2:2f:cf:18:f5:92:dd:9a:51:6a:86:ae:51:1d:75:24:9f: d6:b2:e6:73:f5:1b:4b:e1:d9:79:e3:8c:6d:d9:f5:09:8b:04: 13:69:59:dc:c2:b8:16:59:fc:4b:dd:d4:70:53:86:d9:46:1f: 4d:75:2f:f5:5d:24:f4:03:69:e5:72:06:59:2d:70:8b:88:1b: c1:6e:20:f4:5c:2c:e2:e1:c4:72:50:4a:c0:18:b3:d8:69:e9: db:ae:5d:67:ee:07:2b:bd:14:58:30:61:50:1a:c8:bf:41:ea: 16:f9:d3:c8:60:89:41:8f:2e:74:af:3d:af:75:1d:3b:a1:aa: eb:1e:d5:15:4a:21:6f:8c:e6:17:0c:be:34:82:b6:75:05:7b: 8e:d6:da:74:1c:32:3b:c5:5e:fc:60:88:85:77:b4:ca:57:ff: 3c:36:de:a9:4f:dc:93:d8:f4:d4:75:d4:5f:6c:78:5c:f7:cb: 36:fe:04:b5:16:3b:bd:9f:a9:99:de:01:fa:7f:2c:28:60:7e: 4a:61:2b:70 battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-4030 (Net ID: F8:1D:0F:69:40:38)37.751, -97.822
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.89): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonewirelessnet (Net ID: 00:04:5A:F9:8F:10)33.336199,-111.89446440830702
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None12M-5G20E240 (Net ID: 00:01:9F:20:E2:44)34.0544, -118.244
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonecf-ray: 7c5f60688e300ce1-EWR{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:21 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:21 GMT", "cf-ray": "7c5f60688e300ce1-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneBVITestNetz (Net ID: 00:01:E3:47:0D:EB)50.1188, 8.6843
2023-05-12 03:33:39Raw File Meta DataNoBinary String Extractor0040NoneIDATx VC6.NV cN u:v O3dufp YEexY?w a:Y7" O5dgc vR K nkRZD 227sO5d ffFsk 4kFQZW /\\J J 4 N AaoCX 9$BfJ cod:5j M:IBU VBjeb d<nDA `CK2nF Zl`Q` D':XB6 _dmVA zLrzr `G\.A 1!lF:N ?vRerLz 'ac:YB IDATt ac:gf >B6qj8 "IURI jBWK5 /U--3ul. -$ul/Hu2 p?6' tcW>N`G vyL K /T_t?V IDAT4 Mvaea d WmN l@OS9Z 8?$m9U .9`-i o-.Hw bazHbqf 0glrO pyaI?o .Namj e@!Pu WZy4d 4vU.N< O9A1m V`V5KE J:'`W LEKC rf3GKrO W'xwu vlj8>E XV0s_X >'GA: "V_VZI >l@ K ffff.3 ` Y3u 1spu. 1fiWVr X"d \/hu !k@k\ D7qvq tS'CV jLp2.3 E-Wh@k fSwtn Wq!AK \Bwaf Xia>J IDAT9fma 'F11: /Oamr uTl6`M \ X' gGaq9 5muiN\ bkMrSz YMzjm . TB4 .fmbVvJ l2LSu kOrv/! RxB J IDAT/I !KEkC uvl5qY -U9!B dFvdb spyoi USxLf1https://pics.battleb0t.xyz/images/nwp.PNG
2023-05-12 03:33:43Raw File Meta DataNoBinary String Extractor0040None"Exif sgssso <Qwm7 >6x.O x>t7? g$sy? .b97< /Ggy! l/5-o ggs43Z x.o.n> NNEsz gmuss Mswy5 dIys6 >t6w6 03Ryr\G a>0xM g_on8 9!6sBsmms ?r:\t L5M3O nq_JxO `uns?g F1_?J $vw3C ?.O:H Gq$rMmo 0y7?i <?qgg WYeyq$ !um_KM ykmsrzz ?2Cm7 3>O0? irIyo t.Iof?y R\y2I tnt"3 !t5K?/ hfIoq' bI>sy w?f?f? <Aq"Cio /uMbO > Ige >km7M 1$vw0 y.n/" /uM>9 njKym v:Ky$ ryw2Com s<U?o v?R.> hGydd soyg' :7Ieq 5zO-$ 2pMsw wGo$w?<w :xssms jVw:o .?ygs nn9?m oO_n: nFumS W7ofc U95 5 Gs\-?o ry>f< gae$w ?2kmO sIyf/! t8y<? \Cwy1 _Bx_K oeqq$ g5b9c /2?.o/ hcg>o kkkn? /`0E' xn/<a uwosm .<7qq zdWqk $1\Mm rzW?' tx<Iogss ldU9? K?.?/ r\isI ?6gAs $Kxn< nnnOS qyooo Hc<M? Ej\Ioy' x'8_ahttps://pics.battleb0t.xyz/images/random_3.jpg
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneChina00ffcc.cn
2023-05-12 03:21:07Malicious IP on Same SubnetYesEmerging Threats0040Noneemergingthreats.net [46.101.128.0/17] https://rules.emergingthreats.net/blockrules/compromised-ips.txt46.101.128.0/17
2023-05-12 02:44:06Domain WhoisNoWhois15010NoneDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com) battleb0t.xyz
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Nonemalsup.github.io185.199.109.153
2023-05-12 02:54:41Raw Data from RIRsNoCensys0030None{"last_updated_at": "2023-05-12T01:05:57.807Z", "ip": "104.196.30.220", "location_updated_at": "2023-05-02T18:59:17.407146Z", "autonomous_system_updated_at": "2023-05-02T18:59:17.407518Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.8929, "longitude": -80.0458}, "postal_code": "29418", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"serchservice.com": {"record_type": "A", "resolved_at": "2023-04-03T15:50:30.214978872Z"}, "www.wash.aczgroup.eu": {"record_type": "CNAME", "resolved_at": "2022-12-24T14:36:37.278010953Z"}, "kx-uat.roslin.app": {"record_type": "CNAME", "resolved_at": "2023-02-15T12:07:03.906401331Z"}, "tonysports.panel.pretii.lat": {"record_type": "CNAME", "resolved_at": "2023-01-09T15:20:03.375902235Z"}, "www.thestyladavinci.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T22:32:02.762915401Z"}, "mrivera.dev": {"record_type": "A", "resolved_at": "2023-02-28T15:51:09.820120890Z"}, "www.nickreid.com": {"record_type": "CNAME", "resolved_at": "2023-02-04T13:47:12.869307138Z"}, "www.lamina.glass": {"record_type": "CNAME", "resolved_at": "2023-03-08T16:12:21.973068103Z"}, "www.kks110.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T14:04:31.895403615Z"}, "jayceecard.com": {"record_type": "A", "resolved_at": "2023-04-14T19:00:35.829641836Z"}, "whitmansolutions.com": {"record_type": "A", "resolved_at": "2023-04-27T07:30:19.997063406Z"}, "www.watthub.ca": {"record_type": "A", "resolved_at": "2023-03-06T12:43:12.904404257Z"}, "sg-web.karibu.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T15:01:24.181601886Z"}, "pedantic-shockley-9911be.netlify.com": {"record_type": "A", "resolved_at": "2023-03-20T22:11:55.426310736Z"}, "tong315.com": {"record_type": "A", "resolved_at": "2023-01-12T13:58:08.172576533Z"}, "johnmulliganportfolio.com": {"record_type": "A", "resolved_at": "2022-11-11T13:23:19.387716434Z"}, "www.stellardeveloper.in": {"record_type": "CNAME", "resolved_at": "2023-02-16T16:36:42.499736344Z"}, "bloomerly.app": {"record_type": "A", "resolved_at": "2022-12-25T12:05:25.788489726Z"}, "francotorres.dev": {"record_type": "A", "resolved_at": "2023-01-14T14:40:08.721824931Z"}, "www.coreygo.com": {"record_type": "CNAME", "resolved_at": "2023-02-06T10:58:57.722319814Z"}, "www.antofredric.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T16:40:40.245190254Z"}, "huynhmy.com": {"record_type": "A", "resolved_at": "2022-10-18T04:53:14.149659491Z"}, "www.trachtenverein-mainburg.de": {"record_type": "CNAME", "resolved_at": "2023-02-11T10:49:31.548109948Z"}, "apefootball.io": {"record_type": "A", "resolved_at": "2022-12-03T15:07:17.123487364Z"}, "deltafox.online": {"record_type": "A", "resolved_at": "2023-03-14T03:21:49.003492443Z"}, "gogogoyou.netlify.app": {"record_type": "A", "resolved_at": "2023-02-05T12:05:19.280143581Z"}, "delivermegoodies.com": {"record_type": "A", "resolved_at": "2023-03-26T15:00:31.047791856Z"}, "stucco.mx": {"record_type": "A", "resolved_at": "2023-01-22T15:23:26.371682923Z"}, "www.codingwithvikram.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T17:38:28.994673827Z"}, "frikicine.com": {"record_type": "A", "resolved_at": "2023-04-05T14:42:25.627990678Z"}, "wisdomwords.in": {"record_type": "A", "resolved_at": "2023-04-27T18:51:48.245769853Z"}, "www.piotrkazmierczak.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T16:47:55.717225282Z"}, "www.joshfinnie.com": {"record_type": "CNAME", "resolved_at": "2022-10-01T13:18:40.718964312Z"}, "glyphish.com": {"record_type": "A", "resolved_at": "2022-12-09T13:22:50.649811134Z"}, "earlytrade-app-staging.netlify.com": {"record_type": "A", "resolved_at": "2023-01-19T13:29:33.856736752Z"}, "beta.audendo.com": {"record_type": "CNAME", "resolved_at": "2023-03-26T19:41:04.004238284Z"}, "fuegos.ar": {"record_type": "A", "resolved_at": "2023-01-30T12:07:11.183950039Z"}, "www.ianmackenzie.dev": {"record_type": "CNAME", "resolved_at": "2023-04-10T17:28:23.534587630Z"}, "andyotter.com": {"record_type": "A", "resolved_at": "2023-04-15T13:42:19.149978491Z"}, "www.jazbogross.com": {"record_type": "CNAME", "resolved_at": "2023-01-29T13:39:11.151551213Z"}, "rumblewood.com": {"record_type": "A", "resolved_at": "2022-10-17T15:51:32.655397110Z"}, "alimonapour.me": {"record_type": "A", "resolved_at": "2022-10-17T18:09:13.464783579Z"}, "mashga.me": {"record_type": "A", "resolved_at": "2023-03-10T00:45:44.484928885Z"}, "okylocky.com": {"record_type": "A", "resolved_at": "2023-04-18T13:08:21.338492626Z"}, "acase.cc": {"record_type": "A", "resolved_at": "2023-04-11T13:04:31.164199944Z"}, "rafagarces.com": {"record_type": "A", "resolved_at": "2023-04-18T15:21:49.838203990Z"}, "www.joseemariane.com": {"record_type": "CNAME", "resolved_at": "2022-10-06T13:35:27.344852169Z"}, "suspicious-northcutt-ea8cde.netlify.app": {"record_type": "A", "resolved_at": "2023-01-29T12:06:14.806823826Z"}, "clearkit.netlify.app": {"record_type": "A", "resolved_at": "2022-12-17T12:05:48.247336458Z"}, "www.spartanthrift.com": {"record_type": "CNAME", "resolved_at": "2023-01-21T14:08:45.073081401Z"}, "standupexcusegenerator.com": {"record_type": "A", "resolved_at": "2023-04-25T16:15:30.932304918Z"}, "allianz-osn.demo.hubtype.com": {"record_type": "CNAME", "resolved_at": "2023-03-06T14:19:47.550585954Z"}, "tech.joshnotes.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:39:08.160206214Z"}, "relooki.ma": {"record_type": "A", "resolved_at": "2023-01-09T15:22:11.025369046Z"}, "k1patel.com": {"record_type": "A", "resolved_at": "2022-10-06T13:35:56.488860522Z"}, "cesarvarela.com": {"record_type": "A", "resolved_at": "2023-01-23T13:07:01.795663799Z"}, "thunderous-pegasus-22c0db.netlify.app": {"record_type": "A", "resolved_at": "2023-02-03T12:05:48.649555661Z"}, "saranshvaid.com": {"record_type": "A", "resolved_at": "2022-10-17T16:20:11.681803937Z"}, "cani.hceris.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T23:04:57.283193315Z"}, "www.diverselab.info": {"record_type": "CNAME", "resolved_at": "2023-05-08T18:12:06.613215851Z"}, "wanda-blog.netlify.app": {"record_type": "A", "resolved_at": "2023-03-20T18:06:26.124263705Z"}, "justfreecode.com": {"record_type": "A", "resolved_at": "2023-03-29T06:06:29.982491579Z"}, "www.fest.i.ng": {"record_type": "CNAME", "resolved_at": "2023-04-13T19:40:09.807661140Z"}, "www.airbear.ai": {"record_type": "CNAME", "resolved_at": "2022-10-17T16:31:17.366816569Z"}, "nft-master.io": {"record_type": "A", "resolved_at": "2023-03-22T15:36:21.474841579Z"}, "www.kkeisuke.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T17:52:54.022773401Z"}, "www.irinasucoverschi.com": {"record_type": "A", "resolved_at": "2023-02-11T13:36:16.416115769Z"}, "match.catacomb.cloud": {"record_type": "CNAME", "resolved_at": "2023-04-03T13:01:33.557249725Z"}, "allmightyclub.com": {"record_type": "A", "resolved_at": "2023-04-14T13:25:00.206855801Z"}, "fancy-taiyaki-def320.netlify.app": {"record_type": "A", "resolved_at": "2023-03-20T18:09:41.008114725Z"}, "pelemijo.tukuyok.net": {"record_type": "CNAME", "resolved_at": "2023-04-15T19:59:43.965739973Z"}, "sandrarubinstein.com.au": {"record_type": "A", "resolved_at": "2023-03-29T20:53:34.264063598Z"}, "mint-nyolings.io": {"record_type": "A", "resolved_at": "2022-10-17T17:56:07.078920687Z"}, "workshop.thecustomeristhehero.com": {"record_type": "CNAME", "resolved_at": "2023-02-08T15:49:56.171673454Z"}, "sustainableearthworks.au": {"record_type": "A", "resolved_at": "2023-03-11T12:16:53.147174398Z"}, "charliescollectibleshow.com": {"record_type": "A", "resolved_at": "2023-03-23T14:52:04.137501408Z"}, "ghost.joeczubiak.com": {"record_type": "A", "resolved_at": "2023-03-23T15:38:46.631800177Z"}, "www.abraham-designs.com": {"record_type": "CNAME", "resolved_at": "2023-04-02T13:19:50.321816323Z"}, "ethanpieniazek.com": {"record_type": "A", "resolved_at": "2022-12-24T13:17:39.518830299Z"}, "topwalkingtoursportugal.com": {"record_type": "A", "resolved_at": "2023-03-28T16:24:18.145873463Z"}, "pavanaditya.com": {"record_type": "A", "resolved_at": "2022-10-17T15:44:46.924686856Z"}, "hotel-silverstar.com": {"record_type": "A", "resolved_at": "2022-12-07T13:42:01.027274847Z"}, "alfonzoweb.tech": {"record_type": "A", "resolved_at": "2022-10-17T16:48:17.755742508Z"}, "felkeszito.com": {"record_type": "A", "resolved_at": "2023-02-19T14:00:29.453539558Z"}, "www.hotflashheatwave.com": {"record_type": "CNAME", "resolved_at": "2023-04-07T00:45:16.120624048Z"}, "circleci-deploy.tutorials.symops.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T20:11:00.799705049Z"}, "mint.wagmiunited.com": {"record_type": "A", "resolved_at": "2022-12-31T14:35:50.440390656Z"}, "ivc-app-staging.mindsetmedical.com": {"record_type": "CNAME", "resolved_at": "2023-04-27T15:51:19.056715744Z"}, "46681.info": {"record_type": "A", "resolved_at": "2023-01-05T15:08:14.969970747Z"}, "stephenkennicutt.com": {"record_type": "A", "resolved_at": "2022-10-17T16:37:17.676643859Z"}, "anime.guilherr.me": {"record_type": "CNAME", "resolved_at": "2022-11-20T15:22:11.384286829Z"}, "clustertool.lionz.biz": {"record_type": "CNAME", "resolved_at": "2022-11-02T12:20:02.594560408Z"}, "vajm.me": {"record_type": "A", "resolved_at": "2023-01-12T14:51:55.272145425Z"}, "www.iannoble.co.uk": {"record_type": "CNAME", "resolved_at": "2022-12-05T17:12:09.872956366Z"}, "boosters.elaniin.dev": {"record_type": "CNAME", "resolved_at": "2022-10-17T18:26:52.217262563Z"}, "www.starkdex.io": {"record_type": "CNAME", "resolved_at": "2023-04-14T22:10:45.403164762Z"}, "julietrubin.com": {"record_type": "A", "resolved_at": "2023-01-21T13:32:04.561723552Z"}, "icons.bbsitting.fr": {"record_type": "CNAME", "resolved_at": "2023-05-08T17:44:09.556998287Z"}, "www.trace.events": {"record_type": "CNAME", "resolved_at": "2023-04-27T18:19:39.404025377Z"}, "vitalpal.ca": {"record_type": "A", "resolved_at": "2023-03-20T17:13:36.160426979Z"}}, "names": ["frikicine.com", "kx-uat.roslin.app", "www.lamina.glass", "stucco.mx", "pelemijo.tukuyok.net", "ghost.joeczubiak.com", "wanda-blog.netlify.app", "alimonapour.me", "allmightyclub.com", "mint-nyolings.io", "francotorres.de104.196.30.220
2023-05-12 02:45:21Physical LocationNoipapi.co0040NoneAshburn, Virginia, VA, United States, US2600:1f18:2489:8201::c8
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonehhcpatp (Net ID: 00:06:25:3B:8E:16)33.336199,-111.89446440830702
2023-05-12 03:01:30Raw Data from RIRsNoTool - WhatWeb1020None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nuke.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'Title': {u'string': [u'nuke.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'172.64.80.1']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}]nuke.battleb0t.xyz
2023-05-12 02:56:58Internet NameNoDNS Resolver0030Nonewww.ayhu.xyz[{"url": "https://www.ayhu.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://www.ayhu.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 02:44:24Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:52:05 2023 GMT Not After : Jun 11 12:52:04 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28: 87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68: c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0: d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d: 57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc: c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42: 4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af: b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24: 39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d: be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93: a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b: ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50: 55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16: 09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d: d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71: 65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67: 46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af: 98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42: ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3: f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e: 45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05: 52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12: 73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63: ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc: 21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d: 64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14: be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c: e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd: 2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1: da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2: 87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39: e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae: 96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b: 5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35: 1b:42:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 13 13:52:05.336 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:57:F9:C2:75:97:36:8B:12:D4:C1:E7:CA: 50:E7:70:49:3E:19:7B:CF:6E:2E:B2:32:0A:7B:AB:5D: 31:9F:A6:29:02:21:00:A5:FD:E1:03:A8:C4:49:20:AF: 46:1D:1E:50:E3:8E:07:43:7A:DC:16:22:84:DD:F5:8B: 28:06:E9:91:CB:AE:41 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 13 13:52:05.327 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:EA:4C:FF:35:E1:97:F0:36:1E:40:22: 0D:44:8D:BA:C6:F1:8F:73:35:1F:B7:67:97:EA:2B:1B: FC:27:7F:33:02:21:00:81:59:F8:29:60:75:D8:8F:00: 60:06:8E:9A:65:C6:5E:93:57:7E:5C:BF:B5:78:29:4F: 6F:C1:3B:97:29:1D:C7 Signature Algorithm: sha256WithRSAEncryption 24:d6:1b:d8:e4:8b:66:d1:df:e9:e2:97:93:78:a9:26:b8:6c: f8:3c:98:90:50:e1:55:d7:91:ae:77:21:2c:40:df:85:16:56: 67:98:1c:b9:14:ca:43:24:bf:39:32:06:c7:fe:42:03:fa:45: 3b:3f:39:c5:26:88:13:e9:3d:1d:bc:bd:a1:0a:08:74:1a:3b: e6:07:80:5b:f5:9a:21:ed:4a:45:40:ac:8a:6d:c1:de:40:12: 47:d5:33:88:6e:06:c5:32:a1:76:01:b1:50:fb:53:29:92:fa: e1:03:af:88:12:00:9a:38:a5:9d:32:3e:46:8b:7c:f6:27:29: ec:fa:85:68:fa:91:a6:95:c5:d7:a0:da:33:eb:03:cf:9c:a6: c0:5c:0d:e8:d8:f8:03:5d:fb:9f:61:df:e1:a0:63:74:01:18: 4c:0d:17:f3:db:74:32:3c:fc:3b:44:24:e7:10:2b:f7:69:d2: 89:35:6f:e7:d7:11:5a:13:0a:a9:83:9e:0f:c2:f2:ea:d8:50: 30:65:9c:16:49:f6:30:d8:a2:e3:83:ff:5d:ff:00:a2:ff:57: de:68:f4:70:90:a3:db:c8:9c:55:ce:ea:f6:4c:08:6a:01:70: 91:f9:f8:91:9d:f2:99:1f:be:06:10:87:53:07:83:04:df:62: 62:3f:1f:52
2023-05-12 03:24:50CountryNoCountry Name Extractor0030NoneNetherlandsAmsterdam, North Holland, 1012, Netherlands, Europe
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneMontenegroamcodev.me
2023-05-12 02:44:19SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 25 01:39:25 2023 GMT Not After : May 26 01:39:24 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 25 02:39:25.268 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:87:F6:3C:B2:E0:C2:7B:F4:59:32:49: FF:84:EE:E1:AC:5D:A1:7E:84:DE:B8:AC:92:3B:97:98: 6D:C7:11:07:D0:02:21:00:8E:A1:79:1C:1F:BD:8E:15: DE:AB:97:FE:40:E1:D9:C2:1C:3E:55:3D:39:DF:88:B8: 3E:30:32:EA:CF:51:A0:F3 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Feb 25 02:39:25.238 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C0:CA:4A:3A:01:79:C5:F7:4D:18:6C: 70:E8:74:A4:FC:31:5E:46:FF:DB:BC:55:79:1C:6B:D3: 2A:77:33:92:7D:02:21:00:B3:6C:B3:CD:94:6E:40:07: 54:43:CE:33:E0:3F:C2:49:48:DC:19:23:44:E4:9D:8B: 7E:E1:7F:46:CE:18:EF:B6 Signature Algorithm: sha256WithRSAEncryption b2:e3:a8:2c:e5:ba:7b:3e:8e:fb:de:05:c9:db:df:10:e1:3a: 4a:d4:c8:e9:16:76:31:31:b8:1d:87:e3:42:15:5c:d9:01:d1: e3:21:14:96:0d:03:d6:ab:2a:bb:6e:da:97:10:fe:b1:03:48: ab:7e:6d:7b:96:6d:e0:3a:5a:e9:94:2e:83:ae:3f:a8:a5:8c: 25:3a:a9:c5:1d:63:8a:0d:55:4d:54:c8:3a:17:d4:72:72:76: 78:9d:29:2a:3b:de:f5:0a:4c:d8:44:82:1f:1a:29:cc:5c:2c: bf:7e:db:71:7c:50:e3:91:fe:95:3f:d3:87:5f:30:37:48:ec: 63:b6:a1:ac:33:ac:63:05:b2:8f:6d:ee:9e:2e:ac:50:59:e9: 41:46:d2:71:65:05:17:42:d9:3e:21:9d:d7:90:39:a6:8f:2d: e8:4a:d4:ff:6d:9e:32:c6:82:05:8f:a4:b5:74:b4:70:df:28: 4b:50:c8:1b:36:1a:ae:cf:7b:ab:92:23:e6:77:97:f2:47:a4: b0:52:f2:9d:cf:be:68:a2:8a:f2:2f:f0:66:0b:d3:34:2a:c7: 8a:35:c4:1c:33:2d:e5:90:de:56:a7:97:86:7c:97:c9:45:8f: 99:61:22:00:3d:aa:b2:87:0d:35:bb:4c:f3:f8:1c:f8:99:c1: e8:d1:30:c6 battleb0t.xyz
2023-05-12 02:45:54Physical LocationNoAbstractAPI1040NoneAshburn, Virginia, 20149, United States, North America2600:1f18:2489:8200::c8
2023-05-12 02:47:56Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/form.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ie.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ajax.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/fx_methods.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/deferred.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/zepto.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/data.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/gesture.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/selector.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ios3.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://zeptojs.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:120:WilError_01"\n "SM0:6976:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "138.91.254.96:443"\n "185.199.110.153:443"\n "104.21.16.28:443"\n "192.30.255.116:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.github.com"\n "ghbtns.com"\n "zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<figure class="highlight"><pre><code class="language-js" data-lang="js"><span class="c1">// autolink everything that looks like a Twitter username</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")\n Found string "<span class="s1">\'$1@&lt;a href="http://twitter.com/$2"&gt;$2&lt;/a&gt;\'</span><span class="p">)</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpzeptojs.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\shopping.js]- [targetUID: 00000000-00004044]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00004072]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4044_1336506228\\edge_driver.js]- [targetUID: 00000000-00004044]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_driver.js]- [targetUID: 00000000-00004044]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004072]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004044]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\auto_open_controller.js]- [targetUID: 00000000-00004044]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004044]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00004044]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004044]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004044]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004044]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\product_page.js]- [targetUID: 00000000-00004044]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004044]\n "load_statistics.db" has type "SQLite 3.x database185.199.110.153
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneReddit (Category: social) https://www.reddit.com/user/ayhuayhu
2023-05-12 02:54:22Linked URL - ExternalNoWeb Spider0040Nonehttps://qolhub.cloudflareaccess.com/cdn-cgi/access/verify-code/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=/&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUghttps://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c55c7e88fa82340-ORD Content-Encoding: gzip 104.21.6.166
2023-05-12 02:54:10Netblock IPv6 MembershipNoCensys0020None2606:4700:3031::/482606:4700:3031::6815:6a6
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.136): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:38Affiliate - Internet NameNoDNS Resolver0040None106.48.229.35.bc.googleusercontent.com35.229.48.106
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneBalcioglu (Net ID: 00:1A:2A:63:1A:23)40.2024, 29.0398
2023-05-12 02:47:32Open TCP PortNoPulsedive0020None172.67.135.9:8443172.67.135.9
2023-05-12 02:44:15Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonenetlify.appfunny.battleb0t.xyz
2023-05-12 03:09:10Affiliate - IP AddressNoDNS Look-aside1030None46.101.229.6846.101.229.70
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneAMX (Net ID: 00:02:E3:40:F7:BD)33.617190550339146,-111.90827887019054
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5a3af72b618723-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.135.9
2023-05-12 03:34:24Affiliate - IP AddressNoDNS Look-aside0030None45.131.109.5045.131.109.53
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.8): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:11Co-Hosted SiteNoSSL Certificate Analyzer4110Nonegithub.combattleb0t.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneSpeedStream (Net ID: 00:01:24:F0:82:16)37.7813933,-122.3918002
2023-05-12 03:03:43Internet NameNoDNS Resolver0030Nonewww.ayhu.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://www.ayhu.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://www.ayhu.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.6.166']}}}, {}]
2023-05-12 02:45:17SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:9d:c5:27:de:ee:41:17:4e:89:34:e6:9d:87:79:d7:50:31 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:19:20 2022 GMT Not After : Mar 27 01:19:19 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 27 02:19:21.033 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:84:8B:29:D3:64:84:A1:88:50:9E:D3: 9D:A2:EF:43:30:D4:86:D3:E7:90:33:F8:14:58:7B:CF: 3D:0B:35:99:AF:02:21:00:F5:19:F9:97:83:47:D5:29: CD:26:D1:57:6A:23:AA:62:7D:CE:2C:FB:A1:20:B8:FD: 9C:0C:85:75:32:C7:61:39 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 27 02:19:21.513 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:2A:8C:77:97:5A:9C:CA:1E:7D:0B:BB:90: 03:7D:66:BB:14:11:F7:DD:60:15:1B:74:54:65:58:17: 74:A3:82:F5:02:20:39:E0:01:B6:95:4D:B6:CD:8E:C1: 7B:5C:40:66:7A:40:6C:AF:84:AE:EB:32:D3:B7:97:42: AD:31:F6:EA:DE:DF Signature Algorithm: sha256WithRSAEncryption 28:6a:7b:fe:38:78:7b:21:c1:3b:3c:3f:d1:b4:61:2f:4e:f1: da:92:46:31:44:1e:96:07:8b:dc:eb:28:ff:3b:d6:1e:71:c7: 04:81:de:c1:70:36:5f:a2:02:f0:0b:40:36:a9:26:40:5d:c9: c5:74:71:85:41:ef:c7:6e:ec:6a:1e:90:c8:99:9e:b1:d7:35: 41:13:e3:8a:bb:a5:ed:b5:98:88:d3:24:fa:09:85:ca:86:91: 19:75:26:77:c5:e4:a7:a0:79:97:6e:2c:61:98:30:e5:11:ef: 4f:4f:76:31:95:ae:e6:0d:81:77:d6:68:98:ce:73:96:15:48: 9d:14:5f:98:61:fa:ea:76:c3:0c:1b:37:61:99:3c:2f:f6:e9: 73:46:98:a8:d6:36:63:fb:2a:24:e5:21:23:a5:d5:ad:34:e6: c6:77:ad:af:49:43:09:52:9e:99:db:64:76:6f:f4:5e:ef:74: 7d:dc:e5:8a:5b:9f:ad:b1:5b:08:f3:ee:23:71:80:2c:ba:37: 2a:d1:cd:84:da:80:7c:ee:4b:32:65:01:30:f2:ea:6d:dc:e7: 31:d4:da:65:2d:de:fc:fd:7f:14:3a:b7:19:62:cd:de:44:e0: 8f:e2:7f:df:7c:67:e1:b0:69:e7:56:94:c1:5b:8c:c0:84:4a: a0:80:54:7f battleb0t.xyz
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited StatesRosemont, Illinois, 60018, United States, North America
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:57:9F:CA)33.6170672,-111.90564645297056
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATTDGsRAys (Net ID: 88:96:4E:86:44:00)37.751, -97.822
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneNETGEAR48 (Net ID: B0:39:56:06:50:02)37.751, -97.822
2023-05-12 02:45:35Internet NameNoDNSDumpster0010Noneoldfluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None000yesnt.github.io185.199.111.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:EB:D7:15)33.336199,-111.89446440830702
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneTikTok (Category: social) https://www.tiktok.com/@ayshoo?lang=enayshoo
2023-05-12 02:56:46Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://reurl.cc/4xdkky', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.82.57.202:443"\n "54.231.160.113:443"\n "35.229.48.116:443"\n "104.16.123.175:443"\n "34.196.48.118:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/63363db12399455d8f5fde07946c0dd3?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/63363db12399455d8f5fde07946c0dd3?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_f4c_IESQMMUTEX_0_519"\n "IsoScope_f4c_IESQMMUTEX_0_303"\n "IsoScope_f4c_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f4c_IE_EarlyTabStart_0xcec_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f4c_ConnHashTable<3916>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3916"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f4c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"lor.instructure.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'id35.229.48.116
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.198): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonezoom2888 (Net ID: 00:01:38:85:BD:9E)37.780462,-122.390564
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:45:9F:3A)34.0544, -118.244
2023-05-12 03:00:52Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.81): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelcgteach (Net ID: 00:0B:86:22:0F:30)33.6170672,-111.90564645297056
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:6A:57:0B)34.0544, -118.244
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneApple Network 3668a9 (Net ID: 00:02:2D:00:C6:8F)37.780462,-122.390564
2023-05-12 03:09:28SSL Certificate - Issued toNoSSL Certificate Analyzer0030NoneCN=donation.ecash-pay.com165.232.113.85
2023-05-12 03:03:18Internet Name - UnresolvedNoDNS Resolver0020Nonemail.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 18:07:07 2022 GMT Not After : Mar 13 18:07:06 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5: cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40: 8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da: 78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a: 56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00: cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85: b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4: 1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d: 86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9: c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0: 2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f: 7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28: 87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb: 3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9: ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf: fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce: a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1: d3:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 56:a7:32:cc:63:2f:7b:45:7f:05:18:5f:3e:03:67:82:e5:0e: 14:24:2d:4e:bd:24:f5:fa:90:92:69:17:7b:d1:23:b4:5f:72: 7a:af:32:e2:c8:28:7e:98:41:f2:c7:ab:41:34:02:6f:ca:a4: 77:0e:6b:df:35:1b:69:e8:30:42:43:a2:b1:d9:fd:cb:17:1e: 46:a3:67:c9:5d:ff:94:85:0e:a2:df:d3:83:d0:a3:f2:83:7b: dd:2e:d5:ae:32:94:05:46:0c:19:ca:ed:27:24:30:de:c1:83: b3:fa:a9:28:10:06:41:f9:bc:8e:ec:2c:b2:c5:50:1b:53:d4: 5f:dc:93:4c:91:47:36:3e:18:bb:60:2e:2b:c3:a2:8e:d0:41: bf:b5:f2:c1:3c:9e:23:83:f3:0a:e9:90:b8:ea:07:4c:7d:33: 7f:96:41:8c:3e:17:1d:9e:ed:d7:88:e1:f2:d6:4c:ee:67:b7: 9d:77:dd:54:17:a0:45:80:3c:14:ae:d9:2c:f9:2f:a7:d3:1a: b6:ff:c0:51:b2:15:42:38:03:d0:4b:ff:c0:3f:6d:02:65:07: 67:bb:0a:98:60:da:ab:a9:72:b1:8d:b2:e0:ad:99:f8:08:b9: 1a:39:e6:69:82:23:94:db:8e:23:77:72:cb:aa:45:70:fd:4e: 10:ce:72:06
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneFly By (Net ID: 00:02:6F:5D:6C:20)33.336199,-111.89446440830702
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneBug and issue tracking softwarebattleb0t.github.io
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5bc4bf4f0229c3-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.97.1
2023-05-12 03:33:13Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c594cb34339')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="fXRp0MT2Gq_7yIcIgnBHmz4mvl642t3xYxkCV5CopVU-1683861861-0-AevD5zHzR5Nylhg7VMHylWA-UGhfY5JI7t_DZKLajlY04sfvOKhEUvL9GVGicMZplZkcd7EKnpXCooBz_psnEdyw4NmTFN3sNXxO3b2NuDlfX3fgFqIYYwxN-_ZcrgInEcSdq4ze85lgbNjmAyI7cICej2859mTsNPJTSg3Eei4MCiIEepygARCAmXkyjazT_siRWXRbIF3Yq9cQrkKvTYHjy7kA4ARUBhj3gHLsfY6ByHmcA-4oH5F_BMaNFfn83ZbE-O4HF1luYDVMX4jN2SY5BFBmGirV5lQE7nc2ET_G_HywU7GlMXbT0JmkojLsvRDxpqP_ZBtz_vJHbi4FUOHHRaxbF6WI1ct7U2kIlltKjNHrBNnSQ1zRICZ4xPEiXCRFEqv1mvMk_vuWumbRs70YeoiNBWGJjw9SNPC0qRv0_rQzWEhzAZCr9GR45Pyn22x2UzlVIl478oJoBXIxbm7A_QBYYHzFjMNgE8pR4rE43z-LkzbfZp4Mrz4ipAVKmZJGkf2Y5B_9TlYOJXKMjDFy4LD0ELxkw1-R_QW_mLtVmznveG5c9m2IZ2zQV1cn4H8j5Bc1iY811MUNVsmFG0JD-DYsguU4LRfDkaOmbWCSaJ34wnyswYZY6vuAq7jQcIjqzclxyNRihA5I_cL6ueo4Ri5oVSncrTfIsWIYMESFPA-cZy_mtxt3SdM8IrciE1x1sYi06n9I6prGHl0s-4QNR7JVOnbdMoI28ES-j7HwNWZk4MsUxFuzUOsk5lSLsSRh-hQZxr19nktp-MvVpSzRUuSL26nuxNFkN8FTk5Ae96R-Z683yfnj1pOwmIp-ezEp2JWb8TkZZ0zoMJBnNWz-dER92U4KjRMwAWRs684SongNmPEIXYAgqclvfJ3msrReLNbVn2C0cz7wvPKboCqEwy5ipFMXgNiuhbJpqavDTbOw2pcmk4nLwQO7-0fq6lR-AioIh72_7f-dcCDyp3CvaV2lSxONdGbwSj69Uzxdx9pjqKiA7eKWgpDp1A1TT4OM1UPvdKoDNlfXS-kt53TGtcDj_tr5ZSCxVfBj5Eaq6vy-dzTe3un5fL0Jw93IdI7hmq3BtVNMvvG3ttwva1yDFbKbbzAoei-_xuiypX7ONnqllk5lT1u_-s9W-YqxnvXblOasj5xt36xai8HGELg30c69mi7dS6KFtoe8onnoqh_Jv5x6H6CEBPpBlJkQ-7Wml_gwi2q6d0tQ_ZdaaMoOXxHsxIyK5qGvyrxIKQoaob4JTcbfXfzc5V6fJoXtr9RSoGgPAroX9StxeMfnAcZJZ38lwB2R_OkZXBx7EFcRTvZsqwNSAcBE597i5gxzUV9OIg9fnTaoLIGC6pMfXSOrCdhVP4gGEX4Bccu5X10qZzo6Szn5JgpstSZeqAMVuU9TWGPYdK5uOwlHRiWmjX7UntfXmsGqJLQN_MyyArtIqHW_GuUvvub4g6fNvemcAOPIu9NS3HWmMTmUN4ACMa423i12vOJGRP7TcmceYbGSntTQh51WDUHuY7LdwoWtDpwMlk9-stOh87SR4LOrDyvW1iZRowgiTy2GmxHJlIHKCRhXnA5KaH4pnPJkKkhrPoRN6DTCQDr15qpBgZxUmF4wezI7yU8i7hxFvjA2vpTMuEjzuFK5Xab8ZS1nR5YLbQiKD3ROG0S6bl-4nxyf66OU-8Xv4FaugupxS3e-wlAwiX3hxmLNdGdmQn9eyC4_2RwUK2WWp5b7e4SAi9-pAVBzMefue3T2KHTLHF643icuFWjUauohcHM9aP5V8YQkXvauXJeiafKXSGCb142muLvzgJ9tWui0nHCx7aGYnZ5KCXJJAPsMf9OR8piOc-bOw90DQdaaAoQce9uq1wQGOtC7qhcYnC54DqDoEYzADwA9eHH9CWAG4K79Bs3Vtk5_YaWGKevDuxwe2PI4tgDIlPhm0aaMmefu_Aqbmk6Nh3efYd6tebEuF1GGAbp894vPoKIV_oMOG4605Orlbta-mL3BdBLdomEjXGBNzJc8zOt_diWLDMArzlhmqHj68HR17Jaa_r6ERT_jArQXozZtM_B3L5O8SpcafOJWm3x_EH-cSS-ttAlAlAFa0wgnswXzQF8jvtcMH7wOU4U6LjP8DMTOtT18J0nltl0j_q-DNG4lBHonjmIjyRSP8oBxk-3z89_7YNTov0awtqgzLFZw2_mSARwNl4_HaPezvCevT53qGnFReXcG3RzOMm4zSBZbENl_DwydIdBN0QqU0z3ekKIj0DHHzeDbwvLRQiV0Lv01I4DZBYzgAdCYmkN3aWrG0sAU92LemS02Ukd_enHt1XRhTQOnUlyr42CJb5OOWo8CjNFcGn16guPRfUma268s38K2-wnhjS9iCXiymmGF-AAdAizqUKdabbQOSsatJ602VLlNMiwTbinDbOME_fkBdTGzKnt5g_beyji9YWF9g5kjIdThtdFTLZ7VtxqQe64uUOYy3ZMXGyBjPj32wUf-c45ZB1IslXSI3TZ3dwmgQZ-iw9MFsb5EQblUq7mhT6th"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '13393', cRay: '7c5f8c594cb34339', cHash: '405751743fca02b', cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'eSl90ERW3ieYQBiJ/CvInfpugLrCuGqtrxfN7Hff3XV1tnjtcokhOvtXLaw36vmuW/PZRZbPFRsBG1FZ2o1L9/qlyM29SttBrPr40sLGiM5zROAIfmkLKaU7gxLqLGeRmXOxLm0iruqXtWXcZfwzLJMR0QDa6PkszA2FQ43qwQdSl1Fas7lyf05ZYuhd21mKW7cO3qwZeh7EGOKQrSA2vqJVYFosW/VZvSBGX51hzStLgJo3UlZTpeKFoRGBNXR72ajQEJiUb1nCtKKxYTlVZS5ZMnpJ22NtZ33eAOm1lxwFp0ZWMwtEtyfr7+KjIQ7sSru0tnVtRMYbJHwTDL1YqCRM5I3BrwhMSJldfYZdxbXvKROe8SujCKguS6whGqpyPhrBZ0ynuTVosC8rK1X1RTGfwKn+lPWLzhRyW3E937dmzZ7Hr4MVk+jCtkCg7+HiFEo7Z5MPv1Dw/bUNeEjjhnMO6Bk/fpz1g8p9agnrrAYImdotjjffG+sx7LYboUY2eNvy7Cmsh5FjNxiOeltcpgD/DjxarQtoa+6blRoBMw8jV7vrsKw7K7t0fZ6oSnZa', t: 'MTY4Mzg2MTg2MS4zMjkwMDA=', m: 'wei6RtcHCTh5k6jXLRR9uxE1j0nSB1DRW6i/4ZVDPwA=', i1: 'b4n+etCkfjlnsH7ziL0wjQ==', i2: 'jFCNa6uhaxi0l2WjI6PNAA==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c594cb34339'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c594cb34339'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:44:24Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.109.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:01:E3:56:FE:F7)52.3759, 4.8975
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneDisqus (Category: social) https://disqus.com/by/ayhu/ayhu
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5d3adbfbad871d-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.6.166
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Noneart_vacation5.0 (Net ID: 00:01:9F:30:06:7C)33.617190550339146,-111.90827887019054
2023-05-12 02:48:40Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 24, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://ihealthlabs.us4.list-manage.com/track/click?u=c8c5e66c560454c0a498d1a07&id=612aad4294&e=9a90f4a41f', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "bcrypt.dll" - [base:fe4e0000; Status:c0000003]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4280:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:3720:120:WilError_01"\n "Local\\SM0:3720:304:WilStaging_02"\n "Local\\SM0:3720:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:4280:304:WilStaging_02"\n "SM0:4280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4280:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.65:443"\n "23.227.60.200:443"\n "34.160.129.82:443"\n "172.66.43.55:443"\n "69.16.175.42:443"\n "52.92.249.169:443"\n "104.17.25.14:443"\n "157.240.22.25:443"\n "185.146.173.20:443"\n "142.251.214.130:443"\n "142.251.32.34:443"\n "172.64.131.28:443"\n "13.227.74.57:443"\n "34.96.102.137:443"\n "142.250.72.206:443"\n "13.227.74.106:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.qikify.com"\n "api.revy.io"\n "api.userway.org"\n "bff-api.automizely.com"\n "bundle.revy.io"\n "cdn.jsdelivr.net"\n "cdn.pagefly.io"\n "cdn.shopify.com"\n "cdn.userway.org"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "connect.facebook.net"\n "d1639lhkj5l89m.cloudfront.net"\n "dev.visualwebsiteoptimizer.com"\n "downloads.mailchimp.com"\n "dttrk.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "fonts.shopifycdn.com"\n "googleads.g.doubleclick.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta name="twitter:site" content="@ihealthlabsus">" (Indicator: "twitter")\n "<meta name="twitter:card" content="summary_large_image">" (Indicator: "twitter")\n "<meta name="twitter:title" content="iHealth COVID-19 Antigen Rapid Test">" (Indicator: "twitter")\n "<meta name="twitter:description" content="iHealth is making personal healthcare management easier for everyone! Improve your health by tracking your vitals data: blood pressure\n blood glucose\n blood oxygen &amp; pulse rate\n and more. Remote Patient Monitoring empowers providers to offer comprehensive care for patients. Increase patient satisfaction\n gain ROI.">" (Indicator: "twitter")\n "<script>window.ShopifyPaypalV4VisibilityTracking = true;</script>" (Indicator: "paypal")\n ""https:\\/\\/twitter.com\\/ihealthlabsus"," (Indicator: "twitter")\n ""https:\\/\\/www.facebook.com\\/iHealthus\\/"," (Indicator: "facebook.com")\n "<a class="social-icons__link" href="https://www.facebook.com/iHealthus/" aria-describedby="a11y-external-message"><svg aria-hidden="true" focusable="false" role="presentation" class="icon icon-facebook" viewBox="0 0 20 20"><path fill="#444" d="M18.05.811q.439 0 .744.305t.305.744v16.637q0 .439-.305.744t-.744.305h-4.732v-7.221h2.415l.342-2.854h-2.757v-1.83q0-.659.293-1t1.073-.342h1.488V3.762q-.976-.098-2.171-.098-1.634 0-2.635.964t-1 2.72V9.47H7.951v2.854h2.415v7.221H1.413q-.439 0-.744-.305t-.305-.744V1.859q0-.439.305-.744T1.413.81H18.05z"/></svg><span class="icon__fallback-text">Facebook</span>" (Indicator: "facebook.com")\n "<a class="social-icons__link" href="https://twitter.com/ihealthlabsus" aria-describedby="a11y-external-message"><svg aria-hidden="true" focusable="false" role="presentation" class="icon icon-twitter" viewBox="0 0 20 20"><path fill="#444" d="M19.551 4.208q-.815 1.202-1.956 2.038 0 .082.02.255t.02.255q0 1.589-.469 3.179t-1.426 3.036-2.272 2.567-3.158 1.793-3.963.672q-3.301 0-6.031-1.773.571.041.937.041 2.751 0 4.911-1.671-1.284-.02-2.292-.784T2.456 11.85q.346.082.754.082.55 0 1.039-.163-1.365-.285-2.262-1.365T1.09 7.918v-.041q.774.408 1.773.448-.795-.53-1.263-1.396t-.469-1.864q0-1.019.509-1.997 1.487 1.854 3.596 2.924T9.81 7.184q-.143-.509-.143-.897 0-1.63 1.161-2.781t2.832-1.151q.815 0 1.569.326t1.284.917q1.345-.265 2.506-.958-.428 1.386-1.732 2.18 1.243-.163 2.262-.611z"/></svg><span class="icon__fallback-text">Twitter</span>" (Indicator: "twitter")\n "<a class="social-icons__link" href="https://www.linkedin.com/company/ihealth-lab/about/" aria-describedby="a11y-external-message">" (Indicator: "linkedin.com")\n "www.facebook.com" (Indicator: "facebook.com")\n "www.youtube.com" (Indicator: "youtube")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004280]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_2]- [targetUID: 00000000-00004280]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45\\Ruleset Data]- [targetUID: 00000000-00004280]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4280_1753251559\\Filtering Rules]- [targetUID: 00000000-00004280]\n "0f196ca9-49bd-4f3c-a446-6670b2f350fc.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 270742"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004280]\n "0ba2ec1e-18bb-4a7d-80cb-d06eae98d168.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 2264512"- [targetUID: N/A]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004280]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "f_0004de" has type "data"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00004280]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00004280]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4280_1753251559\\Filtering Rules-AA]- [targetUID: 00000000-00004280]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "urlref_httpsihealthlabs.us4.list-manage.comtrackclicku_c8c5e66c560454c0a498d1a07_id_612aad4294_e_9a90f4a41f" has type "HTML document UTF-8 Unicode text with very long lines with CRLF CR LF line terminators"- [targetUID: N/A]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\4280_1931108865\\edge_autofill_field_data.json]- [targetUID: 00000000-00004280]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdn.pagefly.io" seems to be random\n "cdn.shopify.185.199.110.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-fastly-request-id: 4232179a2468cad7d8e788f0a4fe958396bfc091{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner2020Nonemalsup.github.io185.199.111.153
2023-05-12 02:47:42Open TCP PortNoPulsedive0030None35.229.48.116:8035.229.48.116
2023-05-12 02:44:42Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:52:05 2023 GMT Not After : Jun 11 12:52:04 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28: 87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68: c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0: d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d: 57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc: c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42: 4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af: b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24: 39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d: be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93: a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b: ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50: 55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16: 09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d: d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71: 65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67: 46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af: 98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42: ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3: f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e: 45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05: 52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12: 73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63: ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc: 21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d: 64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14: be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c: e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd: 2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1: da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2: 87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39: e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae: 96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b: 5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35: 1b:42:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 13:c5:42:8e:df:cd:70:e8:7c:0e:70:c9:5a:83:25:16:cc:62: c3:f9:d5:c4:22:3b:ce:7f:81:fd:60:05:88:21:1a:e5:70:1c: 36:22:ce:db:ed:26:19:e2:1b:04:4d:ab:65:39:6d:00:51:3b: cc:9b:3f:79:54:95:3e:31:af:d8:e6:03:1b:cc:d5:95:be:82: cd:0b:e5:96:8f:6f:35:dd:91:c9:94:47:2b:3a:45:e8:d6:90: 9a:f6:27:ba:63:ff:75:94:72:de:3e:47:3f:d3:d4:41:71:e3: 3f:56:35:21:79:53:05:d2:4b:7c:f6:49:cf:40:3d:7f:f2:f4: 3d:17:14:59:24:3e:50:d8:45:4a:75:44:e1:73:c8:35:32:f2: 12:9e:aa:4b:a4:d5:91:49:4b:5d:ba:80:98:b5:1e:6a:11:cf: b0:5f:4d:0f:57:ad:69:b3:6b:16:1c:dd:75:b2:fe:57:1f:11: ae:d7:db:50:93:3c:e1:e8:26:9c:cc:0a:18:7c:b4:5d:5b:33: d4:f5:18:f8:96:6e:cb:73:1d:80:63:f6:bb:c8:51:5e:dd:31: fe:d5:d8:6f:b8:13:03:f9:14:44:36:23:9a:a2:41:54:b4:39: df:20:21:8b:35:e6:b5:0b:7c:63:1f:77:c7:00:93:73:7a:f3: 93:fe:79:56
2023-05-12 03:24:52CountryNoCountry Name Extractor0030NoneTurkeyBursa, Bursa, 16, Turkey, TR
2023-05-12 02:45:22Physical LocationNoipapi.co0040NoneAshburn, Virginia, VA, United States, US2600:1f18:2489:8202::c8
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneSoundCloud (Category: music) https://soundcloud.com/ayshooayshoo
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonecrowdin (Category: hobby) https://crowdin.com/profile/loginlogin
2023-05-12 03:09:43Affiliate - Internet NameNoDNS Resolver0040None121.97.148.34.bc.googleusercontent.com34.148.97.121
2023-05-12 03:18:06URL (Purely Static)NoPage Information0030Nonehttp://nwapi.battleb0t.xyz<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonexfinitywifi (Net ID: 00:0D:67:37:7A:7A)39.0469, -77.4903
2023-05-12 03:09:07Affiliate - IP AddressNoDNS Look-aside1030None165.232.113.89165.232.113.85
2023-05-12 03:00:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.37): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneExtraLunchMoney (Category: XXXPORNXXX) https://extralunchmoney.com/user/loginlogin
2023-05-12 02:44:15SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:32:07 2022 GMT Not After : Mar 27 01:32:06 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 27 02:32:07.311 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:AA:9D:DE:C7:1A:03:CE:A4:C0:00:4F: 87:A8:C3:99:28:44:9B:D2:01:EB:31:A5:4D:CA:E6:87: EC:A0:EC:55:A7:02:20:46:FF:BE:46:93:AD:B8:EF:FE: 25:F8:15:56:F7:DA:CF:93:CC:B6:57:60:7E:B3:1F:4E: 3D:D7:BC:FE:3F:5C:95 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 27 02:32:07.904 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:37:07:AC:16:A5:95:2E:57:A3:0B:B3:64: CD:EA:6B:54:2E:81:8A:01:52:42:FF:1C:53:89:7A:D2: 6B:24:50:80:02:20:40:76:C6:34:39:4A:07:B1:8F:D5: 9F:21:37:77:6A:98:1B:06:80:4F:64:F6:8D:4F:C6:A8: 76:64:CB:D7:21:98 Signature Algorithm: sha256WithRSAEncryption 5a:91:30:6e:b9:53:94:e1:7e:bb:e0:98:45:df:78:b3:43:5d: de:b7:e8:48:7b:6b:85:d8:3d:1f:0c:8e:55:6a:96:e0:1e:5a: 3f:a6:43:96:72:8b:0f:19:07:ee:9c:42:c7:4a:fa:00:d6:38: 45:8a:ea:1d:27:96:1c:3b:da:42:ff:fd:72:61:04:85:27:14: 44:a3:15:9a:66:dc:fe:95:f3:8c:98:0f:18:5b:f9:85:a2:67: 99:97:5a:de:6b:1e:8a:f6:0f:26:41:36:b4:b1:3e:27:57:59: 6e:d6:c4:ee:ce:b2:6c:21:fe:aa:fe:21:90:56:0b:ea:b9:fb: 42:2f:c1:77:37:3f:05:10:f5:44:c7:f2:f2:69:75:ed:35:ad: bf:14:45:0f:8e:50:cc:75:c2:b4:48:82:8d:27:02:be:21:98: 49:ee:ec:f9:0b:27:d8:83:27:62:ad:0a:7b:66:8c:06:c8:72: 57:56:3c:6b:ac:63:49:11:4f:62:ea:70:01:53:cf:56:53:4b: 71:08:c9:75:ee:50:8f:d1:87:f6:68:91:33:35:2a:99:1f:6e: f5:48:cb:c7:f5:99:a1:3f:39:b8:fe:33:3a:31:fe:e7:7d:d5: 4e:6f:92:4f:57:86:fc:b0:8f:23:98:3e:8f:91:f6:d5:3d:5c: a6:e5:1c:71 battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneThermiCam2Production TRC (Net ID: 00:05:FE:C6:35:F0)33.336199,-111.89446440830702
2023-05-12 02:55:27Physical LocationNoURLScan.io0010NoneUSayhu.xyz
2023-05-12 02:54:18HTTP Status CodeNoWeb Spider0020None200pics.battleb0t.xyz
2023-05-12 02:54:13Web ContentNoWeb Spider0030None*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131}html,button{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji"}body{display:flex;flex-direction:column;min-height:100vh}a{transition:color .15s ease;background-color:transparent;text-decoration:none;color:#0051c3}a:hover{text-decoration:underline;color:#ee730a}.hidden{display:none}.main-content{margin:8rem auto;width:100%;max-width:60rem}.heading-favicon{margin-right:.5rem;width:2rem;height:2rem}@media (max-width: 720px){.main-content{margin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;font-size:2.5rem;font-weight:500}.h2{line-height:2.25rem;font-size:1.5rem;font-weight:500}.core-msg{line-height:2.25rem;font-size:1.5rem;font-weight:400}.body-text{line-height:1.25rem;font-size:1rem;font-weight:400}.expandable-title{line-height:1.5rem;font-weight:500}@media (max-width: 720px){.h1{line-height:1.75rem;font-size:1.5rem}.h2{line-height:1.5rem;font-size:1.25rem}.core-msg{line-height:1.5rem;font-size:1rem}}.icon-wrapper{display:inline-block;position:relative;top:.25rem;margin-right:.2rem}.heading-icon{width:1.625rem;height:1.625rem}@media (max-width: 720px){.heading-icon{width:1.25rem;height:1.25rem}}.warning-icon{display:inline-block;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADQAAAA0CAMAAADypuvZAAAAPFBMVEUAAACvDwOyDwKyDwOvEACyDgOyDwKvDwKwDgCyDgKxDgOyDgKvDgKyDwKyDgOxDgKzDgKxDgKxEASyDwMgW5ZmAAAAE3RSTlMAQN+/EJDvMB9wYJ9Qz7CAf6CAtGoj/AAAAcFJREFUSMeVltu2gyAMRLlfBDxt+f9/PTq2VXSwmod2GdhkEoIiiPmYinK1VqXt4MUFk9bVxlTyvxBdienhNoJwoYMY+57hdMzBTA4v4/gRaykT1FuLNI0/j/1g3i2IJ8s9F+owNCx+2UlWQXbexQFjjTjN1/lGALS9xIm9QIXNOoowlFKrFssYTtmvuOXpp2HtT6lUE3f11bH1IQu9qbYUBEr7yq8zCxkWuva8+rtF4RrkP6ESxFPoj7rtW30+jI4UQlZuiejEwZ4cMg65RKjjUDz6NdwWvxw6nnLESEAl230O5cldUAdy8P44hJZTYh40DOIKzFw3QOI6hPk9aDiFHJc3nMirKERgEPd7FKKgiy5DEn3+5JsrAfHNtfjVRLucTPTaCA1rxFVz6AX8yYsIUlXoMqbPWFUeXF1Cyqz7Ej1PAXNBs1B1tsKWKpsX0yFhslTetL4mL8s4j2fyslTbjbT7Va2V7GCG5ukhftijXdsoQhGmzSI4QhHGhVufz4QJ/v6Hug6dK0EK3YuM8/3Lx5h3Z0STywe55oxRejM5Qo4aAtZ8eTBuWp6dl3IXgfnnLpyzBCFctHomnSopejLhH/3AMfEMndTJAAAAAElFTkSuQmCC);background-size:cover}.text-center{text-align:center}.expandable{transition:height,border-left .2s;border-left:.125rem solid #e5e5e5;padding-left:.5rem}.expandable.expanded{border-left-color:#0051c3}.expandable-summary-btn{border:none;background:none;cursor:pointer;padding:0;color:inherit;font:inherit}.expandable-details{display:none;padding:.5rem 0}.expanded>.expandable-details{display:block}.caret-icon{display:inline-block;transition:transform .2s;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgBAMAAACBVGfHAAAAElBMVEUAAAAwMDAxMTEyMjIwMDAxMTF+89HTAAAABXRSTlMAgF9/MMasjJIAAABTSURBVCjPzcq7DcAwDANR5TOAm/Rp0meErBAD3n8VW8DBt4JZUALxYp18vmfWUR2ed9TW7iB7K3muOsGfDRFAABKABCABSAASgAQgAUgAkhKLpwMJmwrD+BDiYwAAAABJRU5ErkJggg==);background-size:contain;width:1rem;height:1rem}.caret-icon-wrapper{position:relative;top:.1rem;margin-left:.2rem}.expanded .caret-icon{transform:rotate(180deg)}.big-button{transition-duration:.2s;transition-property:background-color,border-color,color;transition-timing-function:ease;border:.063rem solid #0051c3;border-radius:.313rem;padding:.375rem 1rem;line-height:1.313rem;font-size:.875rem}.big-button:hover{cursor:pointer}.captcha-prompt:not(.hidden){display:flex}@media (max-width: 720px){.captcha-prompt:not(.hidden){flex-wrap:wrap;justify-content:center}}.pow-button{margin:2rem 0;background-color:#0051c3;color:#fff}.pow-button:hover{border-color:#003681;background-color:#003681;color:#fff}.footer{margin:0 auto;width:100%;max-width:60rem;line-height:1.125rem;font-size:.75rem}.footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.ip-address{margin-left:2.25rem}.clearfix:after{display:table;clear:both;content:""}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (max-width: 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:initial;clear:none;text-align:center;content:none}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative;width:1.875rem;height:1.875rem}.lds-ring div{box-sizing:border-box;display:block;position:absolute;border:.3rem solid #595959;border-radius:50%;border-color:#595959 transparent transparent;width:1.875rem;height:1.875rem;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite}.lds-ring div:nth-child(1){animation-delay:-.45s}.lds-ring div:nth-child(2){animation-delay:-.3s}.lds-ring div:nth-child(3){animation-delay:-.15s}@keyframes lds-ring{0%{transform:rotate(0)}to{transform:rotate(360deg)}}@media screen and (-ms-high-contrast: active),screen and (-ms-high-contrast: none){body,.main-wrapper{display:block}}body.no-js .loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}@media (prefers-color-scheme: dark){body{background-color:#222;color:#d9d9d9}a{color:#fff}a:hover{text-decoration:underline;color:#ee730a}.lds-ring div{border-color:#999 transparent transparent}.font-red{color:#fc574a}.big-button,.pow-button{background-color:#4693ff;color:#1d1d1d}.expandable.expanded{border-left-color:#4693ff}}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{text-decoration:underline;color:#ee730a}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark .expandable.expanded{border-left-color:#4693ff}body.light{background-color:transparent;color:#313131}body.light a{color:#0051c3}body.light a:hover{text-decoration:underline;color:#ee730a}body.light .lds-ring div{border-color:#595959 transparent transparent}body.light .font-red{color:#fc574a}body.light .big-button,body.light .pow-button{border-color:#003681;background-color:#003681;color:#fff}body.light .expandable.expanded{border-left-color:#0051c3}https://ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 03:27:54Open TCP PortNoPulsedive0030None188.114.96.138:80188.114.96.0/24
2023-05-12 02:45:34DNS TXT RecordNoDNS Raw Records0010Nonev=spf1 include:_spf.mx.cloudflare.net ~allbattleb0t.xyz
2023-05-12 03:32:25Open TCP PortNoPulsedive0030None188.114.97.13:8080188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonemy_instants (Category: music) https://www.myinstants.com/en/profile/login/login
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.176): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonehk (Net ID: 00:02:A8:1F:B9:47)50.1188, 8.6843
2023-05-12 03:23:23Open TCP PortNoPulsedive0030None188.114.96.7:8443188.114.96.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNetFBC6 (Net ID: 00:01:36:5A:FB:C4)37.780462,-122.390564
2023-05-12 03:24:50CountryNoCountry Name Extractor0050NoneUnited Statesecash-pay.com
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonecf-ray: 7c5f60726fad1912-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:53:07Open TCP PortNoPulsedive0030None185.199.111.154:80185.199.111.0/24
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneTwitter (Category: social) https://twitter.com/ayhuayhu
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5e66b449bc299e-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}188.114.96.1
2023-05-12 02:53:35Open TCP PortNoCensys0020None185.199.110.153:443185.199.110.153
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007.github.io185.199.111.153
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.220): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:19Web Content TypeNoWeb Spider0040Noneapplication/javascripthttps://fluid.battleb0t.xyz/./script.js
2023-05-12 02:53:02Web TechnologyNoTool - WAFW00F0020NoneNone Nonenwapi.battleb0t.xyz
2023-05-12 02:54:30BGP AS MembershipNoCensys0030None1406164.226.81.43
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneFrodo (Net ID: 00:02:2D:25:7C:6A)37.7642, -122.3993
2023-05-12 02:47:29Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"docs.verapdf.org"\n "maxcdn.bootstrapcdn.com"\n "software.verapdf.org"\n "staging.verapdf.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.104.134.96:80"\n "172.104.134.96:443"\n "104.18.11.207:443"\n "172.64.132.15:443"\n "185.199.111.153:80"\n "142.250.189.202:443"\n "185.199.111.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x9b4_Mutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"software.verapdf.org"\n "docs.verapdf.org"\n "staging.verapdf.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD2EE.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /dev/verapdf_windows-x64_1_18-rc.exe HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: software.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /dev/verapdf_windows-x64_1_18-rc.exe HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: software.verapdf.org" (Indicator: "user-agent: ")\n "GET /wp-content/themes/veraPDF-site/includes/js/ie10-viewport-bug-workaround.js?ver=4.5.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/veraPDF-site/includes/js/ie10-viewport-bug-workaround.js?ver=4.5.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "user-agent: ")\n "GET /wp-content/themes/veraPDF-site/includes/js/bootstrap-wp.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/veraPDF-site/includes/js/bootstrap-wp.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "user-agent: ")\n "GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /bootstrap/3.3.6/css/bootstrap-theme.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap/3.3.6/css/bootstrap-theme.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.0.9/js/all.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.0.9/js/all.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /assets/css/style.css?ver=4.5.3 HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: docs.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /assets/css/style.css?ver=4.5.3 HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: docs.verapdf.org" (Indicator: "user-agent: ")\n "GET /ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ajax.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ajax.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'ide185.199.111.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-proxy-cache: MISS{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:06:25:BA:AB:53)33.336199,-111.89446440830702
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.181): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx Guest (Net ID: 00:01:21:26:34:40)41.8781, -87.6298
2023-05-12 02:44:29Co-Hosted Site - Domain NameNoDNS Resolver0020Nonegithubusercontent.comgithubusercontent.com
2023-05-12 03:00:53Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.82): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:41Open TCP PortNoPulsedive0030None185.199.109.133:443185.199.109.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonebeeline1 (Net ID: 00:01:38:A8:7B:F3)34.0544, -118.244
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneAllstate 2.4G (Net ID: 00:02:6F:F8:0A:40)33.6170672,-111.90564645297056
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0031.github.io] https://www.openphish.com/feed.txt0031.github.io
2023-05-12 03:17:33Similar Domain - WhoisNoWhois1020NoneDomain Name: AIHU.XYZ Registry Domain ID: D351663834-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: https://idwebhost.com Updated Date: 2023-03-07T15:29:15.0Z Creation Date: 2023-03-02T11:39:51.0Z Registry Expiry Date: 2024-03-02T23:59:59.0Z Registrar: CV Jogjacamp Registrar IANA ID: 1478 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: FENG SHENG FEI XING Registrant State/Province: Jiangsu Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.DAN.COM Name Server: NS2.DAN.COM Name Server: VERIFICATION-EE5FF475.NS3.DAN.HOSTING DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:32.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: AIHU.XYZ Registry Domain ID: D351663834-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: http://resellercamp.com/ Updated Date: 2023-03-02T11:40:08Z Creation Date: 2023-03-02T11:39:51Z Registrar Registration Expiration Date: 2024-03-02T23:59:59Z Registrar: CV. Jogjacamp Registrar IANA ID: 1478 Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited) Registrant Organization: FENG SHENG FEI XING Registrant State/Province: Jiangsu Registrant Country: CN Name Server: ns1.dan.com Name Server: ns2.dan.com Name Server: verification-ee5ff475.ns3.dan.hosting DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:02:33Z<<< For more information on Whois status codes, please visit https://icann.org/epp Registration Service Provided By: PREMIUMDOMAINSELLER The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is", and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The Registrar of record is CV. Jogjacamp. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. aihu.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-ray: 7c5f6036af1541db-EWR{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:13 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:13 GMT", "cf-ray": "7c5f6036af1541db-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 02:46:49Open TCP PortNoSSL Certificate Analyzer0030None104.196.30.220:443104.196.30.220
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneprr (Net ID: 00:0C:41:CA:76:65)39.0469, -77.4903
2023-05-12 02:59:44Co-Hosted Site - Domain WhoisNoWhois1020None Domain Name: GITHUB.COM Registry Domain ID: 1264983250_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-09-07T09:10:44Z Creation Date: 2007-10-09T18:20:50Z Registry Expiry Date: 2024-10-09T18:20:50Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: DNS1.P08.NSONE.NET Name Server: DNS2.P08.NSONE.NET Name Server: DNS3.P08.NSONE.NET Name Server: DNS4.P08.NSONE.NET Name Server: NS-1283.AWSDNS-32.ORG Name Server: NS-1707.AWSDNS-21.CO.UK Name Server: NS-421.AWSDNS-52.COM Name Server: NS-520.AWSDNS-01.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. github.com
2023-05-12 02:49:59Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://www.bloknmesh.com/de-de/categories/temporary-fencing', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"109.237.26.201:443"\n "142.250.189.170:443"\n "185.199.110.153:443"\n "142.251.46.232:443"\n "142.250.191.78:443"\n "142.251.2.157:443"\n "142.251.46.226:443"\n "142.251.32.46:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "gb_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Tar3638.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3599.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"flagicons.lipis.dev"\n "www.bloknmesh.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IE_EarlyTabStart_0xd40_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d70_IESQMMUTEX_0_331"\n "IsoScope_d70_IE_EarlyTabStart_0xd40_Mutex"\n "IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3637.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3598.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab383E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"hire-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "rapid-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "arrow-down-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-toggle-close_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "angle-right-small-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "angle-left-small-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "be_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "at_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook_2_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "footer-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "installation-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-mobile_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "country-select-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.bloknmesh.com/de-de/categories/temporary-fencing"\n Pattern match: "https://www.bloknmesh.com"\n Pattern match: "www.bloknmesh.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.bloknmesh.com" seems to be random'}], u'threat_level': 0, u'size': None, u'job_id': u'63eb580b7d33587f2f443f35', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'109.237.26.201', u'142.250.189.170', u'185.199.110.153', u'142.251.46.232', u'142.250.191.78', u'142.251.2.157', u'142.251.46.226', u'142.251.32.46', u'142.251.46.227'], u'sha256': u'98228ff90c9f8d437b7717a175c4c0a4634b8aa926c865d3f9a93f694d5fffb2', u'sha512': u'42484cfd73b15b501e843f45713f7d5f1f010ae634f38fdafc0dca634b6821dd06299ad0a07a0e443ec47ef23bf4d39bfc93311d395add81ff8abda276828da7', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.bloknmesh.com/de-de/categories/temporary-fencing', u'submission_id': u'63eb580b7d33587f2f443f36', u'created_at': u'2023-02-14T09:44:43+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-14T09:44:43+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 9, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'63008ab1a3067ef2a0dcdbf2ec36585f', u'network_mode': u'default', u'processes': [], u'sha1': u'2c9b2fd9468f38f8c453657c6a2c2e71f321798e', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'flagicons.lipis.dev', u'www.bloknmesh.com'], u'extracted_files': [], u'type_short': []}]185.199.110.153
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080NoneTrello (Category: social) https://trello.com/baptistevautheybaptistevauthey
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NonePower IT (Net ID: 00:00:00:05:55:55)41.8781, -87.6298
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.221): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:A1:D8:0C)33.336199,-111.89446440830702
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneDR.KASIM (Net ID: 00:12:CF:44:EA:8F)40.2024, 29.0398
2023-05-12 03:24:47CountryNoCountry Name Extractor0030NoneUnited StatesSan Francisco, California, 94107, United States, North America
2023-05-12 02:56:50Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:23:04 2022 GMT Not After : Feb 15 13:23:03 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a: ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73: 1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1: f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00: 78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39: 10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7: b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3: 5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39: 57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08: 2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a: 22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d: c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26: f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87: e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a: 2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70: bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e: 32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03: a2:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 36:be:9b:e9:c6:04:01:1c:2c:7e:ac:66:f1:b1:7c:f0:ee:5e: a7:7a:d6:c8:9e:79:b8:66:86:a3:c0:1f:2e:30:41:c8:ab:65: cc:a9:76:5f:0c:9a:14:80:51:ed:a7:e9:7f:f2:bd:57:5c:9b: 04:31:55:52:cc:d9:5d:ee:2c:9b:e4:bf:d8:d9:92:19:14:10: dd:51:d3:7f:4d:75:15:b6:a8:e3:fc:04:59:c4:b7:64:9f:51: 37:3d:db:dc:3f:62:ca:61:18:50:70:5c:05:5f:99:79:0d:a0: 0e:c8:35:8d:bb:f1:5e:79:d7:db:26:ea:af:a1:41:c0:38:87: 5a:1f:f0:8e:e8:e0:82:24:9f:5a:90:83:7a:4a:a7:ba:46:58: 13:f1:c7:56:f8:28:af:a1:60:8b:a6:cd:3c:87:94:ac:c7:fc: 20:7c:c8:b3:c3:76:a4:35:2d:72:c3:ee:ac:78:b8:e1:34:03: 38:a2:6a:44:20:aa:90:30:a3:3e:ab:ba:d0:59:e6:ec:06:0e: 8d:eb:87:b7:3c:38:30:f7:f2:e8:b8:2e:15:05:ad:78:2f:e8: 3c:50:44:89:a3:d8:8d:08:05:5d:7a:05:56:82:9c:5e:c3:16: 2a:39:5a:33:90:bb:6e:e6:f1:42:6a:27:46:25:76:11:a4:8f: 4f:1d:29:59
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneW4B3PQ^00ZT00)>&0//44F6/%&_+(*01 (Net ID: 00:06:66:2A:52:3A)33.6170672,-111.90564645297056
2023-05-12 03:00:01Affiliate - Email AddressNoE-Mail Address Extractor0030Nonewr2435@it.jgec.ac.in[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wasimreja.me/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e74_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e74_IESQMMUTEX_0_519"\n "IsoScope_e74_ConnHashTable<3700>_HashTable_Mutex"\n "IsoScope_e74_IESQMMUTEX_0_331"\n "IsoScope_e74_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"\n "IsoScope_e74_IE_EarlyTabStart_0xd58_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.250.189.202:443"\n "104.18.28.243:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fonts.googleapis.com"\n "unicons.iconscout.com"\n "wasimreja.me"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<a href="https://www.linkedin.com/in/wasimreja/" target="_blank"" (Indicator: "linkedin.com")\n "<a href="https://twitter.com/_wasimreja" target="_blank" class="home-social-icon">" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt"></i>" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt contact-icon"></i>" (Indicator: "twitter")\n "Twitter" (Indicator: "twitter")\n "<a href="https://twitter.com/_wasimreja" class="footer-social" target="_blank">" (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/wasimreja/" class="footer-social"" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar41C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar38D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "Cab38C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab38C.tmp]- [targetUID: 00000000-00002812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"favicon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "silence_1_.gif" has type "GIF image data version 89a 500 x 682"- [targetUID: N/A]\n "whats%20cooking_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "music%20player_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "task%20buddy_1_.png" has type "PNG image data 1263 x 700 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar41C.tmp" has type "data"- Location: [%TEMP%\\Tar41C.tmp]- [targetUID: 00000000-00002812]\n "swiper-bundle.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "gcr%20leaderboard_1_.png" has type "PNG image data 1919 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "typing%20speed%20test_1_.png" has type "PNG image data 1920 x 874 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "notes%20mini_1_.png" has type "PNG image data 1920 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "sandesh_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=3 software=Adobe Photoshop CC 2017 (Windows) datetime=2020:06:20 11:34:14] progressive precision 8 1920x850 components 3"- [targetUID: N/A]\n "line_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "quizzler_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1652x805 components 3"- [targetUID: N/A]\n "book%20finder_1_.png" has type "PNG image data 1263 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "dictionary%20app_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "avatar_1_.png" has type "PNG image data 500 x 500 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "urlref_httpswasimreja.me" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "unicons-10_1_.eot" has type "Embedded OpenType (EOT) unicons-10 family"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://wasimreja.me/"\n Pattern match: "https://wasimreja.me"\n Pattern match: "https://swiperjs.com"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "https://wasimreja.me/assets/img/opengraph.png"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600&display=swap"\n Pattern match: "https://unicons.iconscout.com/release/v4.0.0/css/line.css"\n Pattern match: "https://www.linkedin.com/in/wasimreja/"\n Pattern match: "https://github.com/wasimreja"\n Pattern match: "https://twitter.com/_wasimreja"\n Pattern match: "https://www.instagram.com/_wasimreja"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://www.w3.org/1999/xlink"\n Pattern match: "https://notes-mini.vercel.app/"\n Pattern match: "https://typing-speed-test.onrender.com/"\n Pattern match: "https://gcr-leaderboard.vercel.app/"\n Pattern match: "https://book-finder.onrender.com/"\n Pattern match: "http://whats-cooking.vercel.app/"\n Pattern match: "https://task-buddy.netlify.app/"\n Pattern match: "https://dictionary-app.onrender.com/"\n Pattern match: "https://quizzler.vercel.app/"\n Pattern match: "https://wasimreja.github.io/music-player/"\n Pattern match: "https://github.com/wasimreja/sandesh"\n Heuristic match: "wr2435@it.jgec.ac.in"\n Pattern match: "https://instagram.com/_wasimreja"\n Heuristic match: "fonts.googleapis.com"\n Heuristic match: "unicons.iconscout.com"\n Heuristic match: "wasimreja.me"\n Pattern match: "https://wasimreja.me/Accept-Language"\n Pattern match: "ns.adobe.com/xap/1.0/"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "http://fontello.comIconscoutunicons-13Regularunicons-13unicons-13Version"\n Pattern match: "http://fontello.comIconscoutunicons-12Regularunicons-12unicons-12Version"\n Pattern match: "http://fontello.comIconscoutunicons-0Regularunicons-0unicons-0Version"\n Pattern match: "http
2023-05-12 02:53:39HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["8A7E:0CB6:1A24B9D:28318AF:645D907B"], "Age": ["151"], "X_Cache_Hits": ["1"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100035-CHI"], "X_Cache": ["HIT"], "X_Timer": ["S1683853586.391035,VS0,VE4"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["b0816cb365cc757f5f8cced0af110244f06dfba5"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}185.199.108.153
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '12933', cRay: '7c5f60715ea2423d', cHash: '4c530bdfb62a335', cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx', t: 'MTY4Mzg2MDA2Mi45MzcwMDA=', m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=', i1: 'zy3+9oq0kQS8g0MofYLvVQ==', i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonezhihu (Category: social) https://www.zhihu.com/people/loginlogin
2023-05-12 02:59:57Affiliate - Email AddressNoE-Mail Address Extractor0030Nonesupport@bigmarker.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=a85668108cb3&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3704:120:WilError_01"\n "SM0:3704:304:WilStaging_02"\n "Local\\SM0:3704:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3704:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.122:443"\n "142.251.2.157:443"\n "151.101.0.176:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "142.251.46.164:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.14325218193887401859"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.5569041425166893211"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\shopping.js]- [targetUID: 00000000-00002332]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir2332_1139505351\\Ruleset Data]- [targetUID: 00000000-00002332]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00002332]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00002332]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2332_751382652\\Filtering Rules]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2332_1705320843\\edge_driver.js]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\edge_driver.js]- [targetUID: 00000000-00002332]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2332_1705320843\\vendor.bundle.js]- [targetUID: 00
2023-05-12 03:01:12Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.126): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonezhihu (Category: social) https://www.zhihu.com/people/ayhuayhu
2023-05-12 03:00:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.24): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.168): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:8080104.21.71.14
2023-05-12 03:09:31Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.ioebrahemsamir.github.io
2023-05-12 03:00:15Internet Name - UnresolvedNoCertificate Transparency0010Nonewebmail.ayhu.xyzayhu.xyz
2023-05-12 02:56:25BGP AS MembershipNoRIPE0030None4326087.248.157.0/24
2023-05-12 03:00:36Affiliate - Email AddressNoE-Mail Address Extractor0040Noneabuse@name.comDomain Name: netlify.app Registry Domain ID: 2CB5C0CD0-APP Registrar WHOIS Server: whois.nic.google Registrar URL: http://www.name.com Updated Date: 2023-04-11T15:58:16Z Creation Date: 2018-05-08T22:48:05Z Registry Expiry Date: 2024-05-08T22:48:05Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Netlify Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: CA Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: US Registrant Phone: REDACTED FOR PRIVACY Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.p01.nsone.net Name Server: dns2.p01.nsone.net Name Server: dns3.p01.nsone.net Name Server: dns4.p01.nsone.net DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely for query-based, informational purposes. By querying our WHOIS database, you are agreeing to comply with these terms (https://www.registry.google/about/whois-disclaimer.html) and acknowledge that your information will be used in accordance with CRR's Privacy Policy (https://www.registry.google/about/privacy.html), so please read those documents carefully. Any information provided is "as is" without any guarantee of accuracy. You may not use such information to (a) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations; (b) enable high volume, automated, electronic processes that access the systems of CRR or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations; or (c) engage in or support unlawful behavior. CRR reserves the right to restrict or deny your access to the Whois database, and may modify these terms at any time. Domain Name: netlify.app Registry Domain ID: 2CB5C0CD0-APP Registrar WHOIS Server: whois.nic.google Registrar URL: http://www.name.com Updated Date: 2023-04-11T15:58:16Z Creation Date: 2018-05-08T22:48:05Z Registry Expiry Date: 2024-05-08T22:48:05Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Netlify Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: CA Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: US Registrant Phone: REDACTED FOR PRIVACY Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.p01.nsone.net Name Server: dns2.p01.nsone.net Name Server: dns3.p01.nsone.net Name Server: dns4.p01.nsone.net DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely for query-based, informational purposes. By querying our WHOIS database, you are agreeing to comply with these terms (https://www.registry.google/about/whois-disclaimer.html) and acknowledge that your information will be used in accordance with CRR's Privacy Policy (https://www.registry.google/about/privacy.html), so please read those documents carefully. Any information provided is "as is" without any guarantee of accuracy. You may not use such information to (a) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations; (b) enable high volume, automated, electronic processes that access the systems of CRR or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations; or (c) engage in or support unlawful behavior. CRR reserves the right to restrict or deny your access to the Whois database, and may modify these terms at any time.
2023-05-12 03:18:41Open TCP PortNoPulsedive0030None185.199.109.133:80185.199.109.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneDash-4302 (Net ID: 00:0A:F5:48:32:08)32.8608, -79.9746
2023-05-12 03:11:07Physical CoordinatesNoOpenStreetMap91040None37.780462,-122.390564101 Townsend Street, San Francisco, US-CA, US, 94107
2023-05-12 02:53:49HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["926E:68C5:23DED94:340F30D:645D2C8B"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100050-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683827851.292615,VS0,VE22"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["7edd7f29f5c97925d836dfcf6284b65fe4dca468"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}2606:50c0:8000::153
2023-05-12 02:46:54Affiliate - Domain NameNoDNS Resolver0030Nonenetlify.appfrabjous-lebkuchen-324004.netlify.app
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonepannet-24 (Net ID: 00:01:8E:DA:59:C4)37.7642, -122.3993
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Noneetherum-libs.github.io185.199.110.153
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.115): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:24:F2:16:28)34.0544, -118.244
2023-05-12 02:44:12Co-Hosted SiteNoSSL Certificate Analyzer0020Nonecloudwaysapps.comkekw.battleb0t.xyz
2023-05-12 03:17:33Similar Domain - WhoisNoWhois1020NoneDomain Name: AYIU.XYZ Registry Domain ID: D304640320-CNIC Registrar WHOIS Server: whois.dynadot.com Registrar URL: http://www.dynadot.com Updated Date: 2022-06-28T04:15:13.0Z Creation Date: 2022-06-23T04:11:38.0Z Registry Expiry Date: 2023-06-23T23:59:59.0Z Registrar: Dynadot LLC Registrar IANA ID: 472 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Registrant State/Province: California Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: 170.NS1.ABOVE.COM Name Server: 170.NS2.ABOVE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@dynadot.com Registrar Abuse Contact Phone: +1.6502620100 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:33.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: AYIU.XYZ Registry Domain ID: D304640320-CNIC Registrar WHOIS Server: whois.dynadot.com Registrar URL: http://www.dynadot.com Updated Date: 2022-06-23T05:10:07.0Z Creation Date: 2022-06-23T04:11:38.0Z Registrar Registration Expiration Date: 2023-06-23T23:59:59.0Z Registrar: DYNADOT LLC Registrar IANA ID: 472 Registrar Abuse Contact Email: abuse@dynadot.com Registrar Abuse Contact Phone: +1.6502620100 Registry Registrant ID: CPF-291635 Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Dynadot Privacy Service Registrant Street: PO Box 701 Registrant Street: Registrant City: San Mateo Registrant State/Province: California Registrant Postal Code: 94401 Registrant Country: US Registrant Phone: +1.6505854708 Registrant Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz Registry Admin ID: CPF-291635 Admin Name: REDACTED FOR PRIVACY Admin Organization: Dynadot Privacy Service Admin Street: PO Box 701 Admin Street: Admin City: San Mateo Admin State/Province: California Admin Postal Code: 94401 Admin Country: US Admin Phone: +1.6505854708 Admin Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz Registry Tech ID: CPF-291635 Tech Name: REDACTED FOR PRIVACY Tech Organization: Dynadot Privacy Service Tech Street: PO Box 701 Tech Street: Tech City: San Mateo Tech State/Province: California Tech Postal Code: 94401 Tech Country: US Tech Phone: +1.6505854708 Tech Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz Name Server: 170.ns1.above.com Name Server: 170.ns2.above.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2022-06-22 22:10:07 -0700 <<< ayiu.xyz
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [ebrahemsamir.github.io] https://www.openphish.com/feed.txtebrahemsamir.github.io
2023-05-12 03:12:54Physical LocationNonumverify0030NonePhoenix, US+14806242599
2023-05-12 02:46:49SSL Certificate - Issued toNoSSL Certificate Analyzer1030NoneC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app104.196.30.220
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Nonecurve25519-sha256@libssh.org{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:08:36Affiliate - IP AddressNoDNS Look-aside1020None185.199.110.154185.199.110.153
2023-05-12 02:45:35Internet NameNoDNSDumpster2010Nonevscode.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:FD:45:09)33.336199,-111.89446440830702
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None01a637 (Net ID: 00:02:2D:01:A6:37)37.7642, -122.3993
2023-05-12 03:01:04Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.112): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneLivejournal (Category: blog) https://login.livejournal.comlogin
2023-05-12 03:00:00Affiliate - Email AddressNoE-Mail Address Extractor0030Nonebanksean@gmail.com[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamasko.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b7c_IE_EarlyTabStart_0xea4_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2940"\n "IsoScope_b7c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b7c_ConnHashTable<2940>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b7c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.186:80"\n "154.82.100.186:443"\n "172.217.12.106:443"\n "47.253.50.2:443"\n "142.250.191.42:443"\n "142.251.214.131:443"\n "43.251.41.15:443"\n "104.17.210.243:443"\n "142.250.191.67:443"\n "103.143.19.103:443"\n "104.17.213.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "185.199.109.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamasko.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "collect-v6.51.la"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "metamask.io"\n "metamasko.com"\n "perf.hsforms.com"\n "sdk.51.la"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "<meta content="MetaMask - A crypto wallet &amp; gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="A crypto wallet &amp; gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="summary_large_image" name="twitter:card">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<div style="padding-top:56.17021276595745%" class="video w-video w-embed"><iframe class="embedly-embed" src="widgets/media.html" scrolling="no" title="YouTube embed" frameborder="0" allow="autoplay; fullscreen" allowfullscreen="true"></iframe></div>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<a href="javascript:;" rel="noreferer\n noopener" target="_blank" class="footer-link">Twitter</a>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlref_httpmetamasko.com" as clean (type is "HTML document UTF-8 Unicode text with very long lines")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF342.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF3C1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 450x450 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003916]\n "CabF331.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS (Net ID: 00:00:C5:D7:66:BC)41.8781, -87.6298
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneTenor (Category: images) https://tenor.com/users/loginlogin
2023-05-12 02:44:41Affiliate - Internet NameNoDNS Resolver0030None74.170.74.34.bc.googleusercontent.com34.74.170.74
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:55:11Raw Data from RIRsNoCensys0020None{"operating_system": {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, "last_updated_at": "2023-05-12T02:24:16.353Z", "ip": "87.248.157.102", "labels": ["email", "remote-access", "database", "file-sharing"], "location_updated_at": "2023-05-03T17:32:15.874229Z", "autonomous_system_updated_at": "2023-05-03T17:32:15.874604Z", "location": {"province": "Bursa Province", "city": "Bursa", "country": "Turkey", "coordinates": {"latitude": 40.19559, "longitude": 29.06013}, "postal_code": "16250", "country_code": "TR", "timezone": "Europe/Istanbul", "continent": "Asia"}, "dns": {"records": {"cpanel.ozansezgin.com.tr": {"record_type": "A", "resolved_at": "2023-01-05T17:17:36.160101130Z"}, "www.discord.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-04T14:04:52.760179166Z"}, "webdisk.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-02T14:33:42.879167Z"}, "www.berateren.com.tr": {"record_type": "CNAME", "resolved_at": "2023-01-08T16:41:42.225534467Z"}, "cpanel.craftregion.net": {"record_type": "A", "resolved_at": "2022-12-28T16:14:35.726676809Z"}, "file.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-28T17:39:26.229223807Z"}, "emperialnetwork.com.tr": {"record_type": "A", "resolved_at": "2022-12-19T16:59:46.464337451Z"}, "www.dostbultanis.xyz": {"record_type": "CNAME", "resolved_at": "2022-11-05T18:06:42.153390405Z"}, "www.muratcanozturkk.xyz": {"record_type": "CNAME", "resolved_at": "2022-10-04T17:07:38.536349504Z"}, "cpcalendars.fastcup.gq": {"record_type": "A", "resolved_at": "2022-10-14T15:00:12.399066755Z"}, "zehirmedya.com": {"record_type": "A", "resolved_at": "2023-02-27T15:20:55.500762915Z"}, "cpcalendars.mcevim.com": {"record_type": "A", "resolved_at": "2023-01-25T13:44:53.784463939Z"}, "www.serpilbolatcan.com": {"record_type": "CNAME", "resolved_at": "2022-11-03T13:53:32.177886238Z"}, "webmail.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-03T21:41:44.056705877Z"}, "mestbungalov.xyz": {"record_type": "A", "resolved_at": "2022-11-02T09:30:48.965680163Z"}, "www.tahakaya.tk": {"record_type": "CNAME", "resolved_at": "2022-10-24T16:44:34.447999702Z"}, "www.preview.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-22T16:54:29.866591925Z"}, "www.undsel.org": {"record_type": "CNAME", "resolved_at": "2023-02-08T19:45:18.794414750Z"}, "www.mcevim.com": {"record_type": "CNAME", "resolved_at": "2023-01-25T13:44:54.141586649Z"}, "mail.tahakaya.tk": {"record_type": "CNAME", "resolved_at": "2022-10-30T17:45:49.047255176Z"}, "www.klausfx.com": {"record_type": "CNAME", "resolved_at": "2022-10-05T13:42:56.873133625Z"}, "cpanel.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-10T14:06:47.408478527Z"}, "xfcheats.tk": {"record_type": "A", "resolved_at": "2022-10-03T17:50:42.316963800Z"}, "www.fastcup.gq": {"record_type": "CNAME", "resolved_at": "2022-10-13T15:20:37.540317287Z"}, "benimbungalovum.com": {"record_type": "A", "resolved_at": "2022-11-02T14:17:47.483900217Z"}, "_dc-mx.e5e37e515239.sc-riber.games": {"record_type": "A", "resolved_at": "2023-05-07T17:27:28.131252899Z"}, "ochook.gq": {"record_type": "A", "resolved_at": "2023-03-08T16:13:39.337482400Z"}, "cpcontacts.xfcheats.tk": {"record_type": "A", "resolved_at": "2022-10-19T17:13:40.119876482Z"}, "webdisk.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-30T17:45:49.630983754Z"}, "www.sourcecode.xeticias.xyz": {"record_type": "A", "resolved_at": "2022-10-04T17:08:41.037846092Z"}, "webdisk.burakatli.tk": {"record_type": "A", "resolved_at": "2022-12-06T18:01:14.023227309Z"}, "mail.dostbultanis.xyz": {"record_type": "CNAME", "resolved_at": "2022-11-10T16:55:45.621219874Z"}, "webmail.skymine.pw": {"record_type": "A", "resolved_at": "2022-11-16T16:52:03.463771179Z"}, "discord.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-11T14:18:39.106831985Z"}, "cpanel.pimapencanakkale.com": {"record_type": "A", "resolved_at": "2023-04-23T15:46:39.115203086Z"}, "webdisk.pimapencanakkale.com": {"record_type": "A", "resolved_at": "2023-05-02T22:30:28.895880752Z"}, "furkanulgen.dev": {"record_type": "A", "resolved_at": "2023-02-05T14:53:26.346732767Z"}, "cpcontacts.altf13.com": {"record_type": "A", "resolved_at": "2023-01-31T12:46:00.853214402Z"}, "bayholmen.tk": {"record_type": "A", "resolved_at": "2022-10-03T17:49:42.087742760Z"}, "cpcontacts.fastcup.gq": {"record_type": "A", "resolved_at": "2022-10-20T14:59:42.612109055Z"}, "ikisekizbungalov.com": {"record_type": "A", "resolved_at": "2022-11-03T11:07:18.159230616Z"}, "mail.fealhost.com": {"record_type": "CNAME", "resolved_at": "2023-04-06T04:11:51.805186315Z"}, "whm.discord.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-04T14:04:52.276649345Z"}, "darkwolf.network": {"record_type": "A", "resolved_at": "2023-03-21T03:44:01.438444589Z"}, "www.karacolticaret.pw": {"record_type": "CNAME", "resolved_at": "2023-01-27T17:21:17.709086375Z"}, "mail.bwkcn.codes": {"record_type": "CNAME", "resolved_at": "2022-10-23T12:43:26.611424497Z"}, "yaraticikupler.fun": {"record_type": "A", "resolved_at": "2023-01-14T22:49:21.772913425Z"}, "cpcalendars.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-14T17:19:23.144240561Z"}, "webdisk.metamimarlik.com": {"record_type": "A", "resolved_at": "2022-11-03T13:29:46.589630465Z"}, "panel.sourcepawn.com": {"record_type": "A", "resolved_at": "2022-12-09T14:04:16.033214357Z"}, "www.ryzemc.com.serpilbolatcan.com": {"record_type": "A", "resolved_at": "2022-11-15T13:52:29.199227401Z"}, "webdisk.fastcup.gq": {"record_type": "A", "resolved_at": "2022-10-05T15:07:37.703008867Z"}, "altf13.com": {"record_type": "A", "resolved_at": "2023-02-02T12:39:42.545911226Z"}, "mail.xfcheats.tk": {"record_type": "CNAME", "resolved_at": "2022-10-04T16:56:53.515031714Z"}, "www.shop.itanpia.org": {"record_type": "A", "resolved_at": "2022-12-21T17:17:06.217809961Z"}, "cpcontacts.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-04-29T14:19:50.400682526Z"}, "meneksebungalov.com": {"record_type": "A", "resolved_at": "2022-11-08T13:42:29.160787558Z"}, "dc.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-20T16:55:19.902730683Z"}, "tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-12T17:18:46.107319847Z"}, "tiktok.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-05T14:19:22.052159604Z"}, "www.test.bilgietkisi.com": {"record_type": "A", "resolved_at": "2023-03-18T13:54:35.365876978Z"}, "shop.itanpia.org": {"record_type": "A", "resolved_at": "2023-01-14T08:39:09.594223328Z"}, "webdisk.kemsuca.com": {"record_type": "A", "resolved_at": "2022-10-04T13:31:14.803922215Z"}, "cpcalendars.muratcanozturkk.xyz": {"record_type": "A", "resolved_at": "2022-10-04T17:07:36.743450291Z"}, "www.enesk.xyz": {"record_type": "CNAME", "resolved_at": "2023-01-27T17:57:21.368850900Z"}, "www.twitch.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-05T14:19:22.374732364Z"}, "www.gameguard.ochook.tk": {"record_type": "A", "resolved_at": "2023-03-11T19:38:51.584036132Z"}, "berateren.com.tr": {"record_type": "A", "resolved_at": "2023-01-14T17:18:47.330887795Z"}, "webdisk.mcevim.com": {"record_type": "A", "resolved_at": "2023-01-19T13:23:09.181757813Z"}, "ormanevleribungalov.com": {"record_type": "A", "resolved_at": "2022-12-08T13:46:22.391341104Z"}, "skyboxtr.com": {"record_type": "A", "resolved_at": "2023-02-28T14:56:51.452831255Z"}, "www.mental.xeticias.xyz": {"record_type": "A", "resolved_at": "2022-11-28T17:27:53.459024802Z"}, "www.mestbungalov.com": {"record_type": "CNAME", "resolved_at": "2022-10-31T13:52:56.890144647Z"}, "www.dev.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-29T16:58:51.266944718Z"}, "cpcalendars.serpilbolatcan.com": {"record_type": "A", "resolved_at": "2022-10-25T14:05:20.558939618Z"}, "www.exeteam.net": {"record_type": "CNAME", "resolved_at": "2023-04-27T20:57:35.047087859Z"}, "altinbungalov.com": {"record_type": "A", "resolved_at": "2022-10-14T12:46:13.873525996Z"}, "mail.canakkaleuyduantenci.com": {"record_type": "CNAME", "resolved_at": "2023-04-15T14:05:51.043804823Z"}, "explation.xyz": {"record_type": "A", "resolved_at": "2022-11-03T20:22:32.508653902Z"}, "muratcanozturkk.xyz": {"record_type": "A", "resolved_at": "2022-10-04T17:07:35.839337873Z"}, "cpanel.itanpia.org": {"record_type": "A", "resolved_at": "2022-12-19T16:39:16.921255240Z"}, "eventkil.com": {"record_type": "A", "resolved_at": "2023-05-04T14:44:33.809431992Z"}, "www.metamimarlik.com": {"record_type": "CNAME", "resolved_at": "2022-11-22T13:53:03.897632462Z"}, "sapancabungalovotel.com": {"record_type": "A", "resolved_at": "2022-10-21T13:45:32.989372866Z"}, "xn--kemaldnmez-jcb.com": {"record_type": "A", "resolved_at": "2023-02-12T14:33:55.830955863Z"}, "sourcepawn.com": {"record_type": "A", "resolved_at": "2022-11-27T13:51:33.375397529Z"}, "cpanel.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-25T17:24:32.346509475Z"}, "cpcalendars.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-01T14:00:27.620190431Z"}, "cpcontacts.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-11-03T16:33:54.752105702Z"}, "cpanel.metamimarlik.com": {"record_type": "A", "resolved_at": "2022-11-11T13:28:40.298899238Z"}, "webdisk.altf13.com": {"record_type": "A", "resolved_at": "2023-01-30T12:43:04.754213362Z"}, "cpanel.rallirp.com": {"record_type": "A", "resolved_at": "2023-02-24T14:29:25.642654288Z"}, "cpcalendars.skymine.pw": {"record_type": "A", "resolved_at": "2022-11-03T16:23:02.786010839Z"}, "exeteam.net": {"record_type": "A", "resolved_at": "2023-05-07T19:37:55.421427404Z"}, "whm.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-11-03T16:33:56.304949095Z"}, "www.iletisim.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-03T14:20:38.744192612Z"}, "webmail.mcevim.com": {"record_type": "A", "resolved_at": "2023-01-19T13:23:09.500084525Z"}, "canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-08T14:25:32.527389858Z"}, "kemsuca.com": {"record_type": "A", "resolved_at": "2022-10-05T13:42:30.471263227Z"}, "cpcontacts.pimapencanakkale.com": {"record_type": "A", "87.248.157.102
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneWaveLAN Network (Net ID: 00:02:2D:67:07:75)34.0544, -118.244
2023-05-12 03:23:09Open TCP PortNoPulsedive0030None188.114.96.0:443188.114.96.0/24
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/carti_1.jpghttps://pics.battleb0t.xyz/
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"}
2023-05-12 02:53:15IPv6 AddressNoMnemonic PassiveDNS0010None2606:4700:3030::ac43:a8fcbattleb0t.xyz
2023-05-12 03:36:57Malicious IP AddressYesMetaDefender0020Nonewebroot.com [87.248.157.102]87.248.157.102
2023-05-12 02:53:45Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T01:39:10.944Z", "ip": "2606:50c0:8002::153", "location_updated_at": "2023-05-08T10:38:44.903871Z", "autonomous_system_updated_at": "2023-05-08T10:38:44.903996Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.pixeli.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T23:50:00.966261596Z"}, "www.willbishop.dev": {"record_type": "CNAME", "resolved_at": "2023-03-06T20:23:13.520153960Z"}, "www.spncr.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:10.270076260Z"}, "www.rohanseth.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T00:00:27.264834898Z"}, "statereps.cicerodata.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T13:20:14.306282261Z"}, "www.asiavalentine.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:52:15.471978167Z"}, "catclicker.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:42:34.665120760Z"}, "www.omkardhande.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:55:27.721595395Z"}, "www.montferret.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:26.803641174Z"}, "www.guziyf.com": {"record_type": "CNAME", "resolved_at": "2023-01-15T05:57:21.072132005Z"}, "myreads.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-02-26T21:11:31.059545269Z"}, "web-dev.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:36.047967881Z"}, "greshnikov.net": {"record_type": "AAAA", "resolved_at": "2023-04-19T21:42:27.985888825Z"}, "svelte.calories.claas.dev": {"record_type": "CNAME", "resolved_at": "2023-04-04T16:51:51.844422366Z"}, "namco.dev": {"record_type": "AAAA", "resolved_at": "2023-01-19T14:14:45.143590011Z"}, "www.tcamba.dev": {"record_type": "CNAME", "resolved_at": "2023-03-23T17:56:56.616082497Z"}, "thaecohvah.syntactic-sugar.design": {"record_type": "CNAME", "resolved_at": "2023-04-23T09:37:19.694810939Z"}, "liangxiayi.com": {"record_type": "CNAME", "resolved_at": "2023-03-04T14:30:08.595680200Z"}, "mst.biuxbiu.design": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:39:08.436586135Z"}, "kbau.dev": {"record_type": "AAAA", "resolved_at": "2023-02-27T15:42:55.285099290Z"}, "www.kazusato.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:18.300056949Z"}, "cuillere.dev": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:59:59.805050461Z"}, "www.srinivasreddy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:53.148982927Z"}, "www.cliu.dev": {"record_type": "CNAME", "resolved_at": "2023-03-24T23:25:10.893500128Z"}, "kaiseki.coderfin.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T16:02:42.934790176Z"}, "www.robisonweb.dev": {"record_type": "CNAME", "resolved_at": "2023-02-28T15:51:22.213479983Z"}, "www.biobyelogy.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T13:52:36.509893227Z"}, "trubbylove.laury.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:26.457996047Z"}, "blog.hiluohao.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:57:36.831718722Z"}, "www.yusry.de": {"record_type": "CNAME", "resolved_at": "2023-04-23T16:48:40.403075909Z"}, "data-observability-tag.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:12.630016737Z"}, "siuts.proekspert.ee": {"record_type": "CNAME", "resolved_at": "2023-02-08T17:06:34.527975069Z"}, "www.zaddytech.com": {"record_type": "CNAME", "resolved_at": "2023-01-28T14:19:48.513264436Z"}, "www.dannytran.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:34.941987381Z"}, "www.breakingtheboycode.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T23:07:16.593181704Z"}, "yanshouwang.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:54.271513621Z"}, "www.hiennguyen.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:59:42.443779889Z"}, "fikihfirmansyah.my.id": {"record_type": "AAAA", "resolved_at": "2023-03-01T16:36:29.300419626Z"}, "database.jiny.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:19:55.315272389Z"}, "www.shaneporter.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:20:35.708785655Z"}, "blog.brandonmathis.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T21:08:33.485121539Z"}, "blog.limeira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:35.974650849Z"}, "v1.commandtech.dev": {"record_type": "CNAME", "resolved_at": "2022-10-31T15:01:33.036179596Z"}, "nfshibes.com": {"record_type": "AAAA", "resolved_at": "2023-04-19T17:29:58.637558645Z"}, "help.programm-chest.dev": {"record_type": "CNAME", "resolved_at": "2022-11-30T14:37:46.643013242Z"}, "flagicons.lipis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:16.844777559Z"}, "www.aashish.dev": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:07:09.565393850Z"}, "mick.maccallum.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T16:19:47.687126527Z"}, "hkatz.dev": {"record_type": "AAAA", "resolved_at": "2023-03-22T11:14:05.854477536Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "daniel.zaturensky.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:13:57.894038790Z"}, "steezeburger.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T14:57:50.497448263Z"}, "resume.chann.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:16:20.658403265Z"}, "www.wazted.fr": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:32:27.312675959Z"}, "www.changkaixin.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T16:00:04.814716347Z"}, "www.mtconnectcore.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:59:11.184709249Z"}, "www.aloha.org.cn": {"record_type": "CNAME", "resolved_at": "2022-12-14T12:40:48.602824216Z"}, "www.williamjang.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:39.271340346Z"}, "www.mangato.es": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:31:05.591550189Z"}, "msk.im": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:24:25.369430576Z"}, "status.brioxr.com": {"record_type": "CNAME", "resolved_at": "2023-01-19T12:58:47.712783317Z"}, "stevenbone.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T02:37:36.462044411Z"}, "www.dwivedula.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T15:37:48.541873098Z"}, "www.bt1024.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:39:30.209694773Z"}, "willj.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:22.173071262Z"}, "www.ousmane.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:03:29.723057364Z"}, "www.srcmax.com": {"record_type": "CNAME", "resolved_at": "2023-03-26T22:27:47.504722812Z"}, "www.shira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:45:59.585738764Z"}, "static.projectcodex.co": {"record_type": "CNAME", "resolved_at": "2023-03-28T12:56:47.903477609Z"}, "www.thyagajan.in": {"record_type": "CNAME", "resolved_at": "2023-02-04T15:11:06.016790048Z"}, "www.lawrencedunbar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:50:22.533060749Z"}, "www.jenniwu.dev": {"record_type": "CNAME", "resolved_at": "2023-04-24T17:00:00.073227865Z"}, "blog.ddamy.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:10:57.323553779Z"}, "www.coltonfalkner.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:40.169282211Z"}, "www.brandonfajardo.com": {"record_type": "CNAME", "resolved_at": "2023-03-12T13:33:44.576384321Z"}, "andressa.dev": {"record_type": "CNAME", "resolved_at": "2023-04-13T16:15:01.948884742Z"}, "www.pepijn.tech": {"record_type": "CNAME", "resolved_at": "2023-03-11T19:36:20.068693758Z"}, "www.dangillis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:20.930987816Z"}, "www.jasonscotto.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:01:31.543104004Z"}, "www.ologn.dev": {"record_type": "CNAME", "resolved_at": "2023-02-14T15:37:29.279040979Z"}, "sam.haslers.info": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:51:38.197844277Z"}, "www.sreehari.dev": {"record_type": "CNAME", "resolved_at": "2023-03-14T15:27:59.231327405Z"}, "mteworld.ml": {"record_type": "AAAA", "resolved_at": "2023-01-04T15:21:01.487028696Z"}, "www.bsaiki.com": {"record_type": "CNAME", "resolved_at": "2023-03-05T13:41:36.534443343Z"}, "www.grantanna.dev": {"record_type": "CNAME", "resolved_at": "2023-02-27T15:42:47.651834600Z"}, "mirror.growingio.design": {"record_type": "CNAME", "resolved_at": "2022-12-20T14:28:15.483007528Z"}, "www.framy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:45.611656444Z"}, "www.colorbuilder.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:32.011890468Z"}, "www.oscarablinger.dev": {"record_type": "CNAME", "resolved_at": "2023-05-01T09:06:38.146245867Z"}, "abeziou.dev": {"record_type": "AAAA", "resolved_at": "2023-03-27T23:40:41.232028838Z"}, "ulim216.cf": {"record_type": "AAAA", "resolved_at": "2023-02-19T12:42:56.171125280Z"}, "www.bytememo.com": {"record_type": "CNAME", "resolved_at": "2023-04-16T14:20:53.377584664Z"}, "bolifestudio.com": {"record_type": "CNAME", "resolved_at": "2023-04-01T14:40:33.850493899Z"}, "www.linking.fun": {"record_type": "CNAME", "resolved_at": "2023-03-28T17:44:25.016248815Z"}, "www.candidatekey.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T18:28:28.538888119Z"}, "shop4data-ui.docs.collibra.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:31.647476511Z"}, "carlelbaz.com": {"record_type": "CNAME", "resolved_at": "2023-05-05T14:11:09.059299062Z"}, "www.codar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:54:18.450070838Z"}, "www.ky1vstar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:22.392376650Z"}, "portfolio.gchahm.dev": {"record_type": "CNAME", "resolved_at": "2023-01-14T14:40:10.714963428Z"}}, "names": ["www.pixeli.dev", "www.thyagajan.in", "www.jenniwu.dev", "abeziou.dev", "web-dev.docs.inditex.dev", "blog.hiluohao.com", "www.bsaiki.com",2606:50c0:8002::153
2023-05-12 02:44:25IPv6 AddressNoDNS Resolver15030None2600:1f18:2489:8202::c8pics.battleb0t.xyz
2023-05-12 03:00:27Affiliate - Email AddressNoE-Mail Address Extractor0030Noneoccipy.recrutement@aftral.com[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'MSG-993046.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "IsoScope_3fc_IE_EarlyTabStart_0x9c4_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "104.17.25.14:443"\n "172.67.30.148:443"\n "65.8.158.55:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1189.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1178.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00001020]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002584]\n "Tar1189.tmp" has type "data"- Location: [%TEMP%\\Tar1189.tmp]- [targetUID: 00000000-00002584]\n "HTTJFRWH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HTTJFRWH.txt]- [targetUID: 00000000-00001020]\n "_172C582D-B9D2-11ED-B010-08002708D069_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00001020]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00001020]\n "52H103H9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\52H103H9.txt]- [targetUID: 00000000-00001020]\n "RYIH22IO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RYIH22IO.txt]- [targetUID: 00000000-00001020]\n "~DFD0DF213BBF0CD101.TMP" has type "data"- Location: [%TEMP%\\~DFD0DF213BBF0CD101.TMP]- [targetUID: 00000000-00001020]\n "Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1177.tmp]- [targetUID: 00000000-00002584]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "floating-labels_1_.css" has type "ASCII text"- [targetUID: 00000000-00001020]\n "K4HM6RP3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K4HM6RP3.txt]- [targetUID: 00000000-00001020]\n "Tar1178.tmp" has type "data"- Location: [%TEMP%\\Tar1178.tmp]- [targetUID: 00000000-00002584]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: 00000000-00001020]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "GXM745UA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GXM745UA.txt]- [targetUID: 00000000-00001020]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "core.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00001020]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001020]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive"\n "}iwH+H0S/qyn[vT]I6PEF.H=D7"#O{u]nNgI_^)-rK\n8K2d/7N<q}4\nb}[4x(e)`Di%)e{OYoe_|*\'YF+fvTdD?\no|Q69wb!/$(97M^w7rdd,/qMrS>ud~U_{i.We{O~.^R=9nO8D|a3?%zZ&)9ql>O0Y{2uSVRd.(:4Ioa~\'iLONx].:gw?zD)u3q6(}}{yYz>=mSjay^O@XFrueeKM&W$.(XbqB|:{\'_>\n\\Zl#}oVD{/2\\\'%U{Fh*n\\e33ao3%5G\nT+x9,4ATdmRt~Xf5HQ4rQ,2,HROF|$5EgKoh%/&grNm"%!\n eE~K)n`lhPO?~|8("CE>r\\BOLZ4M_QDl},YSU{>5{IxTj\'\n4UYRUg+pFc5C<SaOpP]5=r>i=y$e?<_ae\\N.a-+:jJ%~fFn~7SQ%`fD01,k6ln-pDA|B]u\nA,E1@n9q:~EYGb^t*{EO[^]/#qtmu2O{|rDY!KQX_VOm?bXP2xG//O_l\'b?}DvVn3[Is.j$-MD\n|ryVWvHuT\'MyWE.]M?N6]j+Kuo*x$JS`", "zIbIJ*SdIo:>)&a0+\n\n\n%wX|1au&kdAMsFBz#E=>9Ik*|\'\\xM=Of3"#O^T[)gO;-=z|,~s~^--e=J$K.9+,#_%up%YVvh6N9gwFdR$]}}b}W1`tKm*n2~U#NQGj=dtDAbe-fVR5!jA^02\n;a0u&|HO#R:>vzY%6Mg%.WXO!*z,f!q,;\'A@ eT7#^<{\n9iM0D{Jk7?A$4\\_{riP&4K4$\n"2)V\n9UW7-8:W*,0!XyPWwN)@BVu2*yRarH*UO9MN|\nSPv5Q#I<2#T%$jgnr/a${NT`q=JQcc00C$\n:XMdb;<kf-TdL&F:]>OH\n\nxVOw^`FQwh{=5V$. a\'vbx&w\\nw?,loBn4Fm0i;hRQ[y+?]$W?77%5%>h#Ou\n\nje5`D#3ZUl4+22OO!\n3;:~3rq)VTM_v\\Q{sd2/.GaRCn0bea]0!\\%\n#HJA@N]\n=/RqqADMV(k@P,uX7mFHsa9B`2d>7d1lvPta75%QP;AJnX[q7];VlJ;P9%?{ATtK` f0qc^SSS33KakB=Sk,"\n "6uFRyl8xyC94{.>b$+hl "R4Qa$>+\\RzFz?|A!]9&4sd42P9\\nJ.p^~WjKN$Q~~@%4!Uk;LKdkbP9imKvlK+$RV;j=Zd< SkROuT_cAKi@r\nQ8(6R.4kE(oHK7CCMn TyQ<~\n~O[njWWvC2i9`igdP*kAQPc3F(\\)=)\n-p[nI]\\:sb:yV|\na :5T\'WgG+Gfj\nj71j28X+5` i;v&]|g\'Lyyp(.OSVdh4yVTXUx&v=$nlPDR a" 95@GA\nSp*\n.X3Km6x0[6ek)kX"Z0W8?Zs?64_Q(YER(Zp>]OU,#)_z<[\\![;34S[5+\'/p*1A_kU" :lrb^HXO3K9> Dn=VT\'TOd$IDLL7Y{a.R1a"q%\'A@uVh}n$AAM+/z5:RqaSR+?UFNaTQXNMl*?8`l3&!</i\'{.g^URVmquGy|hi1l4nc8[Sph]NV+-6v+yJ|BSC{t]u`mqu,ZoVp"Uv4pH%\nzdFV9NJl!</a~ICZOE$ul97;o)FZz:^{Y3d(\n=:hO`q\'&q3+OJ", "i$M/jD6:~QWk\n31X\'Pz:=tI}O V(#ol~[yjGMq7H_{~y9h`}r*\\\nqFWNGA]k%WQeby1P iYSDv44kOEl>j>~qRQ"sTnD2$yE*`764W,AM/deo~^[8o[6}+]%Dd7jAJH|B9xJ$Pi_u:D:,QD}gw?_aYO>MSnZ4Iuhp]awc1b"q)NU^ht{O\'1b_9*N6pj!EHJ}58RCiHk7|iJ\\0hVP]B^X.)5:hat^=-]\n;"%W*&zKJT-XsF[hMimjBTh3aZF?>v,#/u/R;|;x}SZFc@NWP/q}]gBn)JuCdV[_w&4\\"tk\'j^Yv\nnl&usOrk=4G78!o7%4;o(;ho\nrpjw<|xPj@9FcB*F44RH[O6@-a(CfYN#@KTPhCgg5l+\nEG*TbHW\'n[.Jw;=?$1p*[:f`@R\nOnUh-dM|Zb\\=&6q*":9fRJyi}&;&{F9eN:,~fdlQP%%Y5)iT!=M\\u8gj\n~azFM>UY/%HM4\'ZX}>apT|rQSwnl6}iQo&XZy)j<\nh$.yI*CS{kHb-oG89mWm\n3m<64[DN911jb]w>^x}7|[p"\n ":$V\nyrUJX&d+Q=CIkqs\n7FN/F02cXOcpALsD8h>o#=,$5&YEShDkTPX\nK$|D$vs.81bCDk|?!G/<*PyLP5YDi!UB9GJ^YEPLB!G8T3y#ed#\\/86&Qq~.*I 9|G9f:#3C3mq=GyLt=#T9~,>((A#oN"lXq*~y@YRi\nit7f;.lEvG+]v&- 7T9ZmwNTv`ij(~X".Od;\'0R2W3.I97u"NO4\n\nbGRnV1m\' C27^k"J%{h<AO0\nY|>.|a}NS)o4C8k\n57hZ5?*zGOj:3"qNS9rD:rwbX+y^\'5Z#-]q\n`c[LF}f.!F ExhVZy(l$y^IT~1gw.$SKKl1u|VgII9jUY^/I~U:y&YM_MU$A_X?f2&FSs9qA8<o{<!asBe6;{lyTt\\5zv8^ k\n@_QZ8f4IV[dmT_-Z }=y%~>v\\@YH&UE\n,:B9ji6f17;YOYr//NliJb6JdO@t)8Swd23Iu@+sjC9iV&T~iG>[+lUyF2|&2q#.Iu\\`^/ n\'a9nu!Q"8Qg/H%\nY\nI63j!T-2auX"`ODv`P2,H\\w"\n ">xoJ\nEFWMKc 8`{&+!jg<p5e{RS#^Lg&Sl1L,fRLUr#t8sdu64d<-CN\\yw|bavBQ@L*t4}-/h}Bg>\nsuiOaOwx(s#[2ui))^?4Kc}=!b0pgpzpBw)Waos"bOz\n4Y3^|z$X>{~I#U^\']\nBfowrt7[G\n-g>a#\nOFia|):&o2YypQ(?1g5\'Na;1GW7h{asC^S)i*bd5br;2p7epKL1i? o#aIkC\\w6\'&ECfjX;\'^=VNJ)N$X&"QQ)Z(Xs#\'z&Z/[F-%$;7^IG|"C*[WcnZllK.R5W~zcjE-SsZtUyO=w$yd7aL|y9>UN0w:$RwixC7Xxcw9DlMgaHVLddU:<7>kRMWXg8skw0)I"!@MG\nO^Q)L7q~h`9gOIp[oo7b;\'Poxi7NJBb oA~y"hCvW;41PA\\)\ny<=\nf//gO_sN6I*Q]Kpd^<}_|Kc^O6rJ`t^eQ1IsN\n7<LPgjpHg"bEy[!Zd#m
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMaxx Hotel (Net ID: 00:02:2D:1F:6F:03)50.1188, 8.6843
2023-05-12 03:00:00Affiliate - Email AddressNoE-Mail Address Extractor0030Nonecontact@luckycarrotapp.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://urldefense.com/v3/__https:/luckycarrotapp.com/organization-b2__;!!FBg0PJ8GdnjP4Q!8c3hK7I-XFYCk7Nsu_a_9ZxOtOzs4BD4Qzz4xaaEEmIdhXPGsEafhFGfqwLPGWafWHCBltJqzsIwT7XW_a2-1-v3BYjmMONK6mxg0p8$', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f94_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f94_IESQMMUTEX_0_519"\n "IsoScope_f94_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3988"\n "IsoScope_f94_IESQMMUTEX_0_331"\n "IsoScope_f94_IE_EarlyTabStart_0xe00_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f94_ConnHashTable<3988>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.80.202.17:443"\n "172.66.43.26:443"\n "20.38.109.4:443"\n "104.16.187.65:443"\n "104.18.230.83:443"\n "185.199.109.153:443"\n "104.18.136.59:443"\n "157.240.22.25:443"\n "104.16.121.190:443"\n "77.88.21.119:443"\n "104.18.25.196:443"\n "104.17.99.172:443"\n "104.16.136.206:443"\n "74.125.137.156:443"\n "104.19.154.83:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.producthunt.com"\n "assets.calendly.com"\n "buttons.github.io"\n "connect.facebook.net"\n "js.hs-analytics.net"\n "js.hs-banner.com"\n "js.hs-scripts.com"\n "js.hsadspixel.net"\n "js.hsforms.net"\n "js.usemessages.com"\n "luckycarrot.blob.core.windows.net"\n "mc.yandex.com"\n "mc.yandex.ru"\n "stats.g.doubleclick.net"\n "track.hubspot.com"\n "urldefense.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta property="twitter:image" content="https://luckycarrotapp.com/images/carrot-logo1111.png">" (Indicator: "twitter")\n "<meta property="twitter:title" content="Peer to peer recognition" />" (Indicator: "twitter")\n "<meta property="twitter:description" content="The best way to recognize and reward employees for their hard work. Boost employee engagement and motivation with Lucky Carrot." />" (Indicator: "twitter")\n "<img height="1" width="1" src="https://www.facebook.com/tr?id=2186666338068573&ev=PageView&noscript=1" alt="facebook" />" (Indicator: "facebook.com")\n "<button class="button btn-fill-orange watch-video-btn video-modal" title="Watch a Video" data-video="https://www.youtube.com/embed/d4_e3pCgUW8?autoplay=1">" (Indicator: "youtube")\n "<a href="https://www.facebook.com/EmployeeEngagementPlatform/" target="_blank">" (Indicator: "facebook.com")\n "<a href="https://am.linkedin.com/company/luckycarrot" target="_blank">" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ" target="_blank">" (Indicator: "youtube")\n "<img src="/images/newLandingPage/icons/social-icons/youtube-icon.svg" />" (Indicator: "youtube")\n "<a href="https://mobile.twitter.com/carrot_lucky" target="_blank">" (Indicator: "twitter")\n "<img src="/images/newLandingPage/icons/social-icons/twitter-icon.svg" />" (Indicator: "twitter")\n ""https://www.facebook.com/rewardsmadefunagain/"," (Indicator: "facebook.com")\n ""https://twitter.com/carrot_lucky"," (Indicator: "twitter")\n ""https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ"," (Indicator: "youtube")\n ""https://www.linkedin.com/company/13047360"" (Indicator: "linkedin.com")\n "<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1512212&fmt=gif" />" (Indicator: "linkedin.com")\n "{state:0,transportUrl:b,context:c,parent:Wk()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1,context:c,parent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Yr={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Zr={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Lg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "b,"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0),nv("sdl","pending",!0),I(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),yy=["www.youtube.com","www.youtube-nocookie.com"],zy,Ay=!1;" (Indicator: "youtube")\n "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d,Eg:e,Fg:f,lh:g,mh:h,Wd:m,ib:b},p=z.YT,q=function(){Gy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"golden-kitty-badge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "lucky%20carrot%20logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "bring-visibility_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-teams-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "message-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "build-a-recognition-culture_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "promote-core-values_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mail_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-slack-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "instagram-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-jira-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "rewards-as-experiences_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-zoom-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "video-play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Icon-feather-check-orange_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39'
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider34020Nonehttps://pics.battleb0t.xyz/pics.battleb0t.xyz
2023-05-12 02:45:32Malicious IP AddressYesPhishStats0120NonePhishstats [185.199.109.153] 185.199.109.153
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5bed4978fe2c9b-ORD Content-Encoding: gzip 188.114.96.1
2023-05-12 03:02:53Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.oldfluid.battleb0t.xyz
2023-05-12 02:44:22Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.108.153
2023-05-12 02:44:49Company NameNoCompany Name Extractor0030NoneGitHub\, Inc.C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.208): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneLithuania000.lt
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonethuis (Net ID: 00:11:6B:12:CA:A6)50.8897, 6.0563
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NoneNetlifyfunny.battleb0t.xyz
2023-05-12 02:44:40Affiliate - Internet NameNoDNS Resolver1030None220.30.196.104.bc.googleusercontent.com104.196.30.220
2023-05-12 02:54:48Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H0694HWAMG6RHJEVW16FQRHY Date: <REDACTED> Content-Length: 0 34.148.97.127
2023-05-12 03:18:47Wikipedia Page EditNoWikipedia Edits0050Nonehttps://en.wikipedia.org/w/index.php?title=Talk:Baden-W%C3%BCrttemberg_Cooperative_State_University&diff=506884727Altpapier
2023-05-12 02:55:18Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://sable.madmimi.com/c/350165?id=104678088.24981.1.6e512bc9d4841698496893609f155382', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"addtocalendar.com"\n "code.jivosite.com"\n "images.dmca.com"\n "sable.madmimi.com"\n "secure.comodo.com"\n "secure.trust-provider.com"\n "www.audiocompliance.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFD72.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"198.71.248.145:443"\n "35.162.153.72:443"\n "142.250.188.10:443"\n "13.227.74.14:443"\n "3.231.186.5:443"\n "151.139.128.10:443"\n "52.92.250.112:443"\n "104.17.24.14:443"\n "185.199.109.153:443"\n "104.37.183.1:443"\n "142.251.46.227:443"\n "142.250.189.195:443"\n "91.199.212.148:443"\n "142.251.32.46:443"\n "5.101.71.73:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ea8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ea8_IESQMMUTEX_0_519"\n "IsoScope_ea8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ea8_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ea8_IE_EarlyTabStart_0xa50_Mutex"\n "IsoScope_ea8_ConnHashTable<3752>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3752"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3752"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFD71.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "bootstrap-side-notes_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25360 version 1.1"- [targetUID: N/A]\n "swiper_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "landingv4_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002916]\n "dark_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "_A32800A3-ADBF-11ED-B70F-080027E847F6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "customv3_1_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVsEpbCIPrc_1_.woff" has type "Web Open Font Format TrueType length 26196 version 1.1"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 551 x 197 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "cart-banner2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 96x96 segment length 16 Exif Standard: [TIFF image data little-endian direntries=4 xresolution=62 yresolution=70 resolutionunit=2] baseline precision 8 480x150 components 3"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmYUtfBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla"- [targetUID: N/A]\n "5e88b89fab8bfa2e7a96214dc1e5c22f_1_.png" has type "PNG image data 118 x 106 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "timepicker_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFFB8CE66BE3105BA6.TMP" has type "data"- Location: [%TEMP%\\~DFFB8CE66BE3105BA6.TMP]- [targetUID: 00000000-00003752]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._A32800A1-ADBF-11ED-B70F-080027E847F6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /c/350165?id=104678088.24981.1.6e512bc9d4841698496893609f155382 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sable.madmimi.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 302 Found\nContent-Length: 0\nConnection: keep-alive\nStatus: 302 Found\nLocation: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nDate: Thu, 16 Feb 2023 07:03:40 GMT\nX-Powered-By: Phusion Passenger(R) Enterprise 6.0.17\nServer: nginx + Phusion Passenger(R) 6.0.17"\n "GET /product/ac/form-941-compliance-2022 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.audiocompliance.com"\n "|v?O.Jh-0-NKr<^l!XbiGdz<h! -v1OHuAX,>k^9p*5@07!/k:\n0"\n "HTTP/1.1 200 OK\nServer: nginx/1.4.6 (Ubuntu)\nDate: Thu, 16 Feb 2023 07:03:43 GMT\nContent-Type: text/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\nVary: Accept-Encoding\nX-Powered-By: PHP/5.5.9-1ubuntu4.21\nSet-Cookie: ci_session=6630a58f9ebedd1dbe62a5bc51e7fc254a50f984; expires=Fri, 17-Feb-2023 07:03:43 GMT; Max-Age=86400; path=/; HttpOnly\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\nPragma: no-cache\nContent-Encoding: gzip\n\n3e6e\n}kw6gSYc;:k;P$1H;n_$x,9Y?O#e0fw\'{Q4vOwcQ`0{s?vL"LxDew^\n_Y7~[Yv]s}M?me3FQ4*Q=!l}lK|(kur1uD|%xh[b\'S1HTOVD+~W>\n^*Q\'Lr1,0_s1lf[0|(1f\nBuh`4X+4ytpyBRg?fTx(N?t5qB?tj7k?\'\\^?g$:<o%%\npcIgaeUAds_FmylYVwr<5a}`]aE5-\nlCHi5VB#GaX}yTvLxh5DIo`x?FNV9g/\\qjD|fF|Rl[(]X=S7:^fy7lw\n=#,_\nXB Uox6I<k~=N~49,YUxNX"u{?<?4\'2}sxG\\.$07blO!if*kb8<4+CP\nIh+OfYh.{lgzfi+4BTdj}rLJ ]9bVtRgUe{5GUs{ao|}nZk/_n6KdRcNB"\\k4m]B9|w\\vREw^Y!a4SE.]a3<0AWu<3\n-j4e3@BU|WZ8@[2yR{ S)nC!~VS8Yf/q9Vyz0|Xs>C5n\'\'fJ~{Ge\\C0*U?aRY64@CD es#{~7uigr3]7B\\qbU|\\o?Le=-"+\'(FW23>-:tpV_/6pM#XBv2P(di\'v))I^{UYa@Fhb0kES5?UBI&"+?44\n{?$\njBg;y|v;F5[JQ KB20[Kt}s+p-/-aw0IV*-GZZDD:t8?GSR%)Z0\nP<&D=]Ti!2a+JUi&.qM"bpTh2}JUhI0U-)_tPTOhWi%"N+Z"g>\'fq,vu}bx*[W,=8I)Yb #7]Q/=`:<=;/0;u|C6trl=Gk7\\C5xzv`yx\n8=<><i`]b5iO,v~zw{Nw{bjBB$gt`e^8PxwmL=0g^^OJ,RF?x\n"v"TL#2q\\Q4+<on#TSTDu\n\nMe`6ZKW;uHpnuCJ[62RJu}AJL~mZ9l$-Wc)[\'z4Dk1EK+)KyX{~nLIPfLCjh6<>%g4M;PD2"ec|l33&n>3_\\\n|+&e1.<{q"v/4i#*@Lt 0YYVP| KKD+OFZ6,Yd;45nXu}DO]{7PNXea\n@LQ)S-3=gt#r.fYc1,"kpHp~c\'G.7`47lc&Jrf%J|(cw0m14pn=]|uG~R3knhJ+5rr9S+w23Yf((fv +;N`QI|(?Wi\\USL<R&28\\rOgwE/iar\nDy0"2&_\nTiX8KEhOlK;6\'D7*SBe;Z>Uf\n!KNM:Vi~24JME-|%<_(p"6J)Ka=w\\f.R$)$8}]"U9d59\n^MdXo=*".i:5gXEQK{fV"i&}KQ8V@!kcxYSjGr~:>w) @_O]83uJ >V9,0[H5q\n!<$\'V]/R5^uaGl1Ge;7ckS@Y/Hjy&~5"SLjN7I\n6>;\\xU%5Lk iKI C-L=*_HmL)\nGIBd5g5j>( DIEE/S\n~zu5Qct37l0P7 43N"J_<%\\k\n9yC`%S>b;bwUl88hhJYhAfkNeAF/S-=<pg\'E7<N$Fj"@;n&y&M2Et7M58u6[[QjGp9^2l&gDL"u\n:bT\\tDyw 0.oEX\nFgZ7[fLK4MD2fU`Xb ]+/yV1=Su-J\\Yl\\X5^bp[}U3%(|[Vk:dt_9(eVqrVF.k E~zz&AsXPc0-?P_^E<}ZfKL Cl5}-/}V\n[\'Ud3a\n@d#J<qap_x=Y&aopdkv[T>@Ugq1cRIrUBB\n#1:[^$3Jiuj!z^SGA@U>qOxQnDFrQc)So\'_~0Y+U_5Rv:&>`MpD.]-f+eM8iM{[PxNSur##N<m3A0jbX/M|u9W|t?tpAsCPNZUd#eP6%ZsMW&q_"!ux{Gfy}2,bc<BS:(v,OOYW9KyJQ\nEYgCeN3eLt<H@Xu*#]=xaF?.v^^X/O\\%T6<pyDHBG2fOnlmOz7v,R3t\'.U.AWtXM=^:]eXd\'J+_2-y#185.199.109.153
2023-05-12 02:54:30Operating SystemNoCensys0030NoneDebian Linux 10.264.226.81.43
2023-05-12 02:55:09Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://nerro13.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nerro13.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nerro13.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_968_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_968_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_968_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_968_IE_EarlyTabStart_0xc70_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2408"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_968_ConnHashTable<2408>_HashTable_Mutex"\n "IsoScope_968_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DF99267F6226AC7DEA.TMP" has type "data"- Location: [%TEMP%\\~DF99267F6226AC7DEA.TMP]- [targetUID: 00000000-00002408]\n "_E2B86EC9-B454-11ED-823B-080027D228E3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC052ACEB9DBBAC98.TMP" has type "data"- Location: [%TEMP%\\~DFC052ACEB9DBBAC98.TMP]- [targetUID: 00000000-00002408]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "TPU4PQUX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TPU4PQUX.txt]- [targetUID: 00000000-00002408]\n "~DF438050EC9ECB4A74.TMP" has type "data"- Location: [%TEMP%\\~DF438050EC9ECB4A74.TMP]- [targetUID: 00000000-00002408]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002408]\n "RecoveryStore._E2B86EC7-B454-11ED-823B-080027D228E3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "8ACOQPI4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8ACOQPI4.txt]- [targetUID: 00000000-00002408]\n "64ZQIBC4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\64ZQIBC4.txt]- [targetUID: 00000000-00002368]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFD098EAB3ED553EDC.TMP" has type "data"- Location: [%TEMP%\\~DFD098EAB3ED553EDC.TMP]- [targetUID: 00000000-00002408]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_1F214282-B457-11ED-823B-080027D228E3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://nerro13.github.io/"\n Pattern match: "http://nerro13.github.io"\n Heuristic match: "nerro13.github.io"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'7/90 Antivirus vendors marked sample as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'7/90 reputation engines marked "http://nerro13.github.io/" as malicious (7% detection rate)\n 7/90 reputation engines marked "http://nerro13.github.io" as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'63f8dbfa2553cc49d7017635', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.109.153'], u'sha256': u'f995a25ba6423268bc0802ef0e448acc6e53a3d5d5bc1fb0bc0ab30a5474f813', u'sha512': u'f2f8ebf1f38c5b60b4222bf3ddc388e24d2803a222851791969b2135e908709b290076559ff2097ec884b5c0df35646ed8d8d8c307297cdd2e8c5d60256c5e07', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://nerro13.github.io/', u'submission_id': u'63f8dbfa2553cc49d7017636', u'created_at': u'2023-02-24T15:47:06+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-24T15:52:38+00:00', u'tags': [u'phishing'], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 4, u'machine_learning_models': [], u'total_signatures': 10, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c2a8a96e599a43bdf2bf5ad44d2dce1d', u'network_mode': u'default', u'processes': [], u'sha1': u'2899a751e27c184052242cb5db2ef2689c79b9ec', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': u'Phishing site', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [u'nerro13.github.io'], u'extracted_files': [], u'type_short': []}]185.199.109.153
2023-05-12 03:06:21Vulnerability - CVE MediumYesTool - testssl.sh0020NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.funny.battleb0t.xyz
2023-05-12 02:45:27Physical LocationNoipapi.co0030NoneToronto, Ontario, ON, Canada, CA172.67.168.252
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneCareer.habr (Category: business) https://career.habr.com/loginlogin
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.210): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:17BGP AS MembershipNoCensys0040None133352606:4700:3037::6815:470e
2023-05-12 03:01:06Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.114): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:51:08Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://nagisa-clinic.jp/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:1464:304:WilStaging_02"\n "Local\\SM0:1464:120:WilError_01"\n "SM0:1464:120:WilError_01"\n "Local\\SM0:1464:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"210.224.185.183:443"\n "138.91.254.96:443"\n "104.26.7.173:443"\n "104.18.11.207:443"\n "142.251.46.202:443"\n "185.199.108.153:443"\n "142.250.191.67:443"\n "142.250.189.170:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajaxzip3.github.io"\n "api.edgeoffer.microsoft.com"\n "code.ionicframework.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "maps.googleapis.com"\n "nagisa-clinic.jp"\n "netdna.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\shopping.js]- [targetUID: 00000000-00004144]\n "f_0004d6" has type "PNG image data 2000 x 1000 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d6]- [targetUID: 00000000-00007688]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007688]\n "f_0004d5" has type "gzip compressed data from Unix original size modulo 2^32 4133692"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d5]- [targetUID: 00000000-00007688]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir4144_1094547702\\Ruleset Data]- [targetUID: 00000000-00004144]\n "f_0004d4" has type "gzip compressed data from Unix original size modulo 2^32 3947552"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d4]- [targetUID: 00000000-00007688]\n "wallet-stable.json" has type "ASCII text"- [targetUID: 00000000-00004144]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4144_1762870862\\Filtering Rules]- [targetUID: 00000000-00004144]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4144_1474562033\\edge_driver.js]- [targetUID: 00000000-00004144]\n "f_0004cf" has type "Web Open Font Format (Version 2) CFF length 1653848 version 1.262"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004cf]- [targetUID: 00000000-00007688]\n "f_0004d1" has type "Web Open Font Format (Version 2) CFF length 1590040 version 1.262"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d1]- [targetUID: 00000000-00007688]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\edge_driver.js]- [targetUID: 00000000-00004144]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00007688]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4144_1474562033\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004144]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\auto_open_controller.js]- [targetUID: 00000000-00004144]\n "f_0004d0" has type "PNG image data 1300 x 750 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d0]- [targetUID: 00000000-00007688]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004144]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4144_1474562033\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004144]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4144_1474562033\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00004144]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004144]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004144]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\product_page.js]- [targetUID: 00000000-00004144]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004144]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4144_1762870862\\Filtering Rules-AA]- [targetUID: 00000000-00004144]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00185.199.108.153
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NonejQueryfunny.battleb0t.xyz
2023-05-12 02:44:22Physical LocationNoipstack0020NoneUnited States185.199.108.153
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5eb92eaeff3814-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.71.14
2023-05-12 02:46:49Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app104.196.30.220
2023-05-12 03:18:47Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Rotated 180 @ 18}https://pics.battleb0t.xyz/images/random_3.jpg
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonematrix (Net ID: 00:02:2D:03:92:64)37.780462,-122.390564
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None1620 Guest (Net ID: 00:01:21:30:37:80)52.3759, 4.8975
2023-05-12 03:24:51CountryNoCountry Name Extractor0070NoneSpain Domain Name: TELLERIA.COM Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T18:34:23Z Registry Expiry Date: 2023-08-11T18:34:23Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-222-C.GANDI.NET Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: telleria.com Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T16:34:23Z Registrar Registration Expiration Date: 2023-08-11T18:34:23Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: CodeSyntax Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Marcajes Telleria S.L. Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: ES Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET Name Server: NS-222-C.GANDI.NET Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: http://www.codesyntax.com/ Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/
2023-05-12 02:44:18SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1185.199.110.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneSpeedStream (Net ID: 00:01:24:F0:82:16)37.780462,-122.390564
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Nonerathook.cc185.199.109.153
2023-05-12 02:44:28Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 0c:e3:f4:1c:e8:cb:bb:cf:13:f7:6c:6f:36:5e:c2:eb Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Feb 11 05:22:10 2023 GMT Not After : May 12 05:22:09 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ce:18:28:ee:1e:4b:a0:54:f5:b2:a8:46:72:fa: 7a:1b:b5:83:d9:b7:b9:85:b6:7e:b8:27:ed:42:bb: f5:8d:d9:0c:96:a1:ac:39:e8:ba:ac:6a:f9:9f:0d: 46:7d:1d:65:d4:56:4a:89:c7:ac:f3:42:0e:7d:79: 7a:b0:01:1a:1e:df:5a:64:96:92:41:7b:76:b3:71: 65:05:d4:d3:ac:cb:dd:ed:f6:10:2e:3d:94:bc:fe: b8:5d:9b:af:1f:73:66:41:55:24:91:8f:6a:93:09: c4:a9:4e:cc:3f:db:83:53:92:be:e5:79:63:d7:c0: f2:ad:fb:15:4c:da:cf:26:0f:ae:09:13:32:5e:2f: 61:79:df:43:b7:2e:3e:7a:3f:f1:71:51:6a:d0:2c: 51:14:2b:e5:5a:3a:2a:63:a7:80:69:d6:dd:ff:21: c9:3a:6c:59:b1:94:d7:a0:d6:e0:c5:59:62:0d:45: 33:fc:cc:08:f3:b9:08:a9:ea:24:98:5f:22:3c:5b: 51:7a:ef:2a:db:8c:ca:b6:bd:39:1c:ec:e9:76:19: 54:df:f7:38:11:32:20:7f:02:4a:bb:97:a7:34:fd: a8:8b:36:ea:36:af:62:53:9d:78:4a:b7:98:3a:a9: 07:8f:74:9e:43:31:08:ab:be:62:c0:5e:01:ec:ce: 53:dd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: F7:A7:5E:24:2E:1C:7A:7A:2A:90:36:DF:66:18:6B:A7:17:36:7E:3E X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_NaLKSGSIEY CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/fXbrD094iyQ.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 09:bc:ea:b6:cf:53:d5:18:fa:35:01:f5:1a:84:b4:db:1b:35: a8:21:d4:b0:1c:8c:61:d9:0a:ed:8a:98:0e:ec:59:d1:7e:8a: 57:4f:81:85:21:9d:81:17:a5:6d:50:b7:02:17:30:3f:51:39: 0f:0d:a8:d9:9c:3b:6f:9f:16:6b:f6:f6:71:30:1e:f6:cd:df: 76:28:c1:38:b4:2a:e8:d2:ce:d8:22:7a:dc:2b:32:d6:cb:47: 88:b5:09:84:fa:12:6c:6e:e0:35:16:bb:24:8c:97:ba:91:7e: 45:50:9e:95:dc:7b:ff:96:e1:f9:37:11:30:5c:89:2e:ed:a5: 42:7f:26:b7:5c:84:0f:5f:e0:da:f9:32:fa:e2:bd:aa:52:51: 70:cd:f0:79:e0:2d:8e:67:56:3c:ba:c2:1e:d9:2f:a6:4b:13: 8c:cf:70:85:8b:05:86:ea:ed:7a:8a:75:c4:87:c4:fc:b8:11: 72:8c:37:b1:f0:08:21:35:fa:6a:0a:a7:28:58:06:2e:4b:74: 11:70:1e:20:5f:d2:60:2c:f6:42:ca:fa:2c:6e:50:27:2a:ea: bd:8f:2d:c2:66:e4:e3:0c:69:4a:0b:47:18:a2:29:2b:ca:35: 4e:52:e9:78:dd:08:a8:e2:6b:51:5d:78:d4:f2:8b:19:66:55: d1:aa:21:f5
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-EC32 (Net ID: 00:1D:D1:32:EC:30)32.8608, -79.9746
2023-05-12 02:44:14IPv6 AddressNoDNS Resolver15010None2606:50c0:8000::153battleb0t.xyz
2023-05-12 03:09:34Affiliate - Internet NameNoDNS Resolver0040None212.30.196.104.bc.googleusercontent.com104.196.30.212
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonevsco (Category: social) https://vsco.co/ayhu/galleryayhu
2023-05-12 02:54:20HTTP HeadersNoWeb Spider3020None{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"}nuke.battleb0t.xyz
2023-05-12 03:00:51Co-Hosted SiteNoHackerTarget2020None0000-bigtree.github.io185.199.111.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"}
2023-05-12 02:46:49Co-Hosted SiteNoSSL Certificate Analyzer0030Nonecloudwaysapps.com64.226.81.43
2023-05-12 02:54:15Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://dogeco-in.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ac0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2752"\n "IsoScope_ac0_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ac0_ConnHashTable<2752>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_ac0_IE_EarlyTabStart_0xacc_Mutex"\n "IsoScope_ac0_IESQMMUTEX_0_303"\n "IsoScope_ac0_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\MSIMGSIZECacheMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"156.251.30.43:80"\n "156.251.30.43:443"\n "185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dogeco-in.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dogeco-in.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* 3.2 RD Twitterfeed" (Indicator: "twitter")\n ".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")\n ".mdi-twitter-box:before {" (Indicator: "twitter")\n ".mdi-twitter-circle:before {" (Indicator: "twitter")\n ".mdi-twitter-retweet:before {" (Indicator: "twitter")\n ".mdi-twitter:before {" (Indicator: "twitter")\n ".mdi-youtube-play:before {" (Indicator: "youtube")\n "a.icon-circle.fa-twitter:hover," (Indicator: "twitter")\n "a.icon-outlined.fa-twitter:hover," (Indicator: "twitter")\n "a.icon-rect.fa-twitter:hover," (Indicator: "twitter")\n "a.icon-rounded.fa-twitter:hover {" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar44CC.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab44CB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "doge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpdogeco-in.com" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "_249931D0-CB5D-11ED-A05C-0800271774CB_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001476]\n "apk_1_.png" has type "PNG image data 195 x 67 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_173E45AF-CB5D-11ED-A05C-0800271774CB_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "favicon-32x32_1_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFB28382624D17019F.TMP" has type "data"- Location: [%TEMP%\\~DFB28382624D17019F.TMP]- [targetUID: 00000000-00002752]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1SJSDB5U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1SJSDB5U.txt]- [targetUID: 00000000-00002752]\n "script_1_.js" has type "ASCII text"- [targetUID: N/A]\n "Tar44CC.tmp" has type "data"- Location: [%TEMP%\\Tar44CC.tmp]- [targetUID: 00000000-00001476]\n "23TACHAW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\23TACHAW.txt]- [targetUID: 00000000-00002752]\n "JWH6TX8Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JWH6TX8Q.txt]- [targetUID: 00000000-00002752]\n "ND45872X.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ND45872X.txt]- [targetUID: 00000000-00002752]\n "doge_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002752]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/K88pR3goAWT7BTt32Z01mxJtnKITppOI_IvcXXDNrsc.woff2"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "C.JgU/0$"\n Pattern match: "dh.dogecofn.com/images/icon-appstore-180x60.png"\n Pattern match: "https://dogecoin.com/favicon-32x32.png"\n Pattern match: "https://dogecoin.com/assets/images/doge.svg"\n Pattern match: "https://dogecoin.com/assets/images/doge.webp"\n Pattern match: "MUID39EA38FB0AC96F4105FF2A240B856E28msn.com/102567574156831101417128039511631022954*"\n Heuristic match: "dogeco-in.com"\n Heuristic match: "GET / HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: dogeco-in.com"\n Pattern match: "https://dogeco-in.com/Accept-Language"\n Pattern match: "http://dogeco-in.com"\n Pattern match: "http://dogeco-in.com/"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025156916108831059172128039511631022954*"\n Pattern match: "MUIDB01CFF38783FC653F08A2E15882786465ieonline.microsoft.com/921666574156831101417127742636631022954*"\n Pattern match: "http://www.iec.chIEC"\n Heuristic match: "scrollTop: $(# + $(this).attr(\'data-custom-scroll-to\')).offset().top"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzBWV49_lSm1NYrwo-zkhivY.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzD0LW-43aMEzIO6XUTLjad8.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzJX5f-9o1vgP2EXwfjgl7AY.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzK-j2U0lmluP9RWlSytm3ho.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzKaRobkAwv3vxw3jMhVENGA.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzP8zf_FOSsgRmwsS7Aa9k2w.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/59ZRklaO5bWGqF5A9baEERJtnKITppOI185.199.109.153
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5454e7fad90297-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}188.114.96.1
2023-05-12 02:54:13HTTP HeadersNoCensys0040None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5016a1cc062a51-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}2606:4700:3030::ac43:a8fc
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.169): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneNETGEAR (Net ID: 00:09:5B:D9:B2:92)39.0469, -77.4903
2023-05-12 03:16:21Raw Data from RIRsNoipapi.co0020None{u'region_code': u'ENG', u'country_tld': u'.uk', u'ip': u'2a06:98c1:3120::1', u'currency_name': u'Pound', u'currency': u'GBP', u'country_population': 66488991, u'country_code': u'GB', u'timezone': u'Europe/London', u'city': u'London', u'network': u'2a06:98c1::/32', u'languages': u'en-GB,cy-GB,gd', u'version': u'IPv6', u'latitude': 51.5095, u'in_eu': False, u'utc_offset': u'+0100', u'continent_code': u'EU', u'country_name': u'United Kingdom', u'country_capital': u'London', u'org': u'CLOUDFLARENET', u'postal': u'EC4N', u'asn': u'AS13335', u'country': u'GB', u'region': u'England', u'longitude': -0.0955, u'country_calling_code': u'+44', u'country_area': 244820.0, u'country_code_iso3': u'GBR'}2a06:98c1:3120::1
2023-05-12 02:44:19Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.110.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneMarvellAP8x (Net ID: 00:01:36:16:7E:FB)37.7813933,-122.3918002
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None01010101coder.github.io185.199.111.153
2023-05-12 03:09:28Co-Hosted SiteNoSSL Certificate Analyzer1020Noneacilacikveteriner.com87.248.157.102
2023-05-12 02:48:58Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://deployment.hung1001.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e70_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_e70_IESQMMUTEX_0_519"\n "IsoScope_e70_ConnHashTable<3696>_HashTable_Mutex"\n "IsoScope_e70_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e70_IE_EarlyTabStart_0x9e0_Mutex"\n "IsoScope_e70_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3696"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "185.199.110.153:443"\n "104.16.89.20:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"deployment.hung1001.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "deployment.hung1001.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2016 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC53C.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC52B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC52B.tmp]- [targetUID: 00000000-00003432]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003432]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpdeployment.hung1001.com" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "_992E54E5-CD8F-11ED-8D0C-080027A296EA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003432]\n "CabC52B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC52B.tmp]- [targetUID: 00000000-00003432]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF67EEE4888DD5E710.TMP" has type "data"- Location: [%TEMP%\\~DF67EEE4888DD5E710.TMP]- [targetUID: 00000000-00003696]\n "1BGFX3G1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1BGFX3G1.txt]- [targetUID: 00000000-00003696]\n "0M49AE3M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0M49AE3M.txt]- [targetUID: 00000000-00003696]\n "~DF88C37032F716BF51.TMP" has type "data"- Location: [%TEMP%\\~DF88C37032F716BF51.TMP]- [targetUID: 00000000-00003696]\n "~DFE99CBDD6FC466412.TMP" has type "data"- Location: [%TEMP%\\~DFE99CBDD6FC466412.TMP]- [targetUID: 00000000-00003696]\n "favicon_6_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "BISQWXD2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BISQWXD2.txt]- [targetUID: 00000000-00003696]\n "XYZCPKU1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XYZCPKU1.txt]- [targetUID: 00000000-00003696]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF5D8C007EB74B1E29.TMP" has type "data"- Location: [%TEMP%\\~DF5D8C007EB74B1E29.TMP]- [targetUID: 00000000-00003696]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "clipboard.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://getbootstrap.com"\n Pattern match: "https://zenorocha.github.io/clipboard.js"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "jquery.org/license"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://hung1001.github.io/assests/images/1.jpg"\n Pattern match: "msdn.microsoft.com/en-us/library/cc722477.aspx"\n Pattern match: "cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css"\n Pattern match: "cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js"\n Pattern match: "cdn.jsdelivr.net/npm/clipboard@2.0.4/dist/clipboard.min.js"\n Pattern match: "cdn.jsdelivr.net/npm/jquery@3.4.1/dist/jquery.min.js"\n Pattern match: "MUID146012C6BB7767E008770024BAF36692msn.com/1025385438284831101987262314288931023516*"\n Heuristic match: "cdn.jsdelivr.net"\n Heuristic match: "deployment.hung1001.com"\n Heuristic match: "GET / HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: deployment.hung1001.com"\n Pattern match: "https://deployment.hung1001.com/Accept-Language"\n Pattern match: "http://deployment.hung1001.com"\n Pattern match: "http://deployment.hung1001.com/"\n Pattern match: "isdomainmigratedtruewww.msn.com/102545283507231059743262314288931023516*"\n Pattern match: "MUIDB34F1697C9B5A69502FD47B9E9ADE6822ieonline.microsoft.com/9216385438284831101987262001788931023516*"\n Pattern match: "msdn.microsoft.com/en-us/library/windows/desktop/ms717801(v=vs.85).aspx"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "SUIDMmicrosoft.com/9216372189363231023633262001788931023516*MUID34F1697C9B5A69502FD47B9E9ADE6822microsoft.com/1025385438284831101987262001788931023516*_EDGE_V1microsoft.com/9216385438284831101987262017413931023516*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216372189363231023633262001788931023516*MUID34F185.199.110.153
2023-05-12 03:08:45Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.212104.196.30.220
2023-05-12 02:44:21Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.108.153
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Nonechacha20-poly1305@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:80172.67.135.9
2023-05-12 02:44:22SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 15 23:40:10 2023 GMT Not After : Jun 13 23:40:09 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90: 49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84: 18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef: 4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34: 46:4c:ee:fd:f2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 16 00:40:11.019 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27: 6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89: 64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31: 95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D: 6E:F8:5C:00:34:71:DB Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 16 00:40:11.009 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60: 05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21: 8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A: 31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4: 4B:2C:3E:84:83:8A:4F Signature Algorithm: sha256WithRSAEncryption 78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0: 19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77: d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d: be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b: 01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5: 3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13: 67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f: fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4: c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18: 9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4: 36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03: b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a: 86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61: 74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9: a0:e1:79:05 battleb0t.xyz
2023-05-12 03:09:46Affiliate - Internet NameNoDNS Resolver0040None65.170.74.34.bc.googleusercontent.com34.74.170.65
2023-05-12 03:41:52HTTP HeadersNoCensys0030None{"Content_Length": ["315"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]}45.131.109.53
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NoneFont Awesomefunny.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:0C:41:A0:89:8A)32.8608, -79.9746
2023-05-12 03:09:52Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.94
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:2587.248.157.102
2023-05-12 02:54:41Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H04595A0C45NR8DMSR5TCKG9 Date: <REDACTED> Content-Length: 0 104.196.30.220
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.223): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:12:12Vulnerability - CVE HighYesTool - testssl.sh0220NoneCVE-2016-2183 https://nvd.nist.gov/vuln/detail/CVE-2016-2183 Score: 7.5 Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.188.114.96.1
2023-05-12 02:54:23Open TCP Port BannerNoCensys0040NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H04DT6EFGA302FBVMKFT2XD1 Date: <REDACTED> Content-Length: 0 2600:1f18:2489:8201::c8
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.130): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:05:09Affiliate - Internet NameNoCross-Reference1130Nonegithub.comhttps://github.com/BattleB0t
2023-05-12 02:50:05Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://rustmagazine.org/static/favicon/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /static/favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rustmagazine.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /static/favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rustmagazine.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5FE6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar6016.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d58_ConnHashTable<3416>_HashTable_Mutex"\n "SmartScreen_ClientId_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d58_IESQMMUTEX_0_303"\n "IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d58_IE_EarlyTabStart_0xc48_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d58_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "CommunicationManager_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\SmartScreen_AppRepSettings_Mutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab5FD5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab6015.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "4DECWBA5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4DECWBA5.txt]- [targetUID: 00000000-00003416]\n Dropped file: "EM5QEVBV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EM5QEVBV.txt]- [targetUID: 00000000-00003416]\n Dropped file: "1V15O9V6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1V15O9V6.txt]- [targetUID: 00000000-00003416]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar5FE6.tmp" has type "data"- Location: [%TEMP%\\Tar5FE6.tmp]- [targetUID: 00000000-00003948]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003948]\n "4DECWBA5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4DECWBA5.txt]- [targetUID: 00000000-00003416]\n "RecoveryStore._7734DE51-A810-11ED-8751-0800271C5049_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab5FD5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5FD5.tmp]- [targetUID: 00000000-00003948]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFAF54E82161A92B7A.TMP" has type "data"- Location: [%TEMP%\\~DFAF54E82161A92B7A.TMP]- [targetUID: 00000000-00003416]\n "Tar6016.tmp" has type "data"- Location: [%TEMP%\\Tar6016.tmp]- [targetUID: 00000000-00003948]\n "_7734DE53-A810-11ED-8751-0800271C5049_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00003948]\n "EM5QEVBV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EM5QEVBV.txt]- [targetUID: 00000000-00003416]\n "Cab6015.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab6015.tmp]- [targetUID: 00000000-00003948]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003416]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003948]\n "~DF6898893CF9D6102D.TMP" has type "data"- Location: [%TEMP%\\~DF6898893CF9D6102D.TMP]- [targetUID: 00000000-00003416]\n "site.webmanifest.lxbzcvx.partial" has type "JSON data"- Location: [%USERPROFILE%\\Downloads\\site.webmanifest.lxbzcvx.partial]- [targetUID: 00000000-00003416]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-159', u'name': u'Writes log files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes a file "%TEMP%\\JavaDeployReg.log"\n "iexplore.exe" writes a file "%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\RecoveryStore.{7734DE51-A810-11ED-8751-0800271C5049}.dat"\n "iexplore.exe" writes a file "%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\{7734DE53-A810-11ED-8751-0800271C5049}.dat"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /static/favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rustmagazine.org\nDNT: 1\nConnection: Keep-Alive"\n "u\n0E%n\n|p"2jb@9p=@ISw7|@Q#dT-u$u{&1\\r6$4\'FlJhUnbTmtPA|^`\ne~BX!"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://rustmagazine.org/static/favicon/site.webmanifest"\n Pattern match: "https://rustmagazine.org"'}, {u'category': u'Cryptographic Related', u'origin': u'File/Memory', u'identifier': u'string-57', u'name': u'Found a cryptographic related string', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1027', u'threat_level_human': u'informative', u'capec_id'185.199.110.153
2023-05-12 02:59:45SSL Certificate - Raw DataNoCertificate Transparency2010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 18:07:07 2022 GMT Not After : Mar 13 18:07:06 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5: cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40: 8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da: 78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a: 56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00: cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85: b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4: 1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d: 86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9: c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0: 2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f: 7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28: 87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb: 3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9: ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf: fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce: a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1: d3:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 56:a7:32:cc:63:2f:7b:45:7f:05:18:5f:3e:03:67:82:e5:0e: 14:24:2d:4e:bd:24:f5:fa:90:92:69:17:7b:d1:23:b4:5f:72: 7a:af:32:e2:c8:28:7e:98:41:f2:c7:ab:41:34:02:6f:ca:a4: 77:0e:6b:df:35:1b:69:e8:30:42:43:a2:b1:d9:fd:cb:17:1e: 46:a3:67:c9:5d:ff:94:85:0e:a2:df:d3:83:d0:a3:f2:83:7b: dd:2e:d5:ae:32:94:05:46:0c:19:ca:ed:27:24:30:de:c1:83: b3:fa:a9:28:10:06:41:f9:bc:8e:ec:2c:b2:c5:50:1b:53:d4: 5f:dc:93:4c:91:47:36:3e:18:bb:60:2e:2b:c3:a2:8e:d0:41: bf:b5:f2:c1:3c:9e:23:83:f3:0a:e9:90:b8:ea:07:4c:7d:33: 7f:96:41:8c:3e:17:1d:9e:ed:d7:88:e1:f2:d6:4c:ee:67:b7: 9d:77:dd:54:17:a0:45:80:3c:14:ae:d9:2c:f9:2f:a7:d3:1a: b6:ff:c0:51:b2:15:42:38:03:d0:4b:ff:c0:3f:6d:02:65:07: 67:bb:0a:98:60:da:ab:a9:72:b1:8d:b2:e0:ad:99:f8:08:b9: 1a:39:e6:69:82:23:94:db:8e:23:77:72:cb:aa:45:70:fd:4e: 10:ce:72:06 ayhu.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneMarvellAP8x (Net ID: 00:01:36:16:7E:FB)37.780462,-122.390564
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.175): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:25Open TCP PortNoPulsedive0030None188.114.96.8:8443188.114.96.0/24
2023-05-12 03:09:05Affiliate - IP AddressNoDNS Look-aside0030None165.232.113.76165.232.113.85
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.70): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:12Co-Hosted SiteNoSSL Certificate Analyzer0120Nonegithub.iowww.battleb0t.xyz
2023-05-12 02:54:13Linked URL - ExternalNoWeb Spider0020Nonehttps://www.discord.comhttps://battleb0t.xyz/
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.30): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonegiters (Category: coding) https://giters.com/ayhuayhu
2023-05-12 03:31:33Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@west.cnDomain Name: AYU.XYZ Registry Domain ID: D9607467-CNIC Registrar WHOIS Server: whois.west.cn Registrar URL: http://www.west.cn Updated Date: 2023-02-11T09:04:01.0Z Creation Date: 2015-08-20T20:34:37.0Z Registry Expiry Date: 2023-08-20T23:59:59.0Z Registrar: CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD. Registrar IANA ID: 1556 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Registrant State/Province: Jiang Su Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS5.MYHOSTADMIN.NET Name Server: NS6.MYHOSTADMIN.NET Name Server: NS1.MYHOSTADMIN.NET Name Server: NS2.MYHOSTADMIN.NET Name Server: NS3.MYHOSTADMIN.NET Name Server: NS4.MYHOSTADMIN.NET DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@west.cn Registrar Abuse Contact Phone: +86.2862778877 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayu.xyz Registry Domain ID: xy74494296952501 Registrar WHOIS Server: whois.west.cn Registrar URL: www.west.cn Updated Date: 2015-08-20T20:34:39.0Z Creation Date: 2015-08-20T20:34:39.0Z Registrar Registration Expiration Date: 2023-08-20T20:34:39.0Z Registrar: Chengdu west dimension digital technology Co., LTD Registrar IANA ID: 1556 Reseller: Domain Status: ok http://www.icann.org/epp#ok Registry Registrant ID: Not Available From Registry Registrant Name: REDACTED FOR PRIVACY Registrant Organization: REDACTED FOR PRIVACY Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Jiang Su Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: CN Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Registry Admin ID: Not Available From Registry Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Registry Tech ID: Not Available From Registry Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Name Server: ns1.myhostadmin.net Name Server: ns2.myhostadmin.net DNSSEC: signedDelegation Registrar Abuse Contact Email: westabuse@gmail.com Registrar Abuse Contact Phone: +86.2862778877 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
2023-05-12 02:45:14Raw Data from RIRsNoHybrid Analysis0020None{u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.111.153'}], u'result': [{u'environment_id': 110, u'job_id': u'645c5c80cefc7dcf210b99d0', u'analysis_start_time': u'2023-05-11 03:09:53', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'74e362294f1a7a74dccf47210346068375f818d951a223186b4bbef05e309da1', u'type': None, u'type_short': u'url', u'size': 59}, {u'environment_id': 100, u'job_id': u'645b8370d7b98701230dc5fe', u'analysis_start_time': u'2023-05-10 11:43:44', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ac895efa3a08b3b81e71026cac1be65be304d90b60e361b7036fe584b66ed688', u'type': None, u'type_short': u'url', u'size': 81}, {u'environment_id': 110, u'job_id': u'645ae1eaa7eade680c0e57b4', u'analysis_start_time': u'2023-05-10 00:14:34', u'vx_family': u'Phishing site', u'av_detect': u'59', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'08f60cb3d98136e067f2bfa99af19bbad336b8e418b47bda5a8f076a28abe012', u'type': None, u'type_short': u'url', u'size': 72}, {u'environment_id': 100, u'job_id': u'645a6cd90dbdcffebe0c4993', u'analysis_start_time': u'2023-05-09 15:55:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'dd275a78c386fc8f6b453e8b7fd3bd051877cabadfdedff2620dca5c655c625b', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 160, u'job_id': u'645985a2d5bf2769970d369c', u'analysis_start_time': u'2023-05-08 23:28:34', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'27625e24647d2569a674e3799d36a2008f93eb351cf7cc3ffd05fe808ed74b1c', u'type': None, u'type_short': u'url', u'size': 54}, {u'environment_id': 160, u'job_id': u'645556072511fcf1570c8679', u'analysis_start_time': u'2023-05-05 19:16:24', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'96f77f0dbdde7c273c6097c174213d38813ce2849f4a226fddaf8ae4ca121567', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 110, u'job_id': u'645082f9c5df89a1700be06c', u'analysis_start_time': u'2023-05-02 03:26:49', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'33e6aee38e124479e80a03f00d38f1f93137511fafd55c0815b25d2f8b295467', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 110, u'job_id': u'645080e068df2a2930023159', u'analysis_start_time': u'2023-05-02 03:17:52', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'b48273996518b805b066210f156613b2f4e1bde5d72b4ddef5d8fb19dffca841', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 160, u'job_id': u'644fe86e52348161b10d0bbd', u'analysis_start_time': u'2023-05-01 16:27:26', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 17, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'020e3e2c8da24f85e4346b589068e6dcfd2e4afeeada816b7f41fb16dedf3864', u'type': None, u'type_short': u'url', u'size': 137}, {u'environment_id': 110, u'job_id': u'644da9a48a42e7a8ac0ab07b', u'analysis_start_time': u'2023-04-29 23:35:01', u'vx_family': u'Phishing site', u'av_detect': u'73', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'55f21248b94bc741247d69ef0f5523011eacc847a3c72e4066c45708f38bb7f4', u'type': None, u'type_short': u'url', u'size': 44}, {u'environment_id': 100, u'job_id': u'643e6bb1ce8926036a0612d7', u'analysis_start_time': u'2023-04-18 10:06:41', u'vx_family': u'Malicious site', u'av_detect': u'32', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'b5986141b47c3c37930d2f7ecc1e1d9f2da6d75a10d246c12433b5d577d5022d', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 160, u'job_id': u'643d8a8c389bae426c02954d', u'analysis_start_time': u'2023-04-17 18:06:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8b21d884c9a557260a5aea41f401867fe493f9f5ebb98ed736c4b3b93bb0cc24', u'type': None, u'type_short': u'url', u'size': 42}, {u'environment_id': 100, u'job_id': u'643ad8c2d9954faf0e0cbe38', u'analysis_start_time': u'2023-04-15 17:02:58', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6fb52fd233065ac1b93e470d857f64d82a2ccffef8335fcaa02bc58df2ca970c', u'type': None, u'type_short': u'url', u'size': 61}, {u'environment_id': 100, u'job_id': u'6439070c265a4fa83a00eb7c', u'analysis_start_time': u'2023-04-14 07:55:56', u'vx_family': u'Phishing site', u'av_detect': u'33', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'a345bbe691e1659f35836f52c8e9962f1c963cb45ca1b0cde2d8b2fb52e5544d', u'type': None, u'type_short': u'url', u'size': 129}, {u'environment_id': 100, u'job_id': u'643580c0a81f95183f013251', u'analysis_start_time': u'2023-04-11 15:46:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'a66876bf5d88b6b1e4cae2ad5fe213c6a5ae169ab90a58bae2c559a81f71043e', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 100, u'job_id': u'642d600430a7625af306f95c', u'analysis_start_time': u'2023-04-05 11:48:20', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3d712467533d99dd99de9bab56da009d5317f2d14234f7657c15944b5d818010', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 100, u'job_id': u'642cbf3a104a26f5700ba80c', u'analysis_start_time': u'2023-04-05 00:22:18', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'ebc2aa1a212b05483a1bcd945eba0ca46d86c27ab52985919458956cbd48fde6', u'type': None, u'type_short': u'url', u'size': 95}, {u'environment_id': 160, u'job_id': u'642c94d30769d9c0a40c4106', u'analysis_start_time': u'2023-04-04 21:21:23', u'vx_family': None, u'av_detect': u'10', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e0744649b033b964db2e366b6ff845e7fe07914dc74b5277a0d3b161ff36da82', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 160, u'job_id': u'642687dd7efd48c1e70ae62a', u'analysis_start_time': u'2023-03-31 07:12:29', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2ab04053e6d52deab2748242f4153415e9979cb97b0e3eb54a049b1df509056c', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 160, u'job_id': u'6423e52a9b014c00df02b473', u'analysis_start_time': u'2023-03-29 07:18:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f29376302ee518c13e0e840829c33da3b9baae9c8efaf8eb954004b8c681fae8', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 160, u'job_id': u'64226311d0c96e57900e7b36', u'analysis_start_time': u'2023-03-28 03:46:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'ab47283e64d965e888dbbff352d5255a05303978f2a9ada78c003c7c0e765a47', u'type': None, u'type_short': u'url', u'size': 59}, {u'environment_id': 160, u'job_id': u'641f9e15db06093884029e45', u'analysis_start_time': u'2023-03-26 01:21:26', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 85, u'verdict': u'malicious', u'submit_name': u'rufus-3.22.exe', u'sha256': u'ac2a1743bbfc19268c36280b50a003366d41854863d4808099cd87f77fa5f433', u'type': None, u'type_short': u'exe', u'size': 1419336}, {u'environment_id': 100, u'job_id': u'641dadee645a17634f0da09c', u'analysis_start_time': u'2023-03-24 14:04:31', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'b6b5ebd305b3343ac77a7ced0bf7c27fc072b3166da85d34559ceafdff465cbc', u'type': None, u'type_short': u'url', u'size': 1108}, {u'environment_id': 100, u'job_id': u'641c9437020019db9909aba8', u'analysis_start_time': u'2023-03-23 18:02:32', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'3ab0f4618a12894b7fef72dd185.199.111.153
2023-05-12 02:45:09Raw Data from RIRsNoipapi.co0020None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'104.21.6.166', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'104.21.0.0/17', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}104.21.6.166
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.162): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:55:27Linked URL - InternalNoURLScan.io0010Nonehttp://kekw.battleb0t.xyz/jarbattleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:C4:0E:35)33.336199,-111.89446440830702
2023-05-12 02:44:23Open TCP PortNoSSL Certificate Analyzer0020None185.199.109.153:443185.199.109.153
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Cloudflare\, Inc.,CN=Cloudflare Inc ECC CA-3battleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES (Net ID: 00:12:BF:30:4A:F9)40.2024, 29.0398
2023-05-12 02:56:55Internet Name - UnresolvedNoDNS Resolver0020Nonetiktok.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 29 13:55:16 2022 GMT Not After : Mar 29 13:55:15 2023 GMT Subject: CN=tiktok.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:tiktok.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3c:48:04:ac:20:99:db:ca:ca:6a:cc:70:e1:43:3e:81:e0:75: d7:27:b2:3e:bf:0a:2c:b9:85:20:f8:d1:95:d7:8e:f6:e5:e7: 34:bf:dd:34:59:cd:80:f7:bc:54:a0:98:88:5b:c3:c9:31:8c: d5:fb:f3:f4:99:19:e3:f7:7b:0e:cf:b8:fd:2e:98:1e:df:5e: bd:32:3e:95:6e:85:fd:3c:39:51:1e:b7:ca:45:bb:af:6c:d9: 7d:bb:b2:5a:16:0a:ba:b6:2c:18:38:cf:10:14:91:d1:4e:1e: 9e:4a:61:8d:0a:4f:5a:cd:71:50:15:21:8b:cd:1e:13:69:3b: 32:8b:47:84:8b:ff:c8:9a:db:3a:ad:fc:8a:2a:31:1f:ec:36: 13:1f:de:24:59:1f:25:65:d4:e8:c7:48:dd:a5:f3:44:51:45: 44:37:47:80:9f:8c:0d:17:6e:d2:9a:8a:53:98:c4:b7:c5:92: 92:58:25:fc:e6:3b:4e:df:03:44:8a:de:9f:fe:7a:58:8e:b2: 30:ab:13:3d:69:81:47:99:7f:37:6f:80:60:8a:d3:9e:ba:df: ab:68:1e:a3:61:1c:dd:77:2a:1c:ae:ee:b6:17:f1:05:72:d2: ee:bb:6e:b1:5f:2b:66:a2:ce:5c:75:86:24:dc:66:4d:87:3e: 95:cd:4d:fe
2023-05-12 02:58:19Raw Data from RIRsNoHybrid Analysis0030None{u'count': 27, u'search_terms': [{u'id': u'host', u'value': u'34.74.170.74'}], u'result': [{u'environment_id': 100, u'job_id': u'63a3b3d1ddf29718d50a1530', u'analysis_start_time': u'2022-12-22 01:39:24', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'ee7e2d9cc60e02d86b4be3ce61368afcd366ceb3c836b41944262d1f1c35717d', u'type': None, u'type_short': u'url', u'size': 70}, {u'environment_id': 160, u'job_id': u'63977e9dae1f9c003b5ce605', u'analysis_start_time': u'2022-12-12 19:18:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'cc115afccd6fc96e7e94198d40bec095c6c73abe4941265f2c727cc456fe7812', u'type': None, u'type_short': u'url', u'size': 50}, {u'environment_id': 100, u'job_id': u'6392828d79488730c200349a', u'analysis_start_time': u'2022-12-09 00:34:22', u'vx_family': None, u'av_detect': u'100', u'environment_description': u'Windows 7 32 bit', u'threat_score': 0, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'0642b9057180c8b374ff898f17d356189d3b264a9632064dbb077777fcceccaa', u'type': None, u'type_short': u'url', u'size': 111}, {u'environment_id': 120, u'job_id': u'638f679fb1d2070160672c24', u'analysis_start_time': u'2022-12-06 16:02:39', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c4919dc5ebcf054490c8ebabbb453b631c7d016ba87624dd98df4535c94ee593', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 120, u'job_id': u'63865b7cd5844423476081fd', u'analysis_start_time': u'2022-11-29 19:20:28', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'ee2b3005a67dc45a60a0bc2947c2bfd8584632d9366ff2363f99250eefc18ee6', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 100, u'job_id': u'63691cbfbd04344cc75ae66e', u'analysis_start_time': u'2022-11-07 14:57:08', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'a4dcbaef70e2a40e6e200c1f3e33731c8bcc05d0656e6b53524113e8a0df8004', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 160, u'job_id': u'6363d7f1fc761c15c17b3308', u'analysis_start_time': u'2022-11-03 15:02:10', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'cb1af0d473361df7affbb056dab3ba4deda36972605d7a8818b296d8850e52ab', u'type': None, u'type_short': u'url', u'size': 449}, {u'environment_id': 120, u'job_id': u'635fd2ed62c55c3f0460c482', u'analysis_start_time': u'2022-10-31 13:51:41', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e1453be443ffb2440c03ec5c4559ccdc7744e69609085ae83e1b439ba68cec0d', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 100, u'job_id': u'6346255ebad57a03ce44a423', u'analysis_start_time': u'2022-10-12 02:24:31', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'19966b3c76496efd5b515e006c20819ecb6cc6bcb15a7d6f02e6d564b4569c85', u'type': None, u'type_short': u'url', u'size': 57}, {u'environment_id': 120, u'job_id': u'6345f449ab81ca2c01100ca1', u'analysis_start_time': u'2022-10-11 22:55:06', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2a7999a7c7b888cb2de97ef77fd40b70d500bd4d0d867d53de57717906f536f9', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 120, u'job_id': u'6345bb9d4e344208ff5110da', u'analysis_start_time': u'2022-10-11 19:00:12', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fb77b9fcfedf278c3a95dd022207815d527f6c39672b7d4bb735ccbd564c337b', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 120, u'job_id': u'633a92cd26ebeb4084237d30', u'analysis_start_time': u'2022-10-03 07:44:14', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 7, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'8dd26fb9b49d59c44d246f236241a66f44894a96cfd88e6a51b7180ec3afee55', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 120, u'job_id': u'63332d8bec4bc85429544603', u'analysis_start_time': u'2022-09-27 17:12:53', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c20b1b9476c9a0c39fb1fc240a9a6ecbf8c3a621eb05076f858345e4ec1f0b24', u'type': None, u'type_short': u'url', u'size': 185}, {u'environment_id': 120, u'job_id': u'63331f1830e7574737082cf9', u'analysis_start_time': u'2022-09-27 16:04:41', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'46f1850d69d9ed2ce0e13a3f0876f7b6dc06be159fb8563ed16ad44e418f754f', u'type': None, u'type_short': u'url', u'size': 193}, {u'environment_id': 120, u'job_id': u'632af55f008c332beb442bb4', u'analysis_start_time': u'2022-09-21 11:28:32', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8542bd5b44a22c5a1605485c1ad44055090c9b024aee2513be530a18da580c4a', u'type': None, u'type_short': u'url', u'size': 132}, {u'environment_id': 100, u'job_id': u'63232b151b9f1613672ee7c5', u'analysis_start_time': u'2022-09-15 13:39:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 60, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'08e9737057fea811f948925e9e391e1da7e9893d51f58b3c2456f5aca5abc1a7', u'type': None, u'type_short': u'url', u'size': 372}, {u'environment_id': 120, u'job_id': u'6318f2cc0b9d381dff465a33', u'analysis_start_time': u'2022-09-07 19:36:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f47a058697e7bd050260e62793cca89181c3f1843751027258c6005091b1159d', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 100, u'job_id': u'63177929f0d01a58c2105548', u'analysis_start_time': u'2022-09-06 16:45:30', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 65, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'87b8f7b4674362788c509a8a821d981fbff51ab940c3eda1f1cbc02229138ee8', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 110, u'job_id': u'6316d4fc50da6f01af3cb1d0', u'analysis_start_time': u'2022-09-06 05:16:19', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 20, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'd9796c683320585298536aecefe2ad34708b28a0de252b6719fc83e2a25a530b', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 120, u'job_id': u'63088b430ab94550560941eb', u'analysis_start_time': u'2022-08-26 08:58:44', u'vx_family': u'Phishing site', u'av_detect': u'6', u'environment_description': u'Windows 7 64 bit', u'threat_score': 22, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'8d65ee6c3d3e29e2405c7de07ca0dbc6a3c42dfa8e6cfd38e0d683284459d33f', u'type': None, u'type_short': u'url', u'size': 102}, {u'environment_id': 100, u'job_id': u'6302d05deed97532945a43e5', u'analysis_start_time': u'2022-08-22 00:39:58', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8ac3981d435cc07e82b191674acb15ae73d9120856291dacd3943ecd8cbf55bb', u'type': None, u'type_short': u'url', u'size': 124}, {u'environment_id': 100, u'job_id': u'62ff4b4a0b68df64617ec3d6', u'analysis_start_time': u'2022-08-19 08:35:23', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'437da0e7d6ec04cb427020f0d05f83c1e0a2d1c225783f3c08a953cbd4f27546', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 100, u'job_id': u'62ea9c33f156641b5137bc47', u'analysis_start_time': u'2022-08-03 16:03:00', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'783629b3e95b93b2d4a6ada0316b8a5e264452240f3a53e61173b93d3cc72fa7', u'type': None, u'type_short': u'url', u'size': 107}, {u'environment_id': 100, u'job_id': u'62e818500d4d2d35c053b80a', u'analysis_start_time': u'2022-08-01 18:15:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'75658c00df5f6a83875e4b4d0ee71200796b7814f2e0f7133b7af2c77f1f8d31', u'type': None, u'type_short': u'url', u'size': 125},34.74.170.74
2023-05-12 02:50:30Physical AddressNoGLEIF2030None14455 North Hayden Rd, Scottsdale, US-AZ, US, 85260GoDaddy.com, LLC
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNet4862 (Net ID: 00:01:36:5B:48:60)37.780462,-122.390564
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonegunhome1 (Net ID: 00:09:5B:EE:D0:0E)39.0469, -77.4903
2023-05-12 03:01:10Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.122): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:23:40Open TCP PortNoPulsedive0030None188.114.96.15:8443188.114.96.0/24
2023-05-12 03:01:09Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.120): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBIGO Live (Category: gaming) https://www.bigo.tv/user/loginlogin
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneDemotywatory (Category: images) https://demotywatory.pl/user/loginlogin
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/favicon.pnghttps://funny.battleb0t.xyz/
2023-05-12 03:01:14Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.129): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:23:27Open TCP PortNoPulsedive0030None188.114.96.9:443188.114.96.0/24
2023-05-12 02:53:20IP AddressNoMnemonic PassiveDNS40020None165.232.113.85kekw.battleb0t.xyz
2023-05-12 02:47:23Open TCP PortNoPulsedive0020None185.199.110.153:80185.199.110.153
2023-05-12 02:56:51Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:44:09 2022 GMT Not After : Mar 13 15:44:08 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a: e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b: 2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d: 80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63: d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28: 06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0: 09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7: 79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57: 0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97: a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6: fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3: 69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96: 80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64: 8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94: 42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d: ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff: 0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7: 48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab: 78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44: cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86: 24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e: 70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80: a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0: 36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23: 0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f: ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07: 72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36: 1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f: 13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63: 54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2: e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3: 0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25: 1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35: be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db: 56:15:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 23:97:7b:03:b9:f4:a4:34:12:d3:21:3d:da:44:f5:20:c3:b1: 3b:ac:6b:d9:60:b8:b7:69:bb:7a:12:d5:25:8c:0f:00:de:f7: 36:a4:48:3c:17:0b:8b:18:53:7e:62:90:c7:ad:c4:3d:35:34: 7d:53:88:f9:54:65:04:22:df:53:b4:19:52:e4:bc:5e:0b:03: 2b:1e:62:32:2a:0c:d4:df:76:d7:3c:d0:ee:2e:d6:fe:2e:91: 01:8b:82:92:c3:06:53:df:e0:c5:5e:14:ca:21:52:f8:77:c2: 63:cb:6d:04:c8:e2:63:8d:d8:f2:81:13:be:86:29:78:4d:d3: 15:f3:e6:0d:45:f1:0a:26:81:2a:91:e1:c5:11:de:38:7b:0c: cf:72:df:63:25:33:a6:15:a5:be:c2:1d:86:c1:1d:1c:dc:30: fc:22:c3:9f:a9:fa:7c:dd:a4:c0:3b:50:98:18:64:aa:5a:5b: 60:a4:a5:3e:e0:2c:e4:d0:4b:8a:7e:bc:80:27:a1:5e:d2:25: b1:27:e5:25:2c:1a:a2:db:28:f3:fa:2d:33:78:d3:45:4c:a4: 5f:a1:7f:85:be:04:d2:fe:95:ff:fd:b1:53:9f:47:43:cf:75: 33:c3:8e:7b:1a:d7:d7:ca:fd:b4:9d:e3:3d:6e:15:33:3e:ee: 1e:db:28:8f
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneuntappd (Category: social) https://untappd.com/user/login/login
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSpeedStream (Net ID: 00:01:24:F0:07:E7)37.7642, -122.3993
2023-05-12 03:12:51Physical LocationNonumverify0030NoneMoskva, RU+74955801111
2023-05-12 02:50:17Internet NameNoDNS Resolver0020Nonevscode.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:49:55 2023 GMT Not After : Apr 27 17:49:54 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49: 0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3: 37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce: 46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85: 32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc: 8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87: 4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a: b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43: aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15: 3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00: db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c: e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83: 3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5: 60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd: 14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9: ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6: e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9: 68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f: 22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3: 52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9: af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b: 37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c: 9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66: 5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66: 18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae: 0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3: 9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26: 3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96: 24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb: 90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5: 3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d: e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71: 2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7: b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f: 87:9a:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 14:78:89:b1:8a:61:96:a7:ed:ed:6f:79:f8:42:dc:18:11:94: 04:56:a5:c3:80:ee:8b:7d:e8:18:f9:55:d6:f7:cb:22:5f:bd: 89:01:c5:e6:7b:ae:45:c0:ec:56:e5:c2:7d:d1:3d:a3:bc:46: f2:97:64:eb:52:63:74:0b:62:2b:cb:f6:53:e6:8f:96:8f:78: 0e:79:d9:d9:06:eb:13:01:f3:a6:5e:da:6d:b3:53:66:1e:0a: 11:4d:63:47:ed:42:22:0b:9f:52:2c:e1:d2:d2:7f:fc:df:0d: ec:bd:d7:45:bd:1e:e8:50:83:90:59:00:5f:f9:13:d7:1e:8d: 09:80:4c:9f:8f:d6:56:72:42:52:f1:4f:c9:f7:1a:c8:c6:d7: cc:26:6b:04:0a:fd:ec:68:27:dd:6a:5c:a7:6a:ec:f5:60:49: d4:f0:de:24:04:3b:b8:7c:8c:60:f2:a3:cc:8f:46:9a:ab:ff: 28:cf:36:42:ed:1a:c4:05:86:b0:92:1e:51:f1:3e:c1:54:5f: a0:77:3a:81:f2:18:31:c6:f3:7b:7d:43:34:56:f8:32:e5:fc: 0e:7a:dd:40:27:84:9e:db:87:8b:98:6d:7c:97:c3:31:5e:a7: d9:88:62:36:ed:94:00:e5:a5:27:77:53:25:24:2b:3e:9f:cd: c9:43:c1:d8
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Nonelinksys-n (Net ID: 00:00:85:EB:4B:63)41.8781, -87.6298
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner2020Noneakashpmani.github.io185.199.111.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<hidden ssid> (Net ID: 00:01:E3:54:E7:17)52.3759, 4.8975
2023-05-12 03:03:39Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0101.github.io
2023-05-12 03:03:16Internet Name - UnresolvedNoDNS Resolver0020Nonecpcontacts.ayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0070NoneGoDaddy.com, LLCDomain Name: AMCODEV.ME Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2023-01-03T11:02:11Z Creation Date: 2018-01-02T22:12:38Z Registry Expiry Date: 2024-01-02T22:12:38Z Registrar Registration Expiration Date: Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Reseller: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Domain Name: amcodev.me Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2023-01-03T11:02:09Z Creation Date: 2018-01-02T22:12:38Z Registrar Registration Expiration Date: 2024-01-02T22:12:38Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR434510046 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Admin ID: CR434510262 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Tech ID: CR434510194 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Noneazis (Net ID: 00:06:B1:15:73:DD)33.617190550339146,-111.90827887019054
2023-05-12 03:42:54Affiliate - Domain WhoisNoWhois0060None% Restricted rights. % % Terms and Conditions of Use % % The above data may only be used within the scope of technical or % administrative necessities of Internet operation or to remedy legal % problems. % The use for other purposes, in particular for advertising, is not permitted. % % The DENIC whois service on port 43 doesn't disclose any information concerning % the domain holder, general request and abuse contact. % This information can be obtained through use of our web-based whois service % available at the DENIC website: % http://www.denic.de/en/domains/whois-service/web-whois.html % % Domain: domixo-hosting.de Nserver: ns2.inwx.de Nserver: ns3.inwx.eu Nserver: ns.inwx.de Status: connect Changed: 2020-10-30T16:19:21+01:00 domixo-hosting.de
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneTinder (Category: dating) https://tinder.com/@loginlogin
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonezoom2888 (Net ID: 00:01:38:85:BD:9E)37.7813933,-122.3918002
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c59a6bfbf716314-ORD Content-Encoding: gzip 188.114.96.1
2023-05-12 03:00:37Affiliate - Email AddressNoE-Mail Address Extractor0040Noneregistrar-abuse@cloudflare.com Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2015-10-20T06:46:53Z Creation Date: 2009-02-17T22:08:05Z Registry Expiry Date: 2024-02-17T22:08:05Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARE.NET Name Server: NS2.CLOUDFLARE.NET Name Server: NS3.CLOUDFLARE.NET Name Server: NS4.CLOUDFLARE.NET Name Server: NS5.CLOUDFLARE.NET DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2022-03-16T19:39:08Z Creation Date: 2009-02-17T22:08:05Z Registrar Registration Expiration Date: 2024-02-17T22:08:05Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Name Server: ns1.cloudflare.net Name Server: ns2.cloudflare.net Name Server: ns3.cloudflare.net Name Server: ns4.cloudflare.net Name Server: ns5.cloudflare.net DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 02:53:02Web TechnologyNoTool - WAFW00F0020NoneCloudflare Inc. Cloudflarenwapi.battleb0t.xyz
2023-05-12 02:59:34Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.kekw.battleb0t.xyz
2023-05-12 02:53:35Open TCP PortNoCensys0020None185.199.110.153:80185.199.110.153
2023-05-12 03:00:59Malicious AffiliateYesVXVault.net0130NoneVXVault Malicious URL List [cdn-185-199-108-153.github.com] http://vxvault.net/URL_List.phpcdn-185-199-108-153.github.com
2023-05-12 02:44:14SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 Validity Not Before: Dec 21 00:00:00 2022 GMT Not After : Jan 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae: cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d: b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88: 23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86: 5a:94:02:42:28 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A X509v3 Subject Key Identifier: 3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F X509v3 Subject Alternative Name: DNS:*.netlify.app, DNS:netlify.app X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Dec 21 09:03:52.902 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB: C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17: 00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58: FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86: 6C:21:15:5D:B2:9C:A1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Dec 21 09:03:52.857 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B: 44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD: 03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D: D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8: 5D:FA:B6:44:79:49:3C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B: 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17 Timestamp : Dec 21 09:03:52.852 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D: 58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23: F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9: 3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8: 4E:E8:E8:BE:9A:FD:22 Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea: 95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e: 80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02: 31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03: ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6: 8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49 pics.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F1:32:0A)41.8781, -87.6298
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAyse (Net ID: 00:14:C1:3A:06:51)40.2024, 29.0398
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonejia (Net ID: 00:0C:41:75:83:AD)39.0469, -77.4903
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0040Nonecloudflare{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:13 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:13 GMT", "cf-ray": "7c5f6036af1541db-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 02:54:19Linked URL - InternalNoWeb Spider6020Nonehttps://fluid.battleb0t.xyz/fluid.battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:35:DF:56)34.0544, -118.244
2023-05-12 03:23:40Open TCP PortNoPulsedive0030None188.114.96.15:443188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATT6WEI6hJ (Net ID: D4:B2:7A:43:F2:C2)37.751, -97.822
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:18:39:E0:85:F6)32.8608, -79.9746
2023-05-12 03:09:27Co-Hosted SiteNoSSL Certificate Analyzer0020Nonesni.cloudflaressl.com188.114.97.1
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f8c594cb34339-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:12Co-Hosted SiteNoSSL Certificate Analyzer1020Nonecloudwaysapps.comkekw.battleb0t.xyz
2023-05-12 03:31:32Affiliate - Email AddressNoE-Mail Address Extractor0030Nonee8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.comDomain Name: battleb0t.wtf Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2023-02-15T17:41:17Z Creation Date: 2023-02-10T17:40:28Z Registry Expiry Date: 2024-02-10T17:40:28Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:15:08Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: battleb0t.wtf Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2023-02-10T17:40:28.99Z Registrar Registration Expiration Date: 2024-02-10T17:40:28.99Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T13:15:09.13Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:00:48:65:F1:BF)41.8781, -87.6298
2023-05-12 02:47:24Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'bounty-60048660704598979', u'signatures': [], u'threat_level': 1, u'size': 1397320, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'd0554f1fc47407d678a4d8eace607272013c475033b636bfb1824ed6b1a22e36', u'sha512': u'936ffc79313ebd47ad41f13c5e922d77f4d58c43f0c4df3daf3caff06bf8ca0cb2586c63c685b1c60ffe9d24ce1815ea2fe02d09e4618ba7cef897dffaa01467', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'644de19185cd7ba33b0ebb77', u'created_at': u'2023-04-30T03:33:37+00:00', u'filename': u'rufus-3.21p.exe'}, {u'url': None, u'submission_id': u'644d328d160fbd497c0249ea', u'created_at': u'2023-04-29T15:06:53+00:00', u'filename': u'bounty-86001166714428459'}, {u'url': None, u'submission_id': u'644d328c2619bb33a2062345', u'created_at': u'2023-04-29T15:06:52+00:00', u'filename': u'bounty-75452711595433687'}, {u'url': None, u'submission_id': u'644d20db3892d3fa3503f45d', u'created_at': u'2023-04-29T13:51:23+00:00', u'filename': u'bounty-69409737173865529'}, {u'url': None, u'submission_id': u'644670e8f6594782e504e063', u'created_at': u'2023-04-24T12:07:04+00:00', u'filename': u'bounty-23683237179354189'}, {u'url': None, u'submission_id': u'64466c020c744eef360e7a3b', u'created_at': u'2023-04-24T11:46:10+00:00', u'filename': u'bounty-54152439984031433'}, {u'url': None, u'submission_id': u'64466c009a197330510ca9de', u'created_at': u'2023-04-24T11:46:08+00:00', u'filename': u'bounty-20187180234839305'}, {u'url': None, u'submission_id': u'6440894b2311f94ff3047162', u'created_at': u'2023-04-20T00:37:31+00:00', u'filename': u'bounty-11597493263526310'}, {u'url': None, u'submission_id': u'644028b866dee6f76d08d606', u'created_at': u'2023-04-19T17:45:28+00:00', u'filename': u'bounty-69752916457787705'}, {u'url': None, u'submission_id': u'6440116c41936776ee068346', u'created_at': u'2023-04-19T16:06:04+00:00', u'filename': u'bounty-14153918190732173'}, {u'url': None, u'submission_id': u'643aba2ede3ec5d7d7033f33', u'created_at': u'2023-04-15T14:52:30+00:00', u'filename': u'bounty-36006345838913303'}, {u'url': None, u'submission_id': u'643ab9f92c9d85a9850cc3d5', u'created_at': u'2023-04-15T14:51:37+00:00', u'filename': u'bounty-23074866243363724'}, {u'url': None, u'submission_id': u'642b91bf406da52dd400eac9', u'created_at': u'2023-04-04T02:55:59+00:00', u'filename': u'bounty-62066260028766542'}, {u'url': None, u'submission_id': u'642b91b09f84ad67780669ce', u'created_at': u'2023-04-04T02:55:44+00:00', u'filename': u'bounty-62692702447861562'}, {u'url': None, u'submission_id': u'641a31f9f46795db1a06898d', u'created_at': u'2023-03-21T22:38:49+00:00', u'filename': u'bounty-7657930337676953'}, {u'url': None, u'submission_id': u'6407a5754b329945cc067194', u'created_at': u'2023-03-07T20:58:29+00:00', u'filename': u'rufus-3.21 (1).exe'}, {u'url': None, u'submission_id': u'63eab12d68afe375de3a4bfc', u'created_at': u'2023-02-13T21:52:45+00:00', u'filename': u'rufus-3.21.exe'}, {u'url': None, u'submission_id': u'63bf789acdb4237617605898', u'created_at': u'2023-01-12T03:03:54+00:00', u'filename': u'bounty-44826039870082806'}, {u'url': None, u'submission_id': u'63a889da2274de4da87d35fa', u'created_at': u'2022-12-25T17:35:22+00:00', u'filename': u'bounty-40358777649735610'}, {u'url': None, u'submission_id': u'63907e1b25dc9a507e28a896', u'created_at': u'2022-12-07T11:50:52+00:00', u'filename': u'bounty-60048660704598979'}], u'analysis_start_time': u'2022-12-07T11:50:52+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'c2ab67a2561ac7f5add3256fe9bf85d4', u'network_mode': u'default', u'processes': [], u'sha1': u'cc5742d1f128c439740a56734c0e105f11a62fe6', u'url_analysis': False, u'type': u'PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'suspicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': 4, u'submit_name': u'rufus-3.21.exe', u'signatures': [{u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-96', u'name': u'PE file entrypoint instructions', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"d0554f1fc47407d678a4d8eace607272013c475033b636bfb1824ed6b1a22e36.bin" file has an entrypoint instructions - "pushal,movesi, 0x692015,leaedi, [esi - 0x291015],pushedi,movebp, esp,leaebx, [esp - 0x3e80],xoreax, eax,pusheax,cmpesp, ebx,jne0x7d99b8,incesi,incesi,pushebx,push0x3d72d4,pushedi,addebx, 4,pushebx,push0x147989,pushesi,addebx, 4,pushebx,pusheax,movdword ptr [ebx], 0x20003,pushebp,pushedi,pushesi,pushebx,subesp, 0x7c,movedx, dword ptr [esp + 0x90],movdword ptr [esp + 0x74], 0,movbyte ptr [esp + 0x73], 0,movebp, dword ptr [esp + 0x9c],leaeax, [edx + 4],movdword ptr [esp + 0x78], eax,"'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-17', u'name': u'Accesses System Certificates Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1112', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-203', u'attck_id': u'T1112', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CERTIFICATES\\D559A586669B08F46A30A133F8A9ED3D038E2EA8"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CERTIFICATES\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CRLS\\A377D1B1C0538833035211F4083D00FECC414DAB"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\B533345D06F64516403C00DA03187D3BFEF59156"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\D018B62DC518907247DF50925BB09ACF4A5CB3AD"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\CEA586B2CE593EC7D939898337C57814708AB2BE"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\F8A54E03AADC5692B850496A4C4630FFEAA29D83"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT"; Key: "")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-18', u'name': u'Accesses Software Policy Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CERTIFICATES"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CERTIFICATES"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOF185.199.111.153
2023-05-12 02:44:19Software UsedYesTool - Wappalyzer0020NoneGitHub Pageswww.battleb0t.xyz
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Noneetherum-libs.github.io185.199.109.153
2023-05-12 03:00:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.25): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:11Software UsedYesCensys0020NoneDovecot Dovecot87.248.157.102
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.147): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:00:51Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.76): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:38BGP AS MembershipNoRIPE0040None13335104.21.64.0/20
2023-05-12 03:10:22Malicious IP AddressYesThreat Jammer0120NoneThreat Jammer - Risk score: 40 (MEDIUM) https://threatjammer.com/info/188.114.96.1188.114.96.1
2023-05-12 02:44:18Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.110.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:20Web ContentNoWeb Spider0040None.container{width:100%}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity))}.bg-center{background-position:50%}.bg-no-repeat{background-repeat:no-repeat}.border-gray-300{--border-opacity:1;border-color:#ebebeb;border-color:rgba(235,235,235,var(--border-opacity))}.rounded{border-radius:.25rem}.border-solid{border-style:solid}.border-0{border-width:0}.border{border-width:1px}.border-t{border-top-width:1px}.cursor-pointer{cursor:pointer}.block{display:block}.inline-block{display:inline-block}.table{display:table}.hidden{display:none}.float-left{float:left}.clearfix:after{content:"";display:table;clear:both}.font-mono{font-family:monaco,courier,monospace}.font-light{font-weight:300}.font-normal{font-weight:400}.font-semibold{font-weight:600}.h-12{height:3rem}.h-20{height:5rem}.text-13{font-size:13px}.text-15{font-size:15px}.text-60{font-size:60px}.text-2xl{font-size:1.5rem}.text-3xl{font-size:1.875rem}.leading-tight{line-height:1.25}.leading-normal{line-height:1.5}.leading-relaxed{line-height:1.625}.leading-1\.3{line-height:1.3}.my-8{margin-top:2rem;margin-bottom:2rem}.mx-auto{margin-left:auto;margin-right:auto}.mr-2{margin-right:.5rem}.mb-2{margin-bottom:.5rem}.mt-3{margin-top:.75rem}.mb-4{margin-bottom:1rem}.ml-4{margin-left:1rem}.mt-6{margin-top:1.5rem}.mb-6{margin-bottom:1.5rem}.mb-8{margin-bottom:2rem}.mb-10{margin-bottom:2.5rem}.ml-10{margin-left:2.5rem}.mb-15{margin-bottom:3.75rem}.-ml-6{margin-left:-1.5rem}.overflow-hidden{overflow:hidden}.p-0{padding:0}.py-2{padding-top:.5rem;padding-bottom:.5rem}.px-4{padding-left:1rem;padding-right:1rem}.py-8{padding-top:2rem;padding-bottom:2rem}.py-10{padding-top:2.5rem;padding-bottom:2.5rem}.py-15{padding-top:3.75rem;padding-bottom:3.75rem}.pr-6{padding-right:1.5rem}.pt-10{padding-top:2.5rem}.absolute{position:absolute}.relative{position:relative}.left-1\/2{left:50%}.-bottom-4{bottom:-1rem}.resize{resize:both}.text-center{text-align:center}.text-black-dark{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity))}.text-gray-600{--text-opacity:1;color:#999;color:rgba(153,153,153,var(--text-opacity))}.text-red-error{--text-opacity:1;color:#bd2426;color:rgba(189,36,38,var(--text-opacity))}.text-green-success{--text-opacity:1;color:#9bca3e;color:rgba(155,202,62,var(--text-opacity))}.antialiased{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.w-12{width:3rem}.w-240{width:60rem}.w-1\/2{width:50%}.w-1\/3{width:33.333333%}.w-full{width:100%}.transition{-webkit-transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform,-webkit-transform}body,html{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity));-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-size:16px}*,body,html{margin:0;padding:0}*{box-sizing:border-box}a{--text-opacity:1;color:#2f7bbf;color:rgba(47,123,191,var(--text-opacity));text-decoration:none;-webkit-transition-property:all;transition-property:all;-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);transition-timing-function:cubic-bezier(0,0,.2,1)}a:hover{--text-opacity:1;color:#f68b1f;color:rgba(246,139,31,var(--text-opacity))}img{display:block;width:100%;height:auto}#what-happened-section p{font-size:15px;line-height:1.5}strong{font-weight:600}.bg-gradient-gray{background-image:-webkit-linear-gradient(top,#dedede,#ebebeb 3%,#ebebeb 97%,#dedede)}.cf-error-source:after{position:absolute;--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity));width:2.5rem;height:2.5rem;--transform-translate-x:0;--transform-translate-y:0;--transform-rotate:0;--transform-skew-x:0;--transform-skew-y:0;--transform-scale-x:1;--transform-scale-y:1;-webkit-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));-ms-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));--transform-rotate:45deg;content:"";bottom:-1.75rem;left:50%;margin-left:-1.25rem;box-shadow:0 0 4px 4px #dedede}@media screen and (max-width:720px){.cf-error-source:after{display:none}}.cf-icon-browser{background-image:url(/cdn-cgi/images/cf-icon-browser.png)}.cf-icon-cloud{background-image:url(/cdn-cgi/images/cf-icon-cloud.png)}.cf-icon-server{background-image:url(/cdn-cgi/images/cf-icon-server.png)}.cf-icon-ok{background-image:url(/cdn-cgi/images/cf-icon-ok.png)}.cf-icon-error{background-image:url(/cdn-cgi/images/cf-icon-error.png)}#cf-wrapper .feedback-hidden{display:none}#cf-wrapper .feedback-success{min-height:33px;line-height:33px}#cf-wrapper .cf-button{color:#0051c3;font-size:13px;border-color:#0045a6;-webkit-transition-timing-function:ease;transition-timing-function:ease;-webkit-transition-duration:.2s;transition-duration:.2s;-webkit-transition-property:background-color,border-color,color;transition-property:background-color,border-color,color}#cf-wrapper .cf-button:hover{color:#fff;background-color:#003681}.cf-error-footer .hidden{display:none}.cf-error-footer .cf-footer-ip-reveal-btn{-webkit-appearance:button;-moz-appearance:button;appearance:button;text-decoration:none;background:none;color:inherit;border:none;padding:0;font:inherit;cursor:pointer;color:#0051c3;-webkit-transition:color .15s ease;transition:color .15s ease}.cf-error-footer .cf-footer-ip-reveal-btn:hover{color:#ee730a}.code-label{background-color:#d9d9d9;color:#313131;font-weight:500;border-radius:1.25rem;font-size:.75rem;line-height:4.5rem;padding:.25rem .5rem;height:4.5rem;white-space:nowrap;vertical-align:middle}@media (max-width:639px){.sm\:block{display:block}.sm\:hidden{display:none}.sm\:mb-1{margin-bottom:.25rem}.sm\:mb-2{margin-bottom:.5rem}.sm\:py-4{padding-top:1rem;padding-bottom:1rem}.sm\:px-8{padding-left:2rem;padding-right:2rem}.sm\:text-left{text-align:left}}@media (max-width:720px){.md\:border-gray-400{--border-opacity:1;border-color:#dedede;border-color:rgba(222,222,222,var(--border-opacity))}.md\:border-solid{border-style:solid}.md\:border-0{border-width:0}.md\:border-b{border-bottom-width:1px}.md\:block{display:block}.md\:inline-block{display:inline-block}.md\:hidden{display:none}.md\:float-none{float:none}.md\:text-3xl{font-size:1.875rem}.md\:m-0{margin:0}.md\:mt-0{margin-top:0}.md\:mb-2{margin-bottom:.5rem}.md\:p-0{padding:0}.md\:py-8{padding-top:2rem;padding-bottom:2rem}.md\:px-8{padding-left:2rem;padding-right:2rem}.md\:pr-0{padding-right:0}.md\:pb-10{padding-bottom:2.5rem}.md\:top-0{top:0}.md\:right-0{right:0}.md\:left-auto{left:auto}.md\:text-left{text-align:left}.md\:w-full{width:100%}}@media (max-width:1023px){.lg\:text-sm{font-size:.875rem}.lg\:text-2xl{font-size:1.5rem}.lg\:text-4xl{font-size:2.25rem}.lg\:leading-relaxed{line-height:1.625}.lg\:px-8{padding-left:2rem;padding-right:2rem}.lg\:pt-6{padding-top:1.5rem}.lg\:w-full{width:100%}} http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 02:47:42SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:02:53 2023 GMT Not After : May 25 03:02:52 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2: 4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da: 27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc: 93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57: 82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a: 64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39: b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1: 1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e: 27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a: df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2: 6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86: a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d: 21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d: fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07: 24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34: 0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73: 29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b: 6b:f7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 24 04:02:53.639 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:28:F1:70:B2:E6:F5:A1:9C:C3:2A:B9:98: B7:CA:DE:46:06:8A:0D:FD:5D:51:62:6A:9E:AF:A7:18: F8:56:D1:B0:02:20:21:A4:D3:7B:9B:94:A5:33:57:25: EA:F9:E9:6B:7D:DB:3E:9B:70:AC:99:47:BB:60:A1:D8: D4:9F:E0:9F:F4:44 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Feb 24 04:02:53.699 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:3D:E9:FF:70:A3:4B:24:45:DE:32:CD:C1: EB:D6:68:50:E8:90:39:17:70:65:2F:C3:8E:27:EF:8F: 0A:2C:12:42:02:20:63:BD:B7:88:53:11:AE:74:C0:8C: 3E:DD:9A:2F:D6:E5:34:A4:8C:A2:AB:43:8C:64:7E:9B: D2:8E:90:08:CE:60 Signature Algorithm: sha256WithRSAEncryption 7e:31:5b:b5:c6:0c:16:27:0b:f5:1a:b3:80:a7:ef:5e:5f:1b: 87:38:b7:8a:be:5c:4b:2a:3f:28:2b:4f:87:5f:c2:b4:d3:b7: be:f8:28:f5:15:c7:b3:3f:3d:40:b4:03:a4:95:06:01:1a:58: 1f:75:36:4b:ec:65:5a:e0:fd:b0:bf:41:e3:ff:57:4e:dd:05: 47:2c:e5:74:c8:5a:58:19:d6:53:61:f6:8d:0e:19:29:5d:dd: b2:13:e8:c5:4c:7e:68:dc:f2:b4:05:5a:13:8e:d2:2e:4e:5e: 81:10:a5:86:8f:30:30:f7:61:4a:6f:5c:17:0d:a4:ef:13:02: 05:48:b0:18:ac:9c:df:24:70:12:e3:44:ac:31:54:f5:b6:92: f4:ec:b6:e7:16:93:23:c7:b8:7e:51:5c:f7:05:33:1c:0e:7a: b3:3d:ed:21:03:d2:bc:a5:bf:10:81:1f:4c:79:d4:3a:73:b9: 93:9f:57:8b:98:ea:3e:74:39:70:99:3d:3a:c0:f2:4d:e1:55: ed:dc:49:4e:a6:39:a5:82:ea:2d:6e:e9:17:c6:72:75:ec:10: 72:d0:c9:3e:b9:30:69:bc:2f:70:06:3c:ba:31:b6:c1:0c:45: e6:92:88:78:56:3a:d4:0c:d2:32:b8:49:37:f3:c4:6d:15:69: 54:99:0a:d9 battleb0t.xyz
2023-05-12 02:44:42Internet NameNoDNS Resolver0020Nonevscode.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:49:55 2023 GMT Not After : Apr 27 17:49:54 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49: 0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3: 37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce: 46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85: 32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc: 8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87: 4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a: b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43: aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15: 3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00: db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c: e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83: 3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5: 60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd: 14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9: ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6: e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9: 68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f: 22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3: 52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9: af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b: 37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c: 9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66: 5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66: 18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae: 0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3: 9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26: 3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96: 24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb: 90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5: 3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d: e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71: 2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7: b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f: 87:9a:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 27 18:49:55.813 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:86:06:13:D6:59:74:98:67:AB:1E:5E: 35:81:72:04:C0:6A:1F:FC:7B:00:6F:B8:03:F1:BE:1B: 95:AB:B8:28:27:02:21:00:BC:93:E5:D5:C0:AB:C3:D9: F0:70:98:2F:0B:66:FF:CE:EB:B1:93:B5:AF:E3:EC:E5: 24:C0:E0:01:07:FE:3F:C0 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Jan 27 18:49:55.791 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:EE:AA:37:8F:C9:30:00:92:D7:56:A4: B6:CE:F3:F5:CF:29:81:16:83:11:DE:9E:A3:05:67:53: 91:6D:18:E7:A8:02:21:00:D8:7E:2B:BA:15:47:72:19: DF:D8:EF:24:B0:25:79:A1:48:F8:3A:2F:C8:FB:0A:50: 3F:7F:81:1E:4F:CF:9B:26 Signature Algorithm: sha256WithRSAEncryption 54:17:5d:50:fa:47:51:89:f1:3d:5a:36:e8:d7:6e:d8:ae:85: fe:d5:2e:dc:14:36:b2:f3:63:e0:57:da:ee:7f:c4:31:c7:24: a6:e1:02:c4:6d:d7:20:80:18:28:5b:5e:4a:05:31:14:72:9e: 66:88:fd:41:57:c0:d0:ff:22:13:fd:7e:a3:d9:75:17:b4:67: 19:9a:e9:16:5e:44:4f:78:33:3a:4e:54:5f:6f:68:3b:1c:af: d6:db:9b:bd:2a:b2:ea:76:7b:55:8a:a5:42:70:bd:16:d6:9e: 36:d7:56:22:2c:f3:d5:18:19:3e:f8:18:e5:da:a9:4e:03:a9: 13:d9:fb:8a:01:6e:70:f3:d9:fb:a9:8f:9a:38:b9:d7:89:2c: 9a:59:0a:bf:e9:71:d6:1c:2b:eb:93:fd:5b:0d:32:8d:ce:21: 6b:4e:a0:7b:68:bb:1b:49:02:64:07:cd:71:b7:fa:23:e8:c5: 12:86:a7:7c:6b:b8:cf:88:07:9a:b1:b0:e7:e8:80:0a:54:1c: 15:61:1e:50:90:fa:7e:93:82:0d:40:bf:16:d5:1e:1e:93:9f: 58:6f:56:5d:6c:49:c2:36:9e:81:7f:0e:32:d4:68:dd:6c:03: 64:48:28:01:66:a7:85:1f:9a:be:92:2f:5f:75:fe:d1:ff:94: e2:b4:07:7b
2023-05-12 02:53:42Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8d-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 7C6A:7C80:2850A39:3919A91:645D8DCD Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 1827 X-Served-By: cache-chi-kigq8000031-CHI X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1683854577.750981,VS0,VE4 Vary: Accept-Encoding X-Fastly-Request-ID: 01d5273de282686844c6b1cd964008c7007600d9 185.199.109.153
2023-05-12 02:58:14Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.148.97.127', u'96.6.31.32'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/system/_title_screen.ks', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "CommunicationManager_Mutex"\n "IsoScope_bb8_ConnHashTable<3000>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_bb8_IE_EarlyTabStart_0x87c_Mutex"\n "IsoScope_bb8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bb8_IESQMMUTEX_0_303"\n "SmartScreen_ClientId_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3000"\n "Local\\VERMGMTBlockListFileMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"68.142.107.4:80"\n "34.148.97.127:443"\n "96.6.31.32:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_196E02E2-21A6-11ED-9D74-08002763CA91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003000]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00000276]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003000]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003000]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003000]\n "RecoveryStore._48C636BB-21A4-11ED-9D74-08002763CA91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "76P3A3ZI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\76P3A3ZI.txt]- [targetUID: 00000000-00003000]\n "~DFB1C121D813060596.TMP" has type "data"- Location: [%TEMP%\\~DFB1C121D813060596.TMP]- [targetUID: 00000000-00003000]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00000276]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003000]\n "8864D121A6EBD5E6D0EFEDAB49B51A90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\8864D121A6EBD5E6D0EFEDAB49B51A90]- [targetUID: 00000000-00000276]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003000]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00000276]\n "~DF92A4208FF8524FE3.TMP" has type "data"- Location: [%TEMP%\\~DF92A4208FF8524FE3.TMP]- [targetUID: 00000000-00003000]\n "B126BF247C927A243E186240F06A7849" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B126BF247C927A243E186240F06A7849]- [targetUID: 00000000-00000276]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /data/scenario/system/_title_screen.ks HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: 62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.148.97.127]\n\n "HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:b47e5e27-bf85-45ba-a97c-0377ce0e5779\nX-Response-Cache-Status: True\nExpires: Mon, 22 Aug 2022 00:43:49 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Mon, 22 Aug 2022 00:43:49 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"- [Source: SSL_96.6.31.32]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/system/_title_screen.ks"- [Source: Input]\n Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app"- [Source: Input]\n Pattern match: "https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us"- [Source: SSL_96.6.31.32]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: https://apex-university.netlify.app/ (AV positives: 20/89 scanned on 08/22/2022 00:06:28)\n URL: https://www.toprankedtechgadgetsnow.com/p/tf?affid=8929&provider=Affiliati&click_id=f116ae132e8d4f80a8607bf83fd87f9d&c1=&c2=506642568&c3=&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/22/2022 00:05:22)\n URL: https://grand-kataifi-0d3694.netlify.app/ (AV positives: 11/88 scanned on 08/21/2022 23:01:29)\n URL: https://www.toprankedtechgadgetsnow.com/p/sw?affid=8929&provider=Affiliati&click_id=ad04bd2d55f7442084fd876552cffdde&c1=&c2=506623183&c3=&xyz=30.0 (AV positives: 1/88 scanned on 08/21/2022 22:58:56)\n URL: https://endearing-dusk-d5d9a0.netlify.app/ (AV positives: 11/88 scanned on 08/21/2022 22:07:36)\n File SHA256: ed519561b155ef7b685ef981c466638407317d9d8eb0f5236a3a48f0575f6545 (AV positives: 27/75 scanned on 08/16/2022 18:17:19)\n File SHA256: 524180810d0b9764e5ef3923a8eb34b2ed8ca1923244be37e94ca57d889ede9b (AV positives: 56/75 scanned on 08/12/2022 02:05:05)\n File SHA256: 782eda6bdf7c6cb6067637f06c9a69c3fda5e4d6efbf7a744bc1b7574311d6ca (AV positives: 26/75 scanned on 07/31/2022 23:13:31)\n File SHA256: 53b6bcc44935e6141356b24f7e68b4970457269119a206c0a0b5d731f2e556d4 (AV positives: 6/74 scanned on 07/31/2022 22:52:37)\n File SHA256: f257c984bab34903c697dcd9eda861735efa9b2e4b9165b40468113acde4695c (AV positives: 24/75 scanned on 07/26/2022 23:14:08)\n Found malicious artifacts related to "96.6.31.32": ...\n\n URL: http://aka.ms/ioavtest (AV positives: 4/88 scanned on 08/12/2022 22:59:26)\n URL: http://96.6.31.32/ (AV positives: 1/87 scanned on 07/14/2022 13:54:58)\n URL: http://aka.ms/ioavtest/ (AV positives: 4/87 scanned on 06/30/2022 23:36:06)\n URL: https://aka.ms/ioavtest (AV positives: 3/93 scanned on 05/29/2022 134.148.97.127
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom (Net ID: 00:0C:F6:6E:18:20)50.8897, 6.0563
2023-05-12 02:45:52Physical CoordinatesNoAbstractAPI0040None37.751, -97.8222606:4700:3030::ac43:a8fc
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:8880172.67.168.252
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None185.199.108.153www.battleb0t.xyz
2023-05-12 02:59:44Co-Hosted Site - Domain WhoisNoWhois2030None Domain Name: CLOUDFLARESSL.COM Registry Domain ID: 1877752347_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2023-03-17T11:06:38Z Creation Date: 2014-09-27T01:11:37Z Registry Expiry Date: 2032-09-27T01:11:37Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARESSL.COM Name Server: NS2.CLOUDFLARESSL.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 E6F95480B8B7B40CB784DEFF3DB68992C1A795554748DAB4CCE69FD298BD5F1F URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARESSL.COM Registry Domain ID: 1877752347_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2023-03-25T07:00:34Z Creation Date: 2014-09-27T01:11:37Z Registrar Registration Expiration Date: 2032-09-27T01:11:37Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Name Server: ns1.cloudflaressl.com Name Server: ns2.cloudflaressl.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/ cloudflaressl.com
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneSpeedStream (Net ID: 00:01:24:F0:B4:05)37.780462,-122.390564
2023-05-12 03:09:58Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.110
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonelogitecgameuser (Net ID: 00:01:8E:15:D4:A7)37.7813933,-122.3918002
2023-05-12 02:53:15IP AddressNoMnemonic PassiveDNS0010None185.199.111.153battleb0t.xyz
2023-05-12 02:44:52Raw Data from RIRsNoCRXcavator1010None[{"platform": "Chrome", "version": "1.0", "data": {"entrypoints": {"chrome.cookies.get": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [53, 110], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [36, 113], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/redirect.js": [18, 78, 144]}, "chrome.tabs.query": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [253]}, "chrome.runtime.onMessage": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [173]}}, "risk": {"webstore": {"total": 8, "last_updated": 5, "support_site": 1, "rating_users": 1, "users": 1}, "metadata": {}, "total": 460, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "permissions": {"total": 75}}, "extcalls": ["https://fonts.googleapis.com/css?family=Baloo+Bhaina+2|Roboto&display=swap", "https://dayhub.co", "https://gokanto.com/dayhub/getUserProfileData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co?action=signUp", "https://gokanto.com/dayhub/signIn", "https://dayhub.co", "https://dayhub.co/app", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co/app?action=editSchedule", "https://dayhub.co/app?action=editSites", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData"], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "gbkeegbaiigmenfmjfclcdgdpimamgkj": {"rating": 3.6818337, "users": 6000000, "platform": "", "short_description": "View and edit Microsoft Word, Excel, and PowerPoint files with Google Docs, Sheets, and Slides", "icon": "https://lh3.googleusercontent.com/nM9DoYWOXecxYlD9b43JTgmjpsSaIAKJ_wHz3fAHysYl_bsVSVVANozLm6dlMVEJ7ZYXx-wydY1IfePdBbjNSQw4=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5824, "name": "Office Editing for Docs, Sheets & Slides"}, "ohahllgiabjaoigichmmfljhkcfikeof": {"rating": 4.8292074, "users": 1000000, "platform": "", "short_description": "Free and improved AdBlocker. Completely remove ALL ads. No \"acceptable\" ads or whitelisted advertisers, block tracking and malware!", "icon": "https://lh3.googleusercontent.com/AsZW_M_1Unw6wZ0r-Th6HP1bSgo3odQg2jvmPN8z01RUGIli-YLnZwGdqpdjUY_pgFaQW4zgeq9vADQ-S8q1Jq6g7Dw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 47584, "name": "AdBlocker Ultimate"}, "lpcaedmchfhocbbapmcbpinfpgnhiddi": {"rating": 4.0977564, "users": 8000000, "platform": "", "short_description": "Save to Google Keep in a single click!", "icon": "https://lh3.googleusercontent.com/PX16LKTye9cVfZTehEpKSUQgntIvmjuvkh4kWF55rTIYMsdmYZiuZFJq-0ONQHueFpToU4HBlvGS8b_hdQhNhH7OfA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7621, "name": "Google Keep Chrome Extension"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "dagcmkpagjlhakfdhnbomgmjdpkdklff": {"rating": 2.7953382, "users": 2000000, "platform": "", "short_description": "Fast, convenient import of references and PDFs to your Mendeley Reference Manager library.", "icon": "https://lh3.googleusercontent.com/n-KR5-ddPVwU7aEkQYUzyQ1di71jI51yOcMuDD-HBBzRxUSEoS1lie5K8Jydhj5pye21D-OOJqneqn0lB-IFxcoV=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1759, "name": "Mendeley Web Importer"}, "ljflmlehinmoeknoonhibbjpldiijjmm": {"rating": 4.430087, "users": 1000000, "platform": "", "short_description": "Read aloud any Google Doc, PDF, webpage, or book with text to speech (TTS). Natural sounding voices in 30+ languages & 130 voices.", "icon": "https://lh3.googleusercontent.com/aQsKQj8i_4KJsxjKTAzn_ACwmtVbM_p6Mxvh9LDlO-6dcScpIZqQUUxdztFPK0Ftgz7L2yTE6g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8482, "name": "Speechify Text to Speech Voice Reader"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you can easily get back to them later.", "icon": "https://lh3.googleusercontent.com/RHxJoFYLUtCLDgNV64uYMTgTu6NeJpmyV5zAGPcm2H7-WeKEDiDjOsbmpCHhTwhqishCR70OZgXUBWXiyimTTRP7=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 9559, "name": "Pinterest Save Button"}, "noaijdpnepcgjemiklgfkcfbkokogabh": {"rating": 4.390603, "users": 1000000, "platform": "", "short_description": "Translator, Dictionary, Voice", "icon": "https://lh3.googleusercontent.com/5BdJZ8RtA9D8gzY63BejGvZ7Av5RX0iYXYJ0Gv8yoXwK0Qs4vQvafb7eEmfknWvQVU6zGsDw7cs-hxvBJkpuW4Go=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4959, "name": "ImTranslator: Translator, Dictionary, TTS"}, "aapbdbdomjkkjkaonfhkkikfgjllcleb": {"rating": 4.349156, "users": 10000000, "platform": "", "short_description": "View translations easily as you browse the web. By the Google Translate team.", "icon": "https://lh3.googleusercontent.com/3ZU5aHnsnQUl9ySPrGBqe5LXz_z9DK05DEfk10tpKHv5cvG19elbOr0BdW_k8GjLMFDexT2QHlDwAmW62iLVdek--Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42113, "name": "Google Translate"}, "ihcjicgdanjaechkgeegckofjjedodee": {"rating": 4.053508, "users": 9000000, "platform": "", "short_description": "The fastest and safest web browsing experience.", "icon": "https://lh3.googleusercontent.com/UZPt17v_WaxXDY5u3x8NTx-hQmNVGmOaPSANAWNirF_moQIRGBbRBtKzjl07YWUDlRwGyYUtORJxH7zbgqStxU6utOQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 841, "name": "Malwarebytes Browser Guard"}, "dhdgffkkebhmkfjojejmpbldmpobfkfo": {"rating": 4.7285094, "users": 10000000, "platform": "", "short_description": "The world's most popular userscript manager", "icon": "https://lh3.googleusercontent.com/zoY8FwoOqPlBgFxcmFdNSK2Q4CcLmv-gw7vTjF2KMR9cEabwBsGNrHBTEMitn0Ba6OmCVJ0NcLnFGu3N97BP8Phu0g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 70345, "name": "Tampermonkey"}, "kbmfpngjjgdllneeigpgjifpgocmfgmb": {"rating": 4.7316957, "users": 1000000, "platform": "", "short_description": "A suite of modules that enhance your Reddit browsing experience", "icon": "https://lh3.googleusercontent.com/0SvxWpFT-d9CLNWqKIjV7_2jOtnBpU8tXCPPqWTr_MvlaFkKlAm5CDpo1uDX1SXWVnrrninjuGsjhF02MDVHWXb3=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4234, "name": "Reddit Enhancement Suite"}, "ohlencieiipommannpdfcmfdpjjmeolj": {"rating": 4.356376, "users": 1000000, "platform": "", "short_description": "Print Friendly and PDF any Webpage", "icon": "https://lh3.googleusercontent.com/Qg5OD-OnjHXNseuZny1yLGGLdzUjUpxxwf0WHcN28yfpxoOFn17i6a4JIihquQxUA4pp58-UFuiJdEvcIYgdGvDvgw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2329, "name": "Print Friendly & PDF"}, "ndnaehgpjlnokgebbaldlmgkapkpjkkb": {"rating": 4.4497366, "users": 2000000, "platform": "", "short_description": "Email tracker for Gmail & Mail Merge with over 2 million active users. Free and unlimited email tracking.", "icon": "https://lh3.googleusercontent.com/-Qbe0s3I6huZBX4FZbwghJS-NQhR92K0HFmkcz9XxzDYrEjLq4Ig_xKbDk-Jrh2JhSZA5kwJYC74NXcWFEIDeBHH=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 11191, "name": "Email Tracker for Gmail, Mail Merge-Mailtrack"}, "cmeakgjggjdlcpncigglobpjbkabhmjl": {"rating": 4.101554, "users": 1000000, "platform": "", "short_description": "Improving Steam. Items auto-selling. Lowest prices for games and items. Prices from different sources. And a lot more", "icon": "https://lh3.googleusercontent.com/CadrS32EDKBEsKQlULmRC8QFkSwq3Cht4KLP86K6zgeaeJIVipdaQyLAv-UIyi63qFx8GbvnvrptvmxBtfSecWGV-g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8882, "name": "Steam Inventory Helper"}, "caljgklbbfbcjjanaijlacgncafpegll": {"rating": 3.9023256, "users": 5000000, "platform": "", "short_description": "Avira Password Manager saves, manages, and syncs all your passwords across all your dayhu.xyz
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:209187.248.157.102
2023-05-12 02:45:34Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://185.199.111.153/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6108:304:WilStaging_02"\n "SM0:6108:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6108:120:WilError_01"\n "SM0:6108:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "138.91.254.96:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET / HTTP/1.1\nHost: 185.199.111.153\nConnection: keep-alive\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "githubstatus.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\nurturing\\campaign_history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\top sites"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge shopping\\2.0.2353.0\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge shopping\\2.0.2353.0\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sessions\\tabs_13322933142474011"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\shopping.js]- [targetUID: 00000000-00004160]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00004160]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir4160_527063389\\Ruleset Data]- [targetUID: 00000000-00004160]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00004160]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4160_1524879678\\edge_driver.js]- [targetUID: 00000000-00004160]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\edge_driver.js]- [targetUID: 00000000-00004160]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00004160]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4160_246087038\\Filtering Rules]- [targetUID: 00000000-00004160]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004160]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4160_1524879678\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004160]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004160]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\product_page.js]- [targetUID: 00000000-00004160]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004160]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\auto_open_controller.js]- [targetUID: 00000000-00004160]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4160_1524879678\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004160]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Locat185.199.111.153
2023-05-12 03:23:31Open TCP PortNoPulsedive0030None188.114.96.11:443188.114.96.0/24
2023-05-12 03:04:07Malicious IP on Same SubnetYesGreensnow0040Nonegreensnow.co [207.154.224.0/20] https://blocklist.greensnow.co/greensnow.txt207.154.224.0/20
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None01100111-01101001-01110100.github.io185.199.111.153
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited KingdomHounslow, England, TW3, United Kingdom, Europe
2023-05-12 02:45:34Affiliate - Internet NameNoDNS Raw Records1010Noneroute1.mx.cloudflare.netbattleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonebupet (Net ID: 00:12:BF:37:56:6B)40.2024, 29.0398
2023-05-12 02:56:51Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 03:43:01 2023 GMT Not After : Jul 23 03:43:00 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78: 80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3: 3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f: 0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca: 83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd: bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e: 97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13: 69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39: 20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52: 01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51: 3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a: 29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0: 67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b: 4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11: bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06: 09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50: 68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25: 6b:ff Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 6e:83:25:66:25:1a:3d:8f:56:ff:c6:08:d8:7f:3e:06:71:b1: 38:70:e3:fc:72:2a:2d:17:39:ae:84:7f:28:90:6f:b9:3a:53: 70:c6:b9:f9:5c:8e:b6:f6:c9:24:b6:77:0f:70:91:82:5f:ac: 56:6c:08:4c:23:f5:3c:83:00:83:99:51:65:02:cf:77:c0:85: ba:ab:a0:9d:95:f2:a4:6b:60:04:68:4d:ab:64:a5:39:13:18: 4b:22:b6:3e:90:a8:e1:cb:6c:80:ed:eb:e8:db:09:6d:7d:c5: d7:7c:4e:0f:11:9f:9c:8c:8f:a2:2c:66:4c:ea:1f:42:07:c6: 45:55:f4:95:f7:e4:07:4c:aa:76:9c:20:37:d5:34:08:5d:ee: e2:cf:d2:d6:c0:28:79:06:9f:80:f2:b4:81:17:70:24:de:d7: df:3a:1c:d8:39:dc:4e:be:14:64:a2:ac:e4:0d:fd:e2:26:1c: 5b:a9:79:86:45:3c:74:3c:8d:5c:cc:03:b8:49:29:86:da:6b: 96:13:a0:71:5d:33:3b:08:b4:30:d2:63:d3:44:80:84:2e:62: 2f:23:c8:e2:cd:24:db:22:f1:8a:aa:49:97:34:12:ee:76:9f: d2:2b:73:15:a1:ca:90:11:c4:27:df:87:b0:88:a3:ea:c8:db: d6:03:72:a5
2023-05-12 02:49:36Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ibm.github.io/mainframe-downloads/eclipse-tools.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3156"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_IE_EarlyTabStart_0xeec_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_ConnHashTable<3156>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c54_IESQMMUTEX_0_331"\n "IsoScope_c54_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c54_ConnHashTable<3156>_HashTable_Mutex"\n "IsoScope_c54_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ibm.github.io"\n "idaas.iam.ibm.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "dashicons.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "grid-fluid_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "tab-dropdown_1_.js" has type "ASCII text"- [targetUID: N/A]\n "masonry_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_A9875CFF-B9D1-11ED-A600-080027F3E993_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "A0JYLFGW.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A0JYLFGW.txt]- [targetUID: 00000000-00002876]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "tables_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "dyntabs_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "datepicker.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mainframe_1_.js" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "style_1_1_.css" has type "UTF-8 Unicode text"- [targetUID: N/A]\n "www_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "wp-emoji-release.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "usen-utf8_1_.js" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cycle.all.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ZOGTV1O1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZOGTV1O1.txt]- [targetUID: 00000000-00002876]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /mainframe-downloads/eclipse-tools.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ibm.github.io\nDNT: 1\nConnection: Keep-Alive"\n "r#G(_vFn&@dD"KRKLhUT^Hzdvau?c62?p~a#y2Y +]EgOl~a\n2?cIm>}dAw=g4Y?3o3BN8:AcMgx_-]$Z/DG[r(:2u,3v|2)gM(9((2\'EWvGo}q3(XW6csdF~af4x/!t]3/1cs1L\\fE$4mGT%n.<Y8\\i,Jx\n_f<H@eM)m/aK#m0=g&i}~<367rMQdcS(0=q]awT}r~60h_/bc@_.B$k^go{v7G\'.=37a0!y\'NZ\'|w0M|&dilr|\n#;PD\\{^`Ncg|y\\fSz{2ra+=@m]9gGf7w0"kD0%@FyuskB)l[^:i);|.|7v6k}sUr?KBu\n\nV4"[I0%2p}}yEz? 3lOfO,Rm+e\nf!B\'S|3qb=?_A||=6%Tup~?xvJE//WM/=~|<Fau*g/7RRTcuig`\nedhZ]"|HU@A{}f^`>b3d\npwRZvkP\'`29s8{8<.@zsQ,|hN]S1-x,ex\\[Z1eb\'v=RECN", "V:plx\n?p;90+\n4X&zl.2u2Dd||(mZRXJRc:Jb^iRH\nw<drI\'Ly\':R]%K\'F([F|8BP9&X/*/+Jbr@6vFOwLsv5dxyo7cp<7,#VBTi#i\\fJ"&"jyy)Xc;51e$dF@fUG3{eUv])zu7uY<pT{A6@z))\\8pkuHX`Z\n?339b67U4E$4A+%M]\nx]#`*-DSo-PC\nLm\'1pbfF-(uooVh_&Pj?l~t,{`NVF;GfK\nT[Pb]l6@AhnSf0Oe)J-5nepYe{w\\/YV;.)eo6gKH_*"~5Dl/20>ckZ\nzx\n,6Qjw-2C1\n7\\\nCbNw4]Pb]OLDWkVojtH}-Sn?Q*IR.2f%7LkSfe:3s`biheU+o}aiHzx4CU*09|Rq*e|0-7%#mr Mo}O38zF;z4*{lIWf,\n4S3<mRWfoo0C/\nM9FUw0*V|;_}OD\'TaC3>b?~5`|YB\'<:b\nm\nou"TdmE\';e##)v{85ChV[x]7nI.>4<(Y9lW~Fz_\'6x^56U.?~^XG_\n<z:>[hJGK5X*VM`C$xh.\n\n", "MSz/FO*w&r{-b:y{zDS+ivrYUA4qB{`BLJ-@F!6+M68!<zh"\neU1+uFB$wDpg_vJ{qmIST__>4X)7&4TF@-oo\nmFV=?Cs-Nba@`+M8)xIu%={xZhh/qw@S;y~UQWJ/uAQmhjUA&P`gK~DbP}J@+)qo%Q!R+B(zmeI!{AloAmMrf2I0c(R/6cj[Uh?.7B%C0mb[I^ \nKi[m>sOiJIOqVkToi4^=p/X7~K>y7\'2:lJP,#):CG[ruZ9>Z(]a86@lOT[Q>|(TpDk_[A\'(//,pc=K\nI7YsO/~<3`lB 8b\\|6L@ac_uIB6<8~Y4<S>Ahp]3b?ST=umP<nw?kb]7-q5lkx2f_|@(Fj{Sfy!Du_FfuVoK,H^R`;o}9X20G.%q{[WIYK+#_($_sx<Y\'2;J[]"ve+AA,u~eo&\'5FYTgA;8x?],:3Db7m]gP%zq05,bhU bqTN;8vp!\n6C94!Th`u.|{Vp86Re_E!cDUs^E=[^ez@$vf{yi\'m7h[hV##wA{IJc~S=IaOi|g5\nJT[\\5e)cNJ\n\nML@?Z*V@/X3EtLc[GP%N\n7Ux#M\n(X`q{", "hxwcgY\nX-B#nIZj;V5zU>k+1GWDz=v">i>z!&H^/]moflXx1E`x :H1^@9[H\\x+3V_\n0aR"wJxEyab2lnv"Qu)Rf_N[5"ZD[0Vno(D(HZY$+3A(IL8{v)&Wa#~BUecY3jolx-PcDIGs\n`DXj-n<MsI,?2Ai2Q(Z@]65VP1M,TKm?KgX 9.DfN^:>{G%f&,ieU2Tz7Yk(S/k8ZSlb/<FIjC#|`.3p?-|skM4{hP>Z->m[KZrg``oKO^+0kJ\n#M,uz)Oq77E04vT7nq#Tn7xneaT]uBbiF%yYg.Y`)&_jWZi d2[!RaIJK*asOoX7a|/]\'S/n%l,6[fz cQ=S#Cq4n`0(:Uxm\\SGy+"E>LOE F9M}0D;pfP/P\\\nfJdSA%;7b6\'[f([&JE\nkdiUFQ]10FUv[(,.sUY/j`ZtR[:Lba@QC/Zs.XZcV4ngj||-DiOCa?6p|c`_? TLd45I-bC3(\n].nTp&rzwA1oO.kde|}iUK+-U^Vl%R./]Jg[|rAOK{M4:Rw\nf}Jr`x&p\na?7m;", "DqUVI:,a^L5`BUS#Qb;*J/-2d[M-[Z=NizN_^+xPiAi]eA:V4bYuLt,J%[%h^,+xEs[&ao2r{JA|.,Y^xZ*o>KdVH/mz^0,U`TmB^E-P>%@,1,Kk-;1]2%f<$1,/S2<Ja!CU2n_\'_V"ShyKW\n[kDU"3Y\nn/m]b/eHmo=m=R\nR\n"Z3g:N+T]q/\'qM9FvJsy"&|L\\s.gty-[TCIPOm-$\\o%ye:?U\n/=Ae2*vky)46&{B_$1<#$SOBa\n*=l4ggN{\n?w\naKf"q9f~u.{LH\'&#)mQ_P?/xbOoEQ]ZB/,Z$n^pY5zkEPTOn,Sk]sqyd6&Q|73X?,dO9G\'@7wiyrD^rzIAmyZv1{Q,9=\nh4[1g\nA:JQ|H\\/8_eyV+GSEFwiYc}YWn<mEKvo57"ml$#kw\\`5oofmW*K;(lWY",Vm51X:r"q)B=>)m3B\n(<XF++wwR7knMgLU)o??o:|B~&vHKuj:U%oy AVsyyu=p1IWfLxK8CKEZdOGLkI>F+TX45K+S\'\nL%WIXo|~4kLnH6mHt", "U:WTejK*UqYS0}w=D,<PDcdKl N_f9x+29"7jhwahQx[jkMoP)e\nIWTW9]F$7Wl\'^Y|*e~\\1(s!=EW2z6#KGKsI#r"G/&Q^@\'\'BlRxsQJb-Xii9j:ai8hX-NlC/:UN[cJb{v^)5@N}U{I*71fc2J<\\h[uK>kX"{wpKZ}_NNR09-b7oUk_t\nN\nCc .qsWc!zNS\'M/]2%\n<+_b"Kqlqwn~\nt?yc& 2)}*oZMb-UYm0\'d+}_\n_8_uybcR"%Y/GVU5W?%o5MA\n18wvqr|>r-YE~O}$?\nkh|aZ>\\5}9_,0jlo0hfG*)C;J$e[:tlc&}[L(Xd\n-W@pOvLR?v&-9(\nU\\1efX5yq<oUo,Et:c7q^ZSnmA<1nZdLoPd3^ueI\nbO`xIB\'*uG\'8yB?iACJ8h[Y"q+XZknE69$k~MC\nq<$=yFmRS2a!(}*ERDQJ&4&OI_[T{{LZY[p`);&v~OB2")GD[&Ecc4k.>\\Bp\\jS+whZ;E<9OO"4mLS*>]cq<!7*`", "^0_-G_3Rgq\\Nc+W.Hn9UhqKw6dgef])fK#<UG[Yg[eQ]>T)P;TI[R}S^Tw%CiT<bt[\\]6_b4~Q&gb:x\'g\nc2{BbW3tLhBCgfiEK/6@2[E(W!]R^h^iZY;&JqyTVr7c/VlUPAO[b]~*+]|Uxf74]ToeRB*;zf[0OL__TS&vgA$4+[M#`+R\n:YZG[\n\\Mmxg"8TFQypoOcL*~l)(W8PA,^,V\nQ&^!eRrfiF?V~M\nPJKS{qR2uH6*)`uS*|D*50z8*XQ\\+pF?z;k^9fOT:+{U#b}4|![:j&g4H\\Z4\n~>{n/EGDW~e!-x<;<R8 bVP{cd[;Mf*T\nmC S$#ARA"W8$A8>hvzz-}.)\\QNj*=My*W]Zze~mV;B_}._1XsIRyq"Dl|$(f*Rv!w4n5.eT#k\n^r [|F.pk%]<Q}w6oT>Y;+#?~dC;TK@$dT]YK|I^\nzy3uVh`i#^9M/a$ld\nq*id~56e@WhUb$jS}_pEKrwEiQ,WWj#\\Q@,_;`b/u9^*&,\nlD#")c Qj<.5J/|~\no.P.URL7T*_80p3VuQ", "GET /mainframe-downloads/eclipse-tools_files/pnext.utils.css HTTP/1.1\nAccept: text/css\n */*\nReferer: https://ibm.github.io/mainframe-downloads/eclipse-tools.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: ibm.github.io\nDNT: 1\nConnection: Keep-Alive", "GET /mainframe-downloads/eclipse-tools_files/www.css HTTP/1.1\nAccept: text/css\n */*\nReferer: https://ibm.github.io/mainframe-downloads/eclipse-tools.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: ibm.github.io\nDNT: 1\nConnection: Keep-Alive", "GET185.199.110.153
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneRussia+74955801111
2023-05-12 02:52:08Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://abhishek1380.github.io/Netflix-Frontend-Project/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2616"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_IE_EarlyTabStart_0xe14_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_ConnHashTable<2616>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a38_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.17.24.14:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"abhishek1380.github.io"\n "cdnjs.cloudflare.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Netflix-3_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "Netflix%20Cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "Netflix-4_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data little-endian direntries=2 description=PARIS FRANCE - NOVEMBER 02: Netflix logo is displayed during the \'Paris Games Week\' on Novemb copyright=2017 Chesnot\\377\\341\\006\\207http://ns.adobe.com/xap/1.0/] progressive precision 8 612x416 components 3" and extension "jpg"\n "Netflix-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "Netflix%20Logo_1_.png" has type "PNG image data 2214 x 609 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{9bcad631-ed33-11ed-af92-080027e5bd4d}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc33b8d47f19925cd.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc33b8d47f19925cd.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{9bcad631-ed33-11ed-af92-080027e5bd4d}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df59e2d813544b3692.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{9bcad633-ed33-11ed-af92-080027e5bd4d}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "Netflix-3_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Netflix%20Cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Netflix-4_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data little-endian direntries=2 description=PARIS FRANCE - NOVEMBER 02: Netflix logo is displayed during the \'Paris Games Week\' on Novemb copyright=2017 Chesnot\\377\\341\\006\\207http://ns.adobe.com/xap/1.0/] progressive precision 8 612x416 components 3"- [targetUID: N/A]\n "fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "Netflix-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "Netflix%20Logo_1_.png" has type "PNG image data 2214 x 609 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002616]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF3C097B1DADF5A16B.TMP" has type "data"- Location: [%TEMP%\\~DF3C097B1DADF5A16B.TMP]- [targetUID: 00000000-00002616]\n "~DFD95E353AC4F2A7BD.TMP" has type "data"- Location: [%TEMP%\\~DFD95E353AC4F2A7BD.TMP]- [targetUID: 00000000-00002616]\n "~DF59E2D813544B3692.TMP" has type "data"- Location: [%TEMP%\\~DF59E2D813544B3692.TMP]- [targetUID: 00000000-00002616]\n "~DFC33B8D47F19925CD.TMP" has type "data"- Location: [%TEMP%\\~DFC33B8D47F19925CD.TMP]- [targetUID: 00000000-00002616]\n "RecoveryStore._9BCAD631-ED33-11ED-AF92-080027E5BD4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_A339B8DC-ED33-11ED-AF92-080027E5BD4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_9BCAD633-ED33-11ED-AF92-080027E5BD4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httpsabhishek1380.github.ioNetflix-Frontend-Project" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "HCU34F34.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HCU34F34.txt]- [targetUID: 00000000-00002616]\n "TD2MCBFO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TD2MCBFO.txt]- [targetUID: 00000000-00002616]\n "EB26P1IH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EB26P1IH.txt]- [targetUID: 00000000-00002616]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "8FTZCXYZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8FTZCXYZ.txt]- [targetUID: 00000000-00002616]\n "B31AG3IY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B31AG3IY.txt]- [targetUID: 00000000-00002616]\n "TJ5CILZ1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TJ5CILZ1.txt]- [targetUID: 00000000-00002616]\n "G8QJ0SC2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\G8QJ0SC2.txt]- [targetUID: 0000000185.199.108.153
2023-05-12 02:51:20Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://devzorro.github.io/demo1/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_88c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_88c_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_88c_IESQMMUTEX_0_303"\n "IsoScope_88c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2188"\n "IsoScope_88c_ConnHashTable<2188>_HashTable_Mutex"\n "IsoScope_88c_IE_EarlyTabStart_0xa40_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.132.15:443"\n "104.16.125.175:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"devzorro.github.io"\n "unpkg.com"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com" (Indicator: "dir "; File: "demo1_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-brands-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "boxicons.min_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002188]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFB3698290328633A5.TMP" has type "data"- Location: [%TEMP%\\~DFB3698290328633A5.TMP]- [targetUID: 00000000-00002188]\n "~DF08D0DEEEA8775443.TMP" has type "data"- Location: [%TEMP%\\~DF08D0DEEEA8775443.TMP]- [targetUID: 00000000-00002188]\n "~DFEFD9D7D050C84F09.TMP" has type "data"- Location: [%TEMP%\\~DFEFD9D7D050C84F09.TMP]- [targetUID: 00000000-00002188]\n "~DF1CED845D1AE7C7AB.TMP" has type "data"- Location: [%TEMP%\\~DF1CED845D1AE7C7AB.TMP]- [targetUID: 00000000-00002188]\n "urlref_httpsdevzorro.github.iodemo1" has type "HTML document ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "RecoveryStore._01777013-EEB8-11ED-AF43-08002754F18E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_01777015-EEB8-11ED-AF43-08002754F18E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_0A852BEA-EEB8-11ED-AF43-08002754F18E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "TPX6WOF4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TPX6WOF4.txt]- [targetUID: 00000000-00000320]\n "SP630GNI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SP630GNI.txt]- [targetUID: 00000000-00002188]\n "0JNDWEOT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JNDWEOT.txt]- [targetUID: 00000000-00002188]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "33BO4OX0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\33BO4OX0.txt]- [targetUID: 00000000-00000320]\n "RGNEU2Q5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RGNEU2Q5.txt]- [targetUID: 00000000-00002188]\n "6VXVL4WU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6VXVL4WU.txt]- [targetUID: 00000000-00002188]\n "O4HTUQAC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O4HTUQAC.txt]- [targetUID: 00000000-00002188]\n "demo1_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://devzorro.github.io/demo1/"\n Pattern match: "https://devzorro.github.io"\n Pattern match: "https://devzorro.github.io/demo1"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "https://fontawesome.comVersion"\n Pattern match: "https://use.fontawesome.com/releases/v5.8.2/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921617645178883103212286350027031032005MUID0BE6741FADBB6D6830696712ACF76C91microsoft.com/102518970071043111047686365652031032005_EDGE_Vmicrosoft.com/921618970071043111047686381277031032005SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921617645178883103212286350027031032005MUID0BE6741FADBB6D6830696712ACF76C91microsoft.com/102518970071043111047686365652031032005SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921617645178883103212286350027031032005SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921618970071043111047686818777031032005MUID0F048E052A046F1F1B669D082B486E59msn.com/102518970071043111047686834402031032005"\n Pattern match: "MUIDB0BE6741FADBB6D6830696712ACF76C91ieonline.microsoft.com/921618970071185.199.108.153
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020NoneTwitter (Category: social) https://twitter.com/patrickpogodapatrickpogoda
2023-05-12 02:54:19Linked URL - InternalNoWeb Spider4030Nonehttps://fluid.battleb0t.xyz/dat.gui.min.jshttps://fluid.battleb0t.xyz/
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.2): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5b5dccec8f8690-ORD Content-Encoding: gzip 172.67.168.252
2023-05-12 02:46:43Malicious IP AddressYesMetaDefender0130Nonewebroot.com [34.74.170.74]34.74.170.74
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATTqYgQBna (Net ID: 18:9C:27:26:52:F0)37.751, -97.822
2023-05-12 03:16:28Raw Data from RIRsNoipapi.co0030None{u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'165.232.113.85', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'165.232.112.0/20', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'}165.232.113.85
2023-05-12 03:21:08Account on External SiteNoAccount Finder0020NoneTwitter (Category: social) https://twitter.com/dawidsulejdawidsulej
2023-05-12 02:50:19Physical LocationNoipstack0030NoneUnited States64.226.81.43
2023-05-12 02:44:28IP AddressNoDNS Resolver75020None104.196.30.220pics.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx Guest (Net ID: 00:01:21:26:54:20)41.8781, -87.6298
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneSteam (Category: gaming) https://steamcommunity.com/id/loginlogin
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Noneimgur (Category: images) https://imgur.com/user/ayhu/aboutayhu
2023-05-12 03:03:31Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io006blog.github.io
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneNewport (Net ID: 00:18:E7:CB:EB:02)32.8608, -79.9746
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NonePauwels (Net ID: 00:03:6D:F4:D7:4E)50.8897, 6.0563
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:8880188.114.97.1
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080NonePinterest (Category: social) https://www.pinterest.com/baptistevauthey/baptistevauthey
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:03:25Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000000jihyun.github.io
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneYouTube User2 (Category: video) https://www.youtube.com/@ayhuayhu
2023-05-12 02:44:20Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.110.153
2023-05-12 02:56:44Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://cutt.us/yyvbx', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.94.37.140:443"\n "52.217.107.204:443"\n "35.229.48.116:443"\n "104.16.124.175:443"\n "54.147.12.123:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"lor.instructure.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b30_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_b30_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b30_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2864"\n "IsoScope_b30_IE_EarlyTabStart_0xfd8_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b30_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b30_ConnHashTable<2864>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b30_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b30_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/4734369bf3fe4ba18a65bca9399741ce?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/4734369bf3fe4ba18a65bca9399741ce?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /thumbnails/uploads/8e20a72335.229.48.116
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12634.148.97.127
2023-05-12 03:28:06Open TCP PortNoPulsedive0030None188.114.96.144:8443188.114.96.0/24
2023-05-12 02:55:27Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'MSG349337853.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:120:WilError_01"\n "Local\\SM0:7544:304:WilStaging_02"\n "Local\\SM0:7544:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7328:304:WilStaging_02"\n "Local\\SM0:7328:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7188:304:WilStaging_02"\n "Local\\SM0:7188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:49728"\n "185.199.109.153:49730"\n "13.35.125.109:49731"\n "149.154.167.220:49732"\n "51.11.192.48:49736"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - Possible RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'Internal YARA signature for possible RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-38', u'name': u'Drops PE files with different extensions', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7544_1106606490\\Part-RU]- [targetUID: 00000000-00007544]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007544]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007544]\n "21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp]- [targetUID: 00000000-00007544]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.json]- [targetUID: 00000000-00007544]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007544]\n "2e8e03b2-b8a9-4702-ad28-272010504828.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\2e8e03b2-b8a9-4702-ad28-272010504828.tmp]- [targetUID: 00000000-00007544]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00007544]\n "Session_13320464616168949" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13320464616168949]- [targetUID: 00000000-00007544]\n "645c73c7-b711-4558-a7af-9f09cc1391b4.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\645c73c7-b711-4558-a7af-9f09cc1391b4.tmp]- [targetUID: 00000000-00007544]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7544_1106606490\\Filtering Rules-AA]- [targetUID: 00000000-00007544]\n "608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp]- [targetUID: 00000000-00007544]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\shoppingfre.js]- [targetUID: 00000000-00007544]\n "8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp]- [targetUID: 00000000-00007544]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007272]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007544]\n "7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp]- [targetUID: 00000000-00007544]\n "LOG" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\LOG]- [targetUID: 00000000-00007544]\n "manifest.fingerprint" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00007544]\n "Variations" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00007544]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'QtjLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydg"\n Heuristic match: "api.telegram.org"\n Heuristic match: "getbootstrap.com"\n Heuristic match: "fernando.r@alliedglobal.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "fernando.r@alliedglobal.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'10/60 Antivirus vendors marked sample as malicious (16% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-7', u'name': u'Uses network protocols on unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 7, u'threat_level': 2, u'type': 7, u'description': u'TCP traffic to 104.22.58.100 on port 49728\n TCP traffic to 185.199.109.153 on port 49730\n TCP traffic to 13.35.125.109 on port 49731\n TCP traffic to 149.154.167.220 on port 49732\n TCP traffic to 51.11.192.48 on port 49736'}], u'threat_level': 2, u'size': 102455, u'job_id': u'63e596ab38f3a44d604cd090', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None185.199.109.153
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Nonecurve25519-sha256@libssh.org{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 02:58:53Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 60, u'compromised_hosts': [u'23.227.38.74', u'104.17.25.14', u'104.16.254.71', u'157.240.19.26', u'104.21.88.99', u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.ibisci.com/products/mini-total-rna-kit-blood-cultured-cells?_pos=2&_sid=742ced516&_ss=r&variant=31245650362479&variation=A&utm_campaign=9.14.22%20-%20Total%20RNA%20Blood%20%26%20Cultured%20Cell%20Kits%20%282022-09-14%29&utm_medium=email&utm_source=Biochemistry&_kx=ycAqKZ4PKkvzKzy8p0mk27UtqA5M4LAxjJAh8oW3IJAp2mwP8UbyPKq5lDAQ3sHn.MenwDE', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"r3.o.lencr.org"\n "ocsp.pki.goog"\n "o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fd0_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4048"\n "IsoScope_fd0_IESQMMUTEX_0_519"\n "IsoScope_fd0_ConnHashTable<4048>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_fd0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_fd0_IE_EarlyTabStart_0x3f8_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4048"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "ico-select_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.74:443"\n "23.32.45.191:80"\n "104.17.25.14:443"\n "104.16.254.71:443"\n "142.250.217.74:443"\n "142.251.215.234:443"\n "157.240.19.26:443"\n "104.21.88.99:443"\n "18.65.229.84:443"\n "142.250.217.67:80"\n "108.138.90.53:80"\n "18.65.227.165:80"\n "18.65.227.47:80"\n "34.74.170.74:443"\n "142.250.217.67:443"\n "142.251.211.238:443"\n "162.159.138.60:443"\n "157.240.19.35:443"\n "172.253.117.156:443"\n "104.22.79.226:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ico-select_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "timber_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003388]\n "modernizr.min_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "21F6638F3EFF36EB5B125F1A8AEF3217" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\21F6638F3EFF36EB5B125F1A8AEF3217]- [targetUID: 00000000-00003388]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKsOdC5_1_.woff" has type "Web Open Font Format TrueType length 18780 version 1.1"- [targetUID: N/A]\n "NBF07080.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NBF07080.txt]- [targetUID: 00000000-00003388]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00004048]\n "spr-07102fd76ff4bc22a3e0c32f0cca9ee51c77c34bbc4bdac79abb48f698de10dd_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003388]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKcPQ_1_.woff" has type "Web Open Font Format TrueType length 49556 version 1.1"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003388]\n "~DF9A0554BA9241DFC8.TMP" has type "data"- Location: [%TEMP%\\~DF9A0554BA9241DFC8.TMP]- [targetUID: 00000000-00004048]\n "1FEA9A2CFE77A3A9A620E9B3ED01E1C8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\1FEA9A2CFE77A3A9A620E9B3ED01E1C8]- [targetUID: 00000000-00003388]\n "A16C6C16D94F76E0808C087DFC657D99_298E60D5E528EEA70E86195832615F2E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A16C6C16D94F76E0808C087DFC657D99_298E60D5E528EEA70E86195832615F2E]- [targetUID: 00000000-00003388]\n "7cH3v4okm5zmbtYtMeA0FKq0Jjg2drF0feC9hpk_1_.woff" has type "Web Open Font Format TrueType length 19932 version 1.1"- [targetUID: N/A]\n "trekkie.storefront.4e66b7932daba00cfd93bde327ce9e8f09bc9ffe.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "E87CE99F124623F95572A696C80EFCAF_8C73F4A8942021ADC4B0579C4C29CD27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_8C73F4A8942021ADC4B0579C4C29CD27]- [targetUID: 00000000-00003388]\n "Information~Payment~ShopPay.baseline.en.5e80b1ca4b17da5ffb95_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdn.shopify.com" seems to be random\n "cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.ibisci.com/products/mini-total-rna-kit-blood-cultured-cells?_pos=2&_sid=742ced516&_ss=r&variant=31245650362479&variation=A&utm_campaign=9.14.22%20-%20Total%20RNA%20Blood%20%26%20Cultured%20Cell%20Kits%20%282022-09-14%29&utm_medium=email&utm_sou"\n Pattern match: "https://www.ibisci.com"\n Heuristic match: "r3.o.lencr.org"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgT9t4TzNcNcoWRW2KRZ8hv3DA%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPlgzh11zofO%2FUOCp2RAH1FpA%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgTzV04hPbSHRFbwbEGHB2U3Dw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"\n Heuristic match: "ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEApQTAHYfewVihAe3nxBvVw%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n34.74.170.74
2023-05-12 03:03:18Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Dec 14 04:12:32 2022 GMT Not After : Mar 14 04:12:31 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a: e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd: d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d: ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11: f7:82:81:c2:c2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA384 30:65:02:31:00:fd:8c:78:36:1c:71:84:4d:49:6c:11:58:c6: 12:a3:92:bc:28:1e:bf:5a:97:f1:6e:55:aa:8d:04:5e:52:f5: 43:5c:dd:10:26:0f:9b:fd:e7:99:a4:5c:91:c0:27:5e:27:02: 30:22:c5:07:b7:53:41:96:f1:8f:15:55:83:a7:26:c3:46:10: aa:c0:ac:d9:d7:56:82:6e:c4:c8:be:12:fb:ae:7f:6d:a8:c6: 0a:3a:a2:c1:f9:63:1b:f1:d2:5d:a4:28:24
2023-05-12 03:33:37Raw File Meta DataNoBinary String Extractor0040NoneIDATx A`qRWQ @Qh9' WYW`Q 6:E<0s qt2!X O"Np /Z9l6 23W4R p$ke'V sZSjUQ S\-up iTb.T IDAT? ZYjy9 k-<Z6 DRZ1s NLgiN 7jI\k q8cH$ cG$C: 70/1c Zmfdc2 FC1Qh IDATU aEPq<aF yPbDap @j518b .!5Cw epCrZ nYy\o F'Tjms s2OUvm wfD/fG o-\kY gGtIx9 t?T x `q\41 r`qOp /. rqS hTKCz bkV_n aU9zH svPOI LwXr3 L?3t1 V'DYE 78AHzS h7YIvh- Xg:5B jAQY3 <Eh_- ZJvh1 Q`6Vh xk1ao 6xyMC YGH2f? PbtsQ vu11h Ip@ \ x0Er- ZIuZM<F HDBs! D$r"r"r 5e8YW hd@87 3\-:9 L!sA6z l ?K8' Z\1hp ?JWEG5 N@1$!EHq 4 1Qb IDATae KJ:. -:. XWU:\Us 0:HB8 0>>7c MU0t5 RtVTMT ktCtE T1SffT DoV:LLN Ey8UQ xsqO7 DtOJoJ k Q:1 RS-.7 Ty NW le1NU Qt@tBr 3 "B"q B8!u` BGt4: PiZEOK 1VuEE V2xqwbH IDAT/v ?KwP0TA jO/Tyhttps://pics.battleb0t.xyz/images/carti_2.PNG
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL-aslan (Net ID: 00:02:CF:83:7F:15)40.2024, 29.0398
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:BB:17:A7)33.617190550339146,-111.90827887019054
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneGitHub (Category: coding) https://github.com/AltpapierAltpapier
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonebabacan (Net ID: 00:14:C1:20:84:74)40.2024, 29.0398
2023-05-12 03:10:11Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0030NoneVOIPBL Publicly Accessible PBX List [104.21.0.0/20] http://www.voipbl.org/update104.21.0.0/20
2023-05-12 03:01:32Web ServerNoTool - WhatWeb0030Nonecloudflarevscode.battleb0t.xyz
2023-05-12 02:56:54IP AddressNoDNS Resolver0020None104.21.6.166www.ayhu.xyz
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneGitLab - GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmytro Zaporozhets and Dutch developer Sytse Sijbrandij.battleb0t.github.io
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.6734.74.170.74
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneChyoa (Category: XXXPORNXXX) https://chyoa.com/user/loginlogin
2023-05-12 02:44:23Internet NameNoDNS Resolver0020Nonewww.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 25 01:39:25 2023 GMT Not After : May 26 01:39:24 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 25 02:39:25.268 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:87:F6:3C:B2:E0:C2:7B:F4:59:32:49: FF:84:EE:E1:AC:5D:A1:7E:84:DE:B8:AC:92:3B:97:98: 6D:C7:11:07:D0:02:21:00:8E:A1:79:1C:1F:BD:8E:15: DE:AB:97:FE:40:E1:D9:C2:1C:3E:55:3D:39:DF:88:B8: 3E:30:32:EA:CF:51:A0:F3 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Feb 25 02:39:25.238 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C0:CA:4A:3A:01:79:C5:F7:4D:18:6C: 70:E8:74:A4:FC:31:5E:46:FF:DB:BC:55:79:1C:6B:D3: 2A:77:33:92:7D:02:21:00:B3:6C:B3:CD:94:6E:40:07: 54:43:CE:33:E0:3F:C2:49:48:DC:19:23:44:E4:9D:8B: 7E:E1:7F:46:CE:18:EF:B6 Signature Algorithm: sha256WithRSAEncryption b2:e3:a8:2c:e5:ba:7b:3e:8e:fb:de:05:c9:db:df:10:e1:3a: 4a:d4:c8:e9:16:76:31:31:b8:1d:87:e3:42:15:5c:d9:01:d1: e3:21:14:96:0d:03:d6:ab:2a:bb:6e:da:97:10:fe:b1:03:48: ab:7e:6d:7b:96:6d:e0:3a:5a:e9:94:2e:83:ae:3f:a8:a5:8c: 25:3a:a9:c5:1d:63:8a:0d:55:4d:54:c8:3a:17:d4:72:72:76: 78:9d:29:2a:3b:de:f5:0a:4c:d8:44:82:1f:1a:29:cc:5c:2c: bf:7e:db:71:7c:50:e3:91:fe:95:3f:d3:87:5f:30:37:48:ec: 63:b6:a1:ac:33:ac:63:05:b2:8f:6d:ee:9e:2e:ac:50:59:e9: 41:46:d2:71:65:05:17:42:d9:3e:21:9d:d7:90:39:a6:8f:2d: e8:4a:d4:ff:6d:9e:32:c6:82:05:8f:a4:b5:74:b4:70:df:28: 4b:50:c8:1b:36:1a:ae:cf:7b:ab:92:23:e6:77:97:f2:47:a4: b0:52:f2:9d:cf:be:68:a2:8a:f2:2f:f0:66:0b:d3:34:2a:c7: 8a:35:c4:1c:33:2d:e5:90:de:56:a7:97:86:7c:97:c9:45:8f: 99:61:22:00:3d:aa:b2:87:0d:35:bb:4c:f3:f8:1c:f8:99:c1: e8:d1:30:c6
2023-05-12 02:45:01Physical LocationNoipapi.co0020NoneSan Francisco, California, CA, United States, US185.199.109.153
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Noneeliaspinheironeto.github.io185.199.110.153
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:29:7A:3C)34.0544, -118.244
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None010916hao.github.io185.199.111.153
2023-05-12 02:54:16HTTP HeadersNoWeb Spider6040None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"}https://oldfluid.battleb0t.xyz/./script.js
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneXFINITY (Net ID: 00:0D:67:8C:21:A9)39.0469, -77.4903
2023-05-12 02:54:30HTTP HeadersNoCensys0030None{"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}64.226.81.43
2023-05-12 03:43:45Malicious IP on Same SubnetYesCleanTalk Spam List0040NoneCleanTalk Spam List [45.131.109.0/24] https://iplists.firehol.org/files/cleantalk_7d.ipset45.131.109.0/24
2023-05-12 02:52:59Web TechnologyNoTool - WAFW00F0020NoneFastly CDN Fastlywww.battleb0t.xyz
2023-05-12 02:53:32HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["E278:52F1:2384BF1:3304643:645CBD7D"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683799422.885849,VS0,VE32"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["2755bc270974a8f69ac639a54e3259fa11be8083"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100155-CHI"], "Accept_Ranges": ["bytes"]}185.199.111.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneSBB (Net ID: 00:02:CF:A7:63:9D)40.2024, 29.0398
2023-05-12 02:54:23Linked URL - InternalNoWeb Spider5040Nonehttps://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiUhttps://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-tikaro.github.io185.199.111.153
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None185.199.110.153www.battleb0t.xyz
2023-05-12 03:03:28Co-Hosted Site - Domain NameNoDNS Resolver2030None001viet.com001viet.com
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonetaylor (Net ID: 00:06:25:9A:21:94)33.336199,-111.89446440830702
2023-05-12 02:46:50SSL Certificate - Issued byNoSSL Certificate Analyzer0030NoneC=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA134.148.97.127
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/carti_3.JPGhttps://funny.battleb0t.xyz/
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.144): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneNGMH (Net ID: 00:09:5B:B3:C8:73)33.6170672,-111.90564645297056
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneroxie (Net ID: 00:02:6F:E5:4F:4C)33.336199,-111.89446440830702
2023-05-12 02:44:58Physical LocationNoipapi.co0020NoneSan Francisco, California, CA, United States, US185.199.110.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNet24CE (Net ID: 00:01:36:59:24:CC)37.7813933,-122.3918002
2023-05-12 02:51:59Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://acmephp.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_303"\n "IsoScope_ed8_IE_EarlyTabStart_0xdcc_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3800"\n "IsoScope_ed8_IESQMMUTEX_0_331"\n "IsoScope_ed8_ConnHashTable<3800>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"acmephp.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a href="https://twitter.com/acme_php">" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<i class="fa fa-twitter"></i>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<span>Follow on Twitter</span>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/acme_php">Twitter</a>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/titouangalopin">@tgalopin</a> and" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/jderusse">@jderusse</a>" (Indicator: "dir "; File: "786RITC2.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ckdncxys\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{cb6dd7e7-ed80-11ed-b43f-080027944a9e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "AvenirNextLTPro-Regular_1_.woff" has type "Web Open Font Format CFF length 38024 version 0.0"- [targetUID: N/A]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003800]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF48E04C2C232F3230.TMP" has type "data"- Location: [%TEMP%\\~DF48E04C2C232F3230.TMP]- [targetUID: 00000000-00003800]\n "~DFF77628F7BF10B560.TMP" has type "data"- Location: [%TEMP%\\~DFF77628F7BF10B560.TMP]- [targetUID: 00000000-00003800]\n "~DF6EABB9BAE595B52D.TMP" has type "data"- Location: [%TEMP%\\~DF6EABB9BAE595B52D.TMP]- [targetUID: 00000000-00003800]\n "~DFDCBC4D5DBDF1DF3E.TMP" has type "data"- Location: [%TEMP%\\~DFDCBC4D5DBDF1DF3E.TMP]- [targetUID: 00000000-00003800]\n "urlref_httpsacmephp.github.io" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "fonts_1_.css" has type "ASCII text"- [targetUID: N/A]\n "app_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._CB6DD7E7-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_CB6DD7E9-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D2AD0B8A-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "SBXI2I91.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SBXI2I91.txt]- [targetUID: 00000000-00002844]\n "CPJIWZZK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CPJIWZZK.txt]- [targetUID: 00000000-00003800]\n "C8FKJFB2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C8FKJFB2.txt]- [targetUID: 00000000-00003800]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "D3WB1LDR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D3WB1LDR.txt]- [targetUID: 00000000-00002844]\n "YI9AAEHI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YI9AAEHI.txt]- [targetUID: 00000000-00003800]\n "N8OPXZSU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N8OPXZSU.txt]- [targetUID: 00000000-00003800]\n "8X4V8G7W.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8X4V8G7W.txt]- [targetUID: 00000000-00003800]\n "786RITC2.htm" has type "HTML document UTF-8 Unicode text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\786RITC2.htm]- [targetUID: 00000000-00002844]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'n185.199.108.153
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.242): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneshithead (Net ID: 00:0C:41:43:78:70)39.0469, -77.4903
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneSINGER (Net ID: 00:00:71:90:09:29)41.8781, -87.6298
2023-05-12 02:45:34Name Server (DNS NS Records)NoDNS Raw Records0010Noneskip.ns.cloudflare.combattleb0t.xyz
2023-05-12 03:09:30Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.iomalsup.github.io
2023-05-12 02:45:34Affiliate - Internet NameNoDNS Raw Records1010Nonedaphne.ns.cloudflare.combattleb0t.xyz
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [006blog.github.io] https://www.openphish.com/feed.txt006blog.github.io
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.246): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Noneunion church (Net ID: 00:00:C5:FE:88:4C)34.0544, -118.244
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Noneniudnav (Net ID: 00:0C:F6:63:91:4C)50.8897, 6.0563
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5d3adbfbad871d-ORD Content-Encoding: gzip 104.21.6.166
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Host": ["87.248.157.102:2077"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Restricted Area\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Noneetherum-libs.github.io185.199.108.153
2023-05-12 03:25:08Internet NameNoDNS Brute-forcer1010Nonevm.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Noneeminent_g_router (Net ID: 00:14:5C:85:F6:6A)50.8897, 6.0563
2023-05-12 03:33:47Raw File Meta DataNoBinary String Extractor0040None"Exif sgssso <Qwm7 >6x.O x>t7? g$sy? .b97< /Ggy! l/5-o ggs43Z x.o.n> NNEsz gmuss Mswy5 dIys6 >t6w6 03Ryr\G a>0xM g_on8 9!6sBsmms ?r:\t L5M3O nq_JxO `uns?g F1_?J $vw3C ?.O:H Gq$rMmo 0y7?i <?qgg WYeyq$ !um_KM ykmsrzz ?2Cm7 3>O0? irIyo t.Iof?y R\y2I tnt"3 !t5K?/ hfIoq' bI>sy w?f?f? <Aq"Cio /uMbO > Ige >km7M 1$vw0 y.n/" /uM>9 njKym v:Ky$ ryw2Com s<U?o v?R.> hGydd soyg' :7Ieq 5zO-$ 2pMsw wGo$w?<w :xssms jVw:o .?ygs nn9?m oO_n: nFumS W7ofc U95 5 Gs\-?o ry>f< gae$w ?2kmO sIyf/! t8y<? \Cwy1 _Bx_K oeqq$ g5b9c /2?.o/ hcg>o kkkn? /`0E' xn/<a uwosm .<7qq zdWqk $1\Mm rzW?' tx<Iogss ldU9? K?.?/ r\isI ?6gAs $Kxn< nnnOS qyooo Hc<M? Ej\Ioy' x'8_ahttps://pics.battleb0t.xyz/images/reveloder.jpg
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:55:11Netblock MembershipNoCensys4020None87.248.157.0/2487.248.157.102
2023-05-12 02:54:41Netblock MembershipNoCensys0030None104.196.16.0/20104.196.30.220
2023-05-12 03:09:42Affiliate - Internet NameNoDNS Resolver0040None117.97.148.34.bc.googleusercontent.com34.148.97.117
2023-05-12 03:24:33Malicious AffiliateYesVXVault.net0140NoneVXVault Malicious URL List [cdn-185-199-110-154.github.com] http://vxvault.net/URL_List.phpcdn-185-199-110-154.github.com
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneCATYLN (Net ID: 00:01:38:86:06:1F)37.780462,-122.390564
2023-05-12 02:53:22IPv6 AddressNoMnemonic PassiveDNS0020None2606:4700:3037::6815:470enwapi2.battleb0t.xyz
2023-05-12 02:44:31IPv6 AddressNoDNS Resolver0030None2600:1f18:2489:8202::c8funny.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneredskins33 (Net ID: 00:09:5B:85:B7:B6)39.0469, -77.4903
2023-05-12 02:45:40Physical LocationNoAbstractAPI1020NoneSan Francisco (South Beach), California, 94107, United States, North America185.199.111.153
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.250): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.37): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:33Web ServerNoTool - WhatWeb0020Nonecloudflarewww.ayhu.xyz
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0020Nonehttp://fluid.battleb0t.xyzfluid.battleb0t.xyz
2023-05-12 02:45:57Raw Data from RIRsNoAbstractAPI0040None{u'city': u'Ashburn', u'security': {u'is_vpn': False}, u'city_geoname_id': 4744870, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'AMAZON-AES', u'isp_name': u'Amazon.com, Inc.', u'organization_name': u'Amazon Technologies Inc', u'autonomous_system_number': 14618}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20149', u'longitude': -77.4903, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:45:56'}, u'latitude': 39.0469, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2600:1f18:2489:8202::c8', u'continent': u'North America', u'region_iso_code': u'VA'}2600:1f18:2489:8202::c8
2023-05-12 03:08:48Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.230104.196.30.220
2023-05-12 03:32:08Open TCP PortNoPulsedive0030None188.114.97.5:8080188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:99:A4:64)41.8781, -87.6298
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneApple Network 3ac606 (Net ID: 00:02:2D:21:9A:18)34.0544, -118.244
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2083104.21.6.166
2023-05-12 03:00:51Co-Hosted SiteNoHackerTarget2020None000000014286.github.io185.199.111.153
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner1020Nonescoop.sh185.199.111.153
2023-05-12 03:01:03Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.108): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneHubPages (Category: blog) https://hubpages.com/@loginlogin
2023-05-12 02:53:07Open TCP PortNoPulsedive0030None185.199.111.154:443185.199.111.0/24
2023-05-12 02:53:59Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://kurt-defreitas.github.io/img/placeholder.svg', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9f8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_9f8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_9f8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_9f8_ConnHashTable<2552>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_9f8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2552"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_9f8_IE_EarlyTabStart_0xb00_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kurt-defreitas.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "en-US.5" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.5]- [targetUID: 00000000-00002552]\n "~DF132D18D7697B1B40.TMP" has type "data"- Location: [%TEMP%\\~DF132D18D7697B1B40.TMP]- [targetUID: 00000000-00002552]\n "~DFF703004D4AAD5F49.TMP" has type "data"- Location: [%TEMP%\\~DFF703004D4AAD5F49.TMP]- [targetUID: 00000000-00002552]\n "~DF13EE8B4FF73D23D0.TMP" has type "data"- Location: [%TEMP%\\~DF13EE8B4FF73D23D0.TMP]- [targetUID: 00000000-00002552]\n "~DF4D594C562EE2D021.TMP" has type "data"- Location: [%TEMP%\\~DF4D594C562EE2D021.TMP]- [targetUID: 00000000-00002552]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._AA626797-D3A5-11ED-8072-080027477A00_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B2115BA0-D3A5-11ED-8072-080027477A00_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AA626799-D3A5-11ED-8072-080027477A00_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "LHKBGYS9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LHKBGYS9.txt]- [targetUID: 00000000-00003016]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "VP6RUECO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VP6RUECO.txt]- [targetUID: 00000000-00002552]\n "5CPGZ5IA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5CPGZ5IA.txt]- [targetUID: 00000000-00002552]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://kurt-defreitas.github.io/img/placeholder.svg"\n Pattern match: "https://kurt-defreitas.github.io"\n Pattern match: "isdomainmigratedtruewww.msn.com/102573378790431061301290557634631025074*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUIDB3901E857A0CA662738CBFA56A18667BBieonline.microsoft.com/9216413533568031103545290260759631025074*"\n Pattern match: "MUID3901E857A0CA662738CBFA56A18667BBmicrosoft.com/1025411295705631056689247978600330978218*SRCHDAF=NOFORMmicrosoft.com/1024194638604831125287247978600330978218*SRCHUIDV=2&GUID=A9F735962E2A42C3AFD3CAEB5B5F826B&dmnchg=1microsoft.com/1024194638604831125287247"\n Heuristic match: "kurt-defreitas.github.io"\n Pattern match: "kurt-defreitas.github.io/img/placeholder.svg"\n Heuristic match: "urt-defreitas.github.io"\n Pattern match: "https://kurt-defreit"\n Pattern match: "thub.io/img/placeholder.svg"\n Heuristic match: ".VBE;.JS;.JSE;.WSF;.WSH;.MS"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\rundll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\IEFRAME.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'642d780eb081708a1d0cd972', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 3, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.109.153'], u'sha256': u'd84ad76dbc17dc4539d49469071a2427b7e79fdc246d68b969e9de0d1e855535', u'sha512': u'b3210c962393967f3e6fe80ee046138402e981859fad47091c2a0e01dcac772aa503fd055cb12c62fbab75f63ef3b92e9749e878914ba9e90fc11586407c6113', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://kurt-defreitas.github.io/img/placeholder.svg', u'submission_id': u'642d780eb081708a1d0cd973', u'created_at': u'2023-04-05T13:30:54+00:00', u'filename': None}], u'analysis_start_time': u'2023-04-05T13:30:54+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'd1ce50a9c575b4cf671aba5ee730067f', u'network_mode': u'default', u'processes': [], u'sha1': u'c3d81748524ef71e72b65a4a2266ceede7285d7d', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'kurt-defreitas.github.io'], u'extracted_files': [], u'type_short': []}]185.199.109.153
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.180): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5ad421cd00112e-ORD Content-Encoding: gzip 172.67.168.252
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None410HowardStudios (Net ID: 00:02:2D:00:25:63)37.7813933,-122.3918002
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonehackster (Category: coding) https://www.hackster.io/loginlogin
2023-05-12 03:09:27Co-Hosted SiteNoSSL Certificate Analyzer0020Nonecdnjs.cloudflare.com188.114.97.1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonenocwap (Net ID: 00:04:5A:CC:3F:27)33.6170672,-111.90564645297056
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonex-proxy-cache: MISS{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.80): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [001wwang.github.io] https://www.openphish.com/feed.txt001wwang.github.io
2023-05-12 03:00:30Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes256-gcm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-51D2 (Net ID: 00:1D:D1:0A:51:D0)32.8608, -79.9746
2023-05-12 02:53:42Open TCP PortNoCensys0020None185.199.109.153:443185.199.109.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:03:B4:A0)37.7642, -122.3993
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonepgi50 (Net ID: 00:01:21:10:7A:20)37.7813933,-122.3918002
2023-05-12 02:46:34Internet NameNoVirusTotal0020Nonefunny.battleb0t.xyzwww.battleb0t.xyz
2023-05-12 02:54:44HTTP HeadersNoCensys0030None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H06KNWSV7RTZ7MSA7BNCK843"], "Date": ["<REDACTED>"], "Server": ["Netlify"]}35.229.48.116
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATT9wHk9D5 (Net ID: D4:B2:7A:4E:26:D2)37.751, -97.822
2023-05-12 03:27:54Open TCP PortNoPulsedive0030None188.114.96.138:8443188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F4:F3:43)41.8781, -87.6298
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonekristin (Net ID: 00:0C:41:84:68:1E)39.0469, -77.4903
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2053172.67.168.252
2023-05-12 03:03:36Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00steveng.github.io
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.179): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None54d382 (Net ID: F4:6B:EF:54:D3:86)37.751, -97.822
2023-05-12 03:22:54Open TCP PortNoPulsedive0020None188.114.97.1:443188.114.97.1
2023-05-12 03:16:12Similar DomainYesTool - DNSTwist0010Nonebattlebot.xyzbattleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01100111-01101001-01110100.github.io] https://www.openphish.com/feed.txt01100111-01101001-01110100.github.io
2023-05-12 02:47:06Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://app-mobile-link.ml', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3DbIZs_mSllOFscLbgTD69Yd5M4iZvJ2paH7zkSD0m2J2dAKbXAH-2BqpVRSKcCjXP2k6p2y4nrVy7lmBrfgOzMBh71z-2FxzpQdOSEWu-2BZu6bLzGdNpAef0msgWTQ8GjPF3HDwIREahUwNjJmuPNPOCq8kmJFsGovhuQHANzkUNF2qYZDjnaeii8u-2B4tCDbRuTvyHxW-2F4G4-2F8I34SGcemXBehR0ER9-2FOn27NKTXVFHKhuRFZGUzt5qNTOBOuOjmw9DiFzaj628S91bNxgYKtUY6ND6xDYvSswMqyTNX1SGlfzGDBI4KPIl1cR6mrPgDzb4lMqV1eoyIjMH1VfBoaIpPQIsSt-2FeLX6lXw-2BweMGQuDjIQ1gKTOo3gpd-2BPujm5M8OM3WO1y6kaT-2BHQiw25YdzyLgte2vg6SnLm5F0hYcK1FjLzKXxt7q61Y1Nl6A-2BBTdDOpidTdo4', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_cc4_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_cc4_IESQMMUTEX_0_303"\n "IsoScope_cc4_IE_EarlyTabStart_0xc0c_Mutex"\n "IsoScope_cc4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3268"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_cc4_ConnHashTable<3268>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "52.25.204.60:443"\n "18.155.202.100:443"\n "142.251.214.138:443"\n "142.250.72.200:443"\n "54.237.133.81:443"\n "185.199.111.153:443"\n "108.138.245.23:443"\n "108.139.1.40:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.251.214.131:443"\n "172.217.12.110:443"\n "18.155.202.12:443"\n "91.199.212.52:80"\n "204.141.43.48:443"\n "136.143.191.144:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crt.usertrust.com"\n "maciejsawicki.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2FBD.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003968"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5fc94f03728d607c48960ad7_nav-educational_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73c18f306a879a966_nav-law_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c8774cf47e14dd70e9_nav-telecommunications_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b59f7e103028de58c7_nav-user-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2adbcece0bb48a61a5d_nav-driver-registration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b2bd7876b3f1ab0491_nav-identity-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c87e98373560b7c150_nav-transport_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "625514f697cb9539930c08dc_arrow_lists_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e333be007ebd657a9e2_Powerfull-notice_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc071f4e509f3bc3acd619d_Check%20icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e34886f01f4ab6763a4_Powerfull-political_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "606cb3abf47891862f1bf393_icon-vimeo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d39997f0b639e8d1db34_icon_solutions_4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f03a68318a6830bfa8d_nav-ecommerce_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6307aad46dbfb3ff5914cc43_arrow_direction_right_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003968.00000000.67673.00491000.00000020.mdmp\n 00000000-00003968.00000000.67698.00491000.00000020.mdmp]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter")\n "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-20', u'name': u'HTTP request contains Base64 encoded artifacts', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1132/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1132.001', u'relevance': 7, u'threat_level': 0, u'type': 7, u'description': u'"n"\n "v"\n "f"\n "9"\n "t"\n "="\n "<"\n "6"\n "`"\n "X"\n ">"\n "c"\n ")"\n "A"\n "w"\n "L"\n "u"\n "L"\n "y"\n """, "L", ";", "J", """\n "<"\n "6"\n "f"\n "S"\n "0"\n "y"\n "3"\n "h"\n "~"\n " "\n "b"\n "v"\n "t"\n "\\"\n "U"\n "E"\n """, "5", "N", ".", "\'", "\\", "`", "k", "~", "0", "{", "=", ":", "P", "t", "Z", "f", "/", "1", "6", "I", "d", "h", "q", "D", "j", "0", "6", "2", "f", "O", "8", "*", "b", "E", "j", "/", "P", "v", "C", "v", "/", ".", "-", "6", ";", "_", "q", "Q", "D", "}", "S", "J", "M", "u", "E", "n", "D", "V", "F", "S", ";", "y", "l", "=", "!", "s", "j", ">", "/", "u", "l", "`", "`", "T", "c", "C", "+", "0", "2", "5", "}", "R", "W", "0", "H", "W", "j", "<", "S", "*", "W", "W", "U", "_", "+", "v", "U", "0", "d", ".", "2", ":", ">", "3", "u", ".", "i", "=", """\n "."\n "n"\n "E"\n "+"\n "Q"\n "c"\n "/"\n "2"\n "V"\185.199.111.153
2023-05-12 02:46:32Netblock MembershipNoRIPE2030None172.67.160.0/20172.67.168.252
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NonePicsart (Category: art) https://picsart.com/u/AltpapierAltpapier
2023-05-12 02:52:21Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://hassan-gamall.github.io/netflix', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://hassan-gamall.github.io/netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "IsoScope_d70_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d70_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d70_IE_EarlyTabStart_0xf28_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "45.57.91.1:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"hassan-gamall.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "hassan-gamall.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httphassan-gamall.github.ionetflix")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{ab1e121b-ebc0-11ed-82af-0800276d1839}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\1hgch0kk.txt"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "bootstrap.bundle.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003440]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF8A0CDA8A96816CC6.TMP" has type "data"- Location: [%TEMP%\\~DF8A0CDA8A96816CC6.TMP]- [targetUID: 00000000-00003440]\n "~DF02F37B05898AC81F.TMP" has type "data"- Location: [%TEMP%\\~DF02F37B05898AC81F.TMP]- [targetUID: 00000000-00003440]\n "~DF432D2BE44D8F536C.TMP" has type "data"- Location: [%TEMP%\\~DF432D2BE44D8F536C.TMP]- [targetUID: 00000000-00003440]\n "~DFCF958F5828D0DE64.TMP" has type "data"- Location: [%TEMP%\\~DFCF958F5828D0DE64.TMP]- [targetUID: 00000000-00003440]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003440]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "main_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._AB1E121B-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AB1E121D-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B326E299-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced"- [targetUID: N/A]\n "GVF5NTIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GVF5NTIT.txt]- [targetUID: 00000000-00003440]\n "IXTTQ3R7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IXTTQ3R7.txt]- [targetUID: 00000000-00003440]\n "8BT6E19R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8BT6E19R.txt]- [targetUID: 00000000-00003440]\n "search_2_.json" has ty185.199.108.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Nonehhonors (Net ID: 00:01:03:86:22:27)41.8781, -87.6298
2023-05-12 02:54:27HTTP HeadersNoCensys0040None{"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H05GB7HXKZRW69FWMYAA1JFJ"], "Server": ["Netlify"]}2600:1f18:2489:8202::c8
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBest_Western_27 (Net ID: 00:00:C5:D7:5F:74)41.8781, -87.6298
2023-05-12 03:01:51Open TCP PortNoPulsedive0030None185.199.110.154:443185.199.110.0/24
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneUnited States Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2017-05-24T17:44:01Z Creation Date: 2009-02-17T22:07:54Z Registry Expiry Date: 2024-02-17T22:07:54Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS3.CLOUDFLARE.COM Name Server: NS4.CLOUDFLARE.COM Name Server: NS5.CLOUDFLARE.COM Name Server: NS6.CLOUDFLARE.COM Name Server: NS7.CLOUDFLARE.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2021-09-27T15:18:45Z Creation Date: 2009-02-17T22:07:54Z Registrar Registration Expiration Date: 2024-02-17T22:07:54Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Name Server: ns3.cloudflare.com Name Server: ns4.cloudflare.com Name Server: ns5.cloudflare.com Name Server: ns6.cloudflare.com Name Server: ns7.cloudflare.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 02:44:27Software UsedYesTool - Wappalyzer0020NoneOpen Graphnwapi.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCAUCESS (Net ID: 00:02:44:A8:10:34)50.1188, 8.6843
2023-05-12 03:19:11Human NameNoVenmo2060Nonebaptiste vautheylogin
2023-05-12 02:55:11BGP AS MembershipNoCensys0020None4326087.248.157.102
2023-05-12 02:54:23Linked URL - InternalNoWeb Spider0050Nonehttps://www.ayhu.xyz/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChAhttps://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU
2023-05-12 03:00:58Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.98): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:20:27Account on External SiteNoAccount Finder0020NonePinkBike (Category: hobby) https://www.pinkbike.com/u/patrick.pogoda/patrick.pogoda
2023-05-12 03:11:13Vulnerability - CVE LowYesTool - testssl.sh0230NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.vscode.battleb0t.xyz
2023-05-12 03:00:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.9): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneNazifBey (Net ID: 00:14:C1:18:2D:AC)40.2024, 29.0398
2023-05-12 03:35:51Malicious Co-Hosted SiteYesOpenDNS0130NoneBlocked by OpenDNS [00ffcc.cn]00ffcc.cn
2023-05-12 03:12:15Affiliate - Domain WhoisNoWhois4060None Domain Name: TELLERIA.COM Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T18:34:23Z Registry Expiry Date: 2023-08-11T18:34:23Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-222-C.GANDI.NET Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: telleria.com Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T16:34:23Z Registrar Registration Expiration Date: 2023-08-11T18:34:23Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: CodeSyntax Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Marcajes Telleria S.L. Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: ES Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET Name Server: NS-222-C.GANDI.NET Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: http://www.codesyntax.com/ Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/ telleria.com
2023-05-12 02:45:20Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://web.archive.org/web/20130510155448/http://msdn.microsoft.com/library/office/apps/jj220082(v=office.15)', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1004"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_IE_EarlyTabStart_0x758_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_ConnHashTable<1004>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3ec_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_3ec_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_3ec_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.40.106:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "198.35.26.96:443"\n "198.35.26.112:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "en.wikipedia.org"\n "llink.to"\n "track.salesflare.com"\n "upload.wikimedia.org"\n "www.guelphcrc.ca"\n "www.wikipedia.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "wikipedia-tagline-en_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wikipedia-wordmark-en_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "language_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "magnify-clip-ltr_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "link-external-small-ltr-progressive_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "ellipsis_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "search_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "arrow-down_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "menu_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "arrow-down-progressive_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "bullet-icon_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Office_Online_1_.png" has type "PNG image data 300 x 213 8-bit/color RGBA non-interlaced" and extension "png"\n "OfficeMobile2013_WP8_1_.png" has type "PNG image data 220 x 193 8-bit/color RGBA non-interlaced" and extension "png"\n "Word_on_iPhone_1_.jpg" has type "JPEG image data baseline precision 8 220x390 components 3" and extension "jpg"\n "Office_mobile_apps_1_.png" has type "PNG image data 220 x 143 8-bit/color RGB non-interlaced" and extension "png"\n "Microsoft_Office_for_Mac_2021_screenshots_1_.png" has type "PNG image data 220 x 124 8-bit/color RGBA non-interlaced" and extension "png"\n "wikipedia_1_.png" has type "PNG image data 100 x 100 8-bit/color RGBA non-interlaced" and extension "png"\n "Office_4.0_Suite_1_.jpg" has type "JPEG image data baseline precision 8 240x180 components 3" and extension "jpg"\n "Office_365_app_logos.svg_1_.png" has type "PNG image data 220 x 74 8-bit/color RGBA non-interlaced" and extension "png"\n "Microsoft_Office_logo__2019-present_.svg_1_.png" has type "PNG image data 120 x 120 8-bit/color RGBA non-interlaced" and extension "png"\n "Microsoft_Office_2013-2019_logo_and_wordmark.svg_1_.png" has type "PNG image data 220 x 70 8-bit colormap non-interlaced" and extension "png"\n "wikimedia-button_1_.png" has type "PNG image data 88 x 31 8-bit/color RGBA non-interlaced" and extension "png"\n "poweredby_mediawiki_88x31_1_.png" has type "PNG image data 88 x 31 8-bit colormap non-interlaced" and extension "png"\n "Symbol_category_class.svg_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"\n "16px-Symbol_list_class.svg_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"\n "20px-Semi-protection-shackle.svg_1_.png" has type "PNG image data 20 x 20 8-bit colormap non-interlaced" and extension "png"\n "Symbol_na_class.svg_1_.png" has type "PNG image data 16 x 16 8-bit gray+alpha non-interlaced" and extension "png"\n "OOjs_UI_icon_edit-ltr-progressive.svg_1_.png" has type "PNG image data 10 x 10 8-bit colormap non-interlaced" and extension "png"\n "Icon_pdf_file_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"wikipedia-tagline-en_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wikipedia-wordmark-en_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "language_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "magnify-clip-ltr_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "link-external-small-ltr-progressive_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "ellipsis_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "arrow-down_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "menu_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "arrow-down-progressive_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "bullet-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Microsoft_Office_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "load_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Office_Online_1_.png" has type "PNG image data 300 x 213 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab1BAA.tmp" has type "data"- Location: [%TEMP%\\Cab1BAA.tmp]- [targetUID: 00000000-00004080]\n "load_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "OfficeMac_v_X_1_.PNG" has type "PNG image data 125 x 164 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "OfficeMobile2013_WP8_1_.png" has type "PNG image data 220 x 193 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Word_on_iPhone_1_.jpg" has type "JPEG image data baseline precision 8 220x390 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001004]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Office_mobile_apps_1_.png" has type "PNG image data 220 x 143 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "~DFAB70199ED6534FEB.TMP" has type "data"- Location: [%TEMP%\\~DFAB70199ED6534FEB.TMP]- [targetUID: 00000000-00001004]\n "~DFD80A45019488F2CC.TMP" has type "data"- Location: [%TEMP%\\~DFD80A45019488F2CC.TMP]- [targetUID: 00000000-00185.199.111.153
2023-05-12 02:44:14SSL Certificate Host MismatchYesSSL Certificate Analyzer0020None*.netlify.app, netlify.apppics.battleb0t.xyz
2023-05-12 02:53:22IP AddressNoMnemonic PassiveDNS0020None104.21.71.14nwapi2.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050None6dgs-guest (Net ID: 00:06:B1:28:66:5F)33.6170672,-111.90564645297056
2023-05-12 03:37:29Physical LocationNoMetaDefender0030NoneFrankfurt Am Main, Germany207.154.228.169
2023-05-12 02:56:30Physical LocationNoFraudguard0030NoneGermany, Hesse, Frankfurt am Main165.232.113.85
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereferrer-policy: strict-origin-when-cross-origin{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"}
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.102): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NonePrivate (Net ID: 00:06:B1:20:D3:D2)33.617190550339146,-111.90827887019054
2023-05-12 03:00:23Blacklisted IP AddressYesHoneypot Checker0120NoneHoneypotproject (188.114.97.1): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.1
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneMicrosoft websitescdn-185-199-111-153.github.com
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None5247 4331 (Net ID: 00:00:C5:AA:78:1C)37.7642, -122.3993
2023-05-12 03:17:44Account on External SiteNoAccount Finder0010NoneGitLab (Category: coding) https://gitlab.com/_BattleB0t__BattleB0t_
2023-05-12 03:07:57Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.185.199.108.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:55:25UsernameNoSocial Network Identifier0040NoneAltpapierhttps://github.com/Altpapier/SkyHelperAPI/tree/master/examples
2023-05-12 03:13:02Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00-duino.github.io] https://www.openphish.com/feed.txt00-duino.github.io
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomDB2CA4 (Net ID: 00:0C:F6:DB:2C:A4)50.8897, 6.0563
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneDuolingo (Category: hobby) https://www.duolingo.com/profile/ayshooayshoo
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneASI (Net ID: 00:02:6F:51:19:D9)33.617190550339146,-111.90827887019054
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0030Nonefernando.r@alliedglobal.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'MSG349337853.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:120:WilError_01"\n "Local\\SM0:7544:304:WilStaging_02"\n "Local\\SM0:7544:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7328:304:WilStaging_02"\n "Local\\SM0:7328:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7188:304:WilStaging_02"\n "Local\\SM0:7188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:49728"\n "185.199.109.153:49730"\n "13.35.125.109:49731"\n "149.154.167.220:49732"\n "51.11.192.48:49736"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - Possible RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'Internal YARA signature for possible RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-38', u'name': u'Drops PE files with different extensions', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7544_1106606490\\Part-RU]- [targetUID: 00000000-00007544]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007544]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007544]\n "21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp]- [targetUID: 00000000-00007544]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.json]- [targetUID: 00000000-00007544]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007544]\n "2e8e03b2-b8a9-4702-ad28-272010504828.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\2e8e03b2-b8a9-4702-ad28-272010504828.tmp]- [targetUID: 00000000-00007544]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00007544]\n "Session_13320464616168949" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13320464616168949]- [targetUID: 00000000-00007544]\n "645c73c7-b711-4558-a7af-9f09cc1391b4.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\645c73c7-b711-4558-a7af-9f09cc1391b4.tmp]- [targetUID: 00000000-00007544]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7544_1106606490\\Filtering Rules-AA]- [targetUID: 00000000-00007544]\n "608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp]- [targetUID: 00000000-00007544]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\shoppingfre.js]- [targetUID: 00000000-00007544]\n "8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp]- [targetUID: 00000000-00007544]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007272]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007544]\n "7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp]- [targetUID: 00000000-00007544]\n "LOG" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\LOG]- [targetUID: 00000000-00007544]\n "manifest.fingerprint" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00007544]\n "Variations" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00007544]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'QtjLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydg"\n Heuristic match: "api.telegram.org"\n Heuristic match: "getbootstrap.com"\n Heuristic match: "fernando.r@alliedglobal.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "fernando.r@alliedglobal.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'10/60 Antivirus vendors marked sample as malicious (16% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-7', u'name': u'Uses network protocols on unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 7, u'threat_level': 2, u'type': 7, u'description': u'TCP traffic to 104.22.58.100 on port 49728\n TCP traffic to 185.199.109.153 on port 49730\n TCP traffic to 13.35.125.109 on port 49731\n TCP traffic to 149.154.167.220 on port 49732\n TCP traffic to 51.11.192.48 on port 49736'}], u'threat_level': 2, u'size': 102455, u'job_id': u'63e596ab38f3a44d604cd090', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None
2023-05-12 03:22:52Open TCP PortNoPulsedive0020None188.114.96.1:8080188.114.96.1
2023-05-12 02:46:16Affiliate Description - AbstractNoDuckDuckGo0030NoneGitHub, Inc. is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018. It is commonly used to host open source software development projects. As of January 2023, GitHub reported having over 100 million developers and more than 372 million repositories, including at least 28 million public repositories. It is the largest source code host as of November 2021.battleb0t.github.io
2023-05-12 03:09:01Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.9887.248.157.102
2023-05-12 03:03:42Internet NameNoDNS Resolver0030Nonefluid.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://fluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://fluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}]
2023-05-12 03:38:38Blacklisted Affiliate IP AddressYesUCEPROTECT0040NoneUCEPROTECT - Level 2 (some false positives) (207.154.228.167)207.154.228.167
2023-05-12 02:50:23Blacklisted IP AddressYesHoneypot Checker0120NoneHoneypotproject (172.67.135.9): Search Engine Last Activity: 0 days ago Threat Level: 29172.67.135.9
2023-05-12 02:56:29Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.opinionsbildarna.se/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar15A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "184.31.135.120:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_948_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_948_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_948_IESQMMUTEX_0_519"\n "IsoScope_948_IE_EarlyTabStart_0x96c_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_948_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2376"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_948_ConnHashTable<2376>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab159.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003848]\n "WFXJLKMZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WFXJLKMZ.txt]- [targetUID: 00000000-00002376]\n "manifest_1_.webmanifest" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFFAAD4CD900CEC332.TMP" has type "data"- Location: [%TEMP%\\~DFFAAD4CD900CEC332.TMP]- [targetUID: 00000000-00002376]\n "~DF3FFEC317C0D185F4.TMP" has type "data"- Location: [%TEMP%\\~DF3FFEC317C0D185F4.TMP]- [targetUID: 00000000-00002376]\n "_C4F83231-322A-11ED-9777-0800272EAECA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002376]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003848]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002376]\n "AA3B58698007BC824A9E81451B820AFD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\AA3B58698007BC824A9E81451B820AFD]- [targetUID: 00000000-00003848]\n "_48B0BBD4-322D-11ED-9777-0800272EAECA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "QWM3ZIWJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QWM3ZIWJ.txt]- [targetUID: 00000000-00003848]\n "~DF34206CEDA4E061F8.TMP" has type "data"- Location: [%TEMP%\\~DF34206CEDA4E061F8.TMP]- [targetUID: 00000000-00002376]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002376]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.opinionsbildarna.se/manifest.webmanifest"\n Pattern match: "https://www.opinionsbildarna.se"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Pattern match: "www.opinionsbildarna.se"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.opinionsbildarna.se\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.196.30.220]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 989\nContent-Type: application/octet-stream\nDate: Mon, 12 Sep 2022 01:26:03 GMT\nEtag: "9af86af75fb7ff64f2c69342f94824f7-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GCQMVBVYJY64KT58P2H0V8CG\n\n{"name":"opinionsbildarna","short_name":"opinionsbildarna","start_url":"/","background_color":"#663399","theme_color":"#663399","display":"minimal-ui","icons":[{"src":"icons/icon-48x48.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"48x48","type":"image/png"},{"src":"icons/icon-72x72.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"72x72","type":"image/png"},{"src":"icons/icon-96x96.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"96x96","type":"image/png"},{"src":"icons/icon-144x144.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"144x144","type":"image/png"},{"src":"icons/icon-192x192.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"192x192","type":"image/png"},{"src":"icons/icon-256x256.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"256x256","type":"image/png"},{"src":"icons/icon-384x384.png?v=7434068eaf17e8601"- [Source: SSL_104.196.30.220]\n, "e02a866de2e7a8e","sizes":"384x384","type":"image/png"},{"src":"icons/icon-512x512.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"512x512","type":"image/png"}]}"- [Source: SSL_104.196.30.220]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.opinionsbildarna.se\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.196.30.220]\n\n "HTTP/1.1 404 Not Found\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Type: text/html; charset=utf-8\nDate: Mon, 12 Sep 2022 01:26:05 GMT\nEtag: 1565395025-ssl-df\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GCQMVDN4B9431AR7ABBHYQ23\nTransfer-Encoding: chunked"- [Source: SSL_104.196.30.220]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artif104.196.30.220
2023-05-12 02:56:51Internet NameNoDNS Resolver0030Nonewww.battleb0t.xyz[{"url": "https://www.battleb0t.xyz", "firewall": "Fastly", "detected": true, "manufacturer": "Fastly CDN"}, {"url": "https://www.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneTen Forward 5 (Net ID: 00:01:9F:34:7C:14)34.0544, -118.244
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneCuriouscat (Category: social) https://curiouscat.live/AltpapierAltpapier
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonethemeforest (Category: art) https://themeforest.net/user/loginlogin
2023-05-12 02:54:13Linked URL - ExternalNoWeb Spider1020Nonehttps://github.com/BattleB0thttps://battleb0t.xyz/
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneTEO Network Enterprise (Net ID: 00:01:24:F0:B7:E1)37.780462,-122.390564
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneMCUUID (Minecraft) (Category: gaming) https://mcuuid.net/?q=Battleb0tBattleb0t
2023-05-12 02:54:21Web ContentNoWeb Spider0050None.container{width:100%}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity))}.bg-center{background-position:50%}.bg-no-repeat{background-repeat:no-repeat}.border-gray-300{--border-opacity:1;border-color:#ebebeb;border-color:rgba(235,235,235,var(--border-opacity))}.rounded{border-radius:.25rem}.border-solid{border-style:solid}.border-0{border-width:0}.border{border-width:1px}.border-t{border-top-width:1px}.cursor-pointer{cursor:pointer}.block{display:block}.inline-block{display:inline-block}.table{display:table}.hidden{display:none}.float-left{float:left}.clearfix:after{content:"";display:table;clear:both}.font-mono{font-family:monaco,courier,monospace}.font-light{font-weight:300}.font-normal{font-weight:400}.font-semibold{font-weight:600}.h-12{height:3rem}.h-20{height:5rem}.text-13{font-size:13px}.text-15{font-size:15px}.text-60{font-size:60px}.text-2xl{font-size:1.5rem}.text-3xl{font-size:1.875rem}.leading-tight{line-height:1.25}.leading-normal{line-height:1.5}.leading-relaxed{line-height:1.625}.leading-1\.3{line-height:1.3}.my-8{margin-top:2rem;margin-bottom:2rem}.mx-auto{margin-left:auto;margin-right:auto}.mr-2{margin-right:.5rem}.mb-2{margin-bottom:.5rem}.mt-3{margin-top:.75rem}.mb-4{margin-bottom:1rem}.ml-4{margin-left:1rem}.mt-6{margin-top:1.5rem}.mb-6{margin-bottom:1.5rem}.mb-8{margin-bottom:2rem}.mb-10{margin-bottom:2.5rem}.ml-10{margin-left:2.5rem}.mb-15{margin-bottom:3.75rem}.-ml-6{margin-left:-1.5rem}.overflow-hidden{overflow:hidden}.p-0{padding:0}.py-2{padding-top:.5rem;padding-bottom:.5rem}.px-4{padding-left:1rem;padding-right:1rem}.py-8{padding-top:2rem;padding-bottom:2rem}.py-10{padding-top:2.5rem;padding-bottom:2.5rem}.py-15{padding-top:3.75rem;padding-bottom:3.75rem}.pr-6{padding-right:1.5rem}.pt-10{padding-top:2.5rem}.absolute{position:absolute}.relative{position:relative}.left-1\/2{left:50%}.-bottom-4{bottom:-1rem}.resize{resize:both}.text-center{text-align:center}.text-black-dark{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity))}.text-gray-600{--text-opacity:1;color:#999;color:rgba(153,153,153,var(--text-opacity))}.text-red-error{--text-opacity:1;color:#bd2426;color:rgba(189,36,38,var(--text-opacity))}.text-green-success{--text-opacity:1;color:#9bca3e;color:rgba(155,202,62,var(--text-opacity))}.antialiased{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.w-12{width:3rem}.w-240{width:60rem}.w-1\/2{width:50%}.w-1\/3{width:33.333333%}.w-full{width:100%}.transition{-webkit-transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform,-webkit-transform}body,html{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity));-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-size:16px}*,body,html{margin:0;padding:0}*{box-sizing:border-box}a{--text-opacity:1;color:#2f7bbf;color:rgba(47,123,191,var(--text-opacity));text-decoration:none;-webkit-transition-property:all;transition-property:all;-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);transition-timing-function:cubic-bezier(0,0,.2,1)}a:hover{--text-opacity:1;color:#f68b1f;color:rgba(246,139,31,var(--text-opacity))}img{display:block;width:100%;height:auto}#what-happened-section p{font-size:15px;line-height:1.5}strong{font-weight:600}.bg-gradient-gray{background-image:-webkit-linear-gradient(top,#dedede,#ebebeb 3%,#ebebeb 97%,#dedede)}.cf-error-source:after{position:absolute;--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity));width:2.5rem;height:2.5rem;--transform-translate-x:0;--transform-translate-y:0;--transform-rotate:0;--transform-skew-x:0;--transform-skew-y:0;--transform-scale-x:1;--transform-scale-y:1;-webkit-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));-ms-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));--transform-rotate:45deg;content:"";bottom:-1.75rem;left:50%;margin-left:-1.25rem;box-shadow:0 0 4px 4px #dedede}@media screen and (max-width:720px){.cf-error-source:after{display:none}}.cf-icon-browser{background-image:url(/cdn-cgi/images/cf-icon-browser.png)}.cf-icon-cloud{background-image:url(/cdn-cgi/images/cf-icon-cloud.png)}.cf-icon-server{background-image:url(/cdn-cgi/images/cf-icon-server.png)}.cf-icon-ok{background-image:url(/cdn-cgi/images/cf-icon-ok.png)}.cf-icon-error{background-image:url(/cdn-cgi/images/cf-icon-error.png)}#cf-wrapper .feedback-hidden{display:none}#cf-wrapper .feedback-success{min-height:33px;line-height:33px}#cf-wrapper .cf-button{color:#0051c3;font-size:13px;border-color:#0045a6;-webkit-transition-timing-function:ease;transition-timing-function:ease;-webkit-transition-duration:.2s;transition-duration:.2s;-webkit-transition-property:background-color,border-color,color;transition-property:background-color,border-color,color}#cf-wrapper .cf-button:hover{color:#fff;background-color:#003681}.cf-error-footer .hidden{display:none}.cf-error-footer .cf-footer-ip-reveal-btn{-webkit-appearance:button;-moz-appearance:button;appearance:button;text-decoration:none;background:none;color:inherit;border:none;padding:0;font:inherit;cursor:pointer;color:#0051c3;-webkit-transition:color .15s ease;transition:color .15s ease}.cf-error-footer .cf-footer-ip-reveal-btn:hover{color:#ee730a}.code-label{background-color:#d9d9d9;color:#313131;font-weight:500;border-radius:1.25rem;font-size:.75rem;line-height:4.5rem;padding:.25rem .5rem;height:4.5rem;white-space:nowrap;vertical-align:middle}@media (max-width:639px){.sm\:block{display:block}.sm\:hidden{display:none}.sm\:mb-1{margin-bottom:.25rem}.sm\:mb-2{margin-bottom:.5rem}.sm\:py-4{padding-top:1rem;padding-bottom:1rem}.sm\:px-8{padding-left:2rem;padding-right:2rem}.sm\:text-left{text-align:left}}@media (max-width:720px){.md\:border-gray-400{--border-opacity:1;border-color:#dedede;border-color:rgba(222,222,222,var(--border-opacity))}.md\:border-solid{border-style:solid}.md\:border-0{border-width:0}.md\:border-b{border-bottom-width:1px}.md\:block{display:block}.md\:inline-block{display:inline-block}.md\:hidden{display:none}.md\:float-none{float:none}.md\:text-3xl{font-size:1.875rem}.md\:m-0{margin:0}.md\:mt-0{margin-top:0}.md\:mb-2{margin-bottom:.5rem}.md\:p-0{padding:0}.md\:py-8{padding-top:2rem;padding-bottom:2rem}.md\:px-8{padding-left:2rem;padding-right:2rem}.md\:pr-0{padding-right:0}.md\:pb-10{padding-bottom:2.5rem}.md\:top-0{top:0}.md\:right-0{right:0}.md\:left-auto{left:auto}.md\:text-left{text-align:left}.md\:w-full{width:100%}}@media (max-width:1023px){.lg\:text-sm{font-size:.875rem}.lg\:text-2xl{font-size:1.5rem}.lg\:text-4xl{font-size:2.25rem}.lg\:leading-relaxed{line-height:1.625}.lg\:px-8{padding-left:2rem;padding-right:2rem}.lg\:pt-6{padding-top:1.5rem}.lg\:w-full{width:100%}} http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneMy Passport (2.4 GHz) - 07E0F4 (Net ID: 00:00:C0:07:E0:F4)52.3759, 4.8975
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneDiscogs (Category: music) https://www.discogs.com/user/loginlogin
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:2D:B3:F8)34.0544, -118.244
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonefansly (Category: XXXPORNXXX) https://fansly.com/ayhu/postsayhu
2023-05-12 03:23:17Open TCP PortNoPulsedive0030None188.114.96.4:80188.114.96.0/24
2023-05-12 03:43:57URL (Form)NoPage Information0030Nonehttp://ayhu.xyz/<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5e7988238a')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="y6.jA_9kQFy3M6YOg.QQj0I7RDwRq_S0_mJGsO_2b80-1683861862-0-AcgqVWkb5rc1wRzq8CruZzqixRf2dFZvnnpeMqPo3y2RR7Jx_-WXovg8bbE5-sP--_UlGfcV7z4_V2dzBcMQgc0YMGe-kEUsKgbTagVXmpUA4ghc-4PKKMUpkHtuZz1pOKMcK0utLj3hccZMUZnWLxuhkTuTIuQG4o4TSyLTO5DkVUoXElS5eAJBZDveAXcM-BMmbtyiS5OZrdIj-mSAmfLaL706pmvV2Fnl5vtOScBdKynAsN6R2sxLPULzhy1STjWMiZSraZ6Ew2wxtjJHN1h4TKQbcQWPXgeC7N8JO4M701hR33k8KGtSEURoh0GVidfXau0xJ5Jr_OGYkw5FwTBNxUlh_dNr8sS8DOR88UaR5CKeXC5a8lA8uHqsSe_vEPdtQ6ldEQsz8iyhLDK-toyNqpISWEaAU-LNzhQYcTSFycIkBAwjz1zpN5j-awjwVXg6RSi8xKpcwkSr--vTKuOd6x5Ta6zVKvVa1ZDb1BUG5hCEGVVAylLih2TiGym6K9ZGtKfmo5uFC383bpOhjywcXyRzMeHVb0-6rTS3z63iX3ajtvlcxXXHBtT7ZYhauWYn6f0gWo9iG78z0gFNWMboZLU8duYgFtCeIooI5W88WdaOwHui00SnK7AZf-I1NO1RlI5CzrcfcBEcVnBP-f_yBVIgGca2GM5pwr7RuguWROnl62QKlF8-RLW3LA5gZmJXKAJZeG1tfcH7m64xxmCx5ACGWrjrUMscOUmz4eHVBUSovlHfs3fcaIk9rIcxhwwBJRVDZ7oKn49L5lwNMgQFGDH_uzu8lK7M31bKNSdUqZK_4nMd7x2dSJvuX6x1f0d5_OcVPHJZxZ3t19Y2v21qYtJUwk_l3orppRJLdYFyIFSiVGRp27InLA-bNsaoFJuYkaXhMvKIRYQcI57Gu9t5UJBJyHfItWPN13CPHmTRR-xesXCsUCGNSlrn27LW82G3vB0LsnqsDVH9D7CmoXk767loN6MRiMM6E9lV7pktIJEgRREZerErCz-Gw9056q07NCPJYQafcy44fhA0Ayu8GVn0zQYz2hW6ho8NtCxWLxQfDeVyMn6PMsg4IcHVBtGEwWH4OhHGTM9Y96fCik0WwBZwbXdS00HiRtlSReGbhDYPFuGYXFHlUkiHUQ8TNNjJwXP8HrnSnr-Tv6HMk8DT21iZM1t8Ws-Z1VPVHIUqMpqoj6bYoJTKdTHCyWVXSoymcDjiiAr_dGcQ70iCvCfjEHAw9_ZFb11mKAVckSFfHs_OhqOxwVZ8fWFWX5CRVYjb8-2Mg4cL3IvIHLOVh97Eo-8uZhAyESkAuV2iGT1_77CGqcRlglDGfKHj9D0j_GrA2lys8V_W4n84xH9sB9BtW8YrWDnEH4r1lV4ZaxbUDArRwxqP9P1FzSMMjtcVzsgzIRpF2ste2ogtL1ku1f750t7TYDkzGvNZnmSp--sTxTZcyZjvZuT-kxIOnFkQudjV92D0dpRia33x6FdgV44_rvGqDtNVBEvpDVRPc5F7iWJTGkpG_0wSt-t0pHAlpnVj5960VNsQ1fIVqzIjyeTRIupoKny56OID3zofBUX9GXMMvftzuBxkvH568kA-nhoghfb5gJUTU4dQVs3R3lvIMsLJW_0OugCzVwa7bbjSi3yNlNTmyyZSUaQHqMOYwEHt04GQZ_JQBpDCQvIGLq1fOLeArqr97ZPrGgk_x7n2c6MIQK0vFFlSI1sI8OS4yi8D0V-GNr2Bt_G2Ue_TKIZGNfQPaWAM0jGlpc1nPWIZS-sYxW-8ui-6eexGBFZ5-zLr2uaHNG_xNol2Di7iRI4TW5JoZOZTUx2wSZVCmafA5viAw12czMeK4Ymm36GiAo0mTnIrrghObXpHRydCjEOD-ie6KdVTajZGWvZP24dk25nzrx7uELmxfIPaAvIALx9AdiYBCbeQ0Yz_UH9uDQF6Eh_AqthmXwQQH1F4IA_32McFzcxir6Txr6Mur3t22mOZF963IcNMqvP7vPcccq_rufb25sF8o6nhmaVg8cgPEKIwNeq8Yai0pVnLlllLMVSWIHePNfLuLOdg9LDG1pq1rafu4Rgb-yc2Aoh4enGvHZkuRe6wlOLCDdREAADDoXkFVowEW_DGLxK1pMON0uU78NiTV9_r2o4osZBaOPn8heMmK90xPpnLokgH3gubppwq1gfmaT0RIIPWt7RVKpJRXQ_wSjLVjILALRXQY6PbelUym6TQ1z5fJfHRmrHxVnQvY6aogsFcFGtQVSrl8OCNEwv9P3oaH1GWxoSabHdrSKZmlLs2m-l9LJf4El9FKIA3NBr09u94xMLRSPmEHb4Ol-KPCw5RJiAwyBy2nrohjehlLLjGIgbGh_hTPi8G-yGwVEOyQB8GJBts_O8-g8mz65tw5NpdS_SbFPOasS6txd-b_DzeOnkkcJgqOwM_x3VH39HvzlVBkxqyTu-7yh1ffXA3EAxe-TkXe6foRnX1wH3iJh2_MCDDGxTOkk8Xj59t6wAawmHCKnU2CvogDUE"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '13063', cRay: '7c5f8c5e7988238a', cHash: 'ba708169066f393', cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'YtLw1r+G4BXsd0FkRMvka85wm7Lw/iR0rXUYENjW5JZbvNWZBYa0q0+Il8LjyNehJabAqUtaWf767wbCNaYgySnBqnpPsMoOa0cKWt1fZp4gdy+C8LU/pGEGRmyTt+1SC3FdTYu6cI8WiDs6EYfaolZ1Q4GzSM9aW8XcriqivgIDXT1BzBjJwTzpAp1U3aRGBhldnftnEosz5IN8cZ/ZfjD59KxZxCk4YJ82hAC/4p5NK53nkqtCB8+yebFdC+eEhhByuy+cDGuW019GQtjFSS9CeSHMkq0X5vvnjvWzUwgZWatWT4cb7H1DRCSbe56JnIW2SqUEUemPQIyx8r8XETw2r/jfEGJaIkWc0xNQcTIwyTo7s7DjvWVDpJZwE8RGlfo+XMla1yJOLJeQ4p8yS62WkxGCezqaUSIRC9W7/EJZB2hizQMBsQ33Qut7vH5/uRFNuCVFUoIv1B6FDgjnGpAfl6VMz5kByy7JL0ytkDTuSpiY63YcvOGMdbIIR3h4udGCBX1zULf54DaAq4yJPJFFrDJ28oS3TKgFFoFGJa2VsTR4xn/6LIYLPcOgI6uz', t: 'MTY4Mzg2MTg2Mi4xNjAwMDA=', m: 'c3pqWAYwgRkhuI1rZgTpwNhg2e/0sRGYZUtHGzVigsI=', i1: 'NNf66iKUbSi3dpVZsq8TXQ==', i2: 'dYlWHTj6TB0dDvgfdZy2xA==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5e7988238a'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5e7988238a'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:54:17Raw Data from RIRsNoCensys0040None{"last_updated_at": "2023-05-11T22:57:58.234Z", "ip": "2606:4700:3037::6815:470e", "location_updated_at": "2023-05-08T07:47:25.051265Z", "autonomous_system_updated_at": "2023-05-08T07:47:25.051415Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"aimeetessendorff.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T12:47:45.461955940Z"}, "repvetentieloc.ml": {"record_type": "AAAA", "resolved_at": "2022-11-19T15:10:10.180278821Z"}, "distschertertilise.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:07.597674627Z"}, "webmail.plafonpvcklaten.com": {"record_type": "AAAA", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "ciasanbeverroca.ga": {"record_type": "AAAA", "resolved_at": "2023-04-13T02:45:50.515988463Z"}, "newbabyswing.com": {"record_type": "AAAA", "resolved_at": "2023-01-14T15:30:21.414055738Z"}, "artisttel.com": {"record_type": "AAAA", "resolved_at": "2023-04-14T17:49:46.342407896Z"}, "bacmyto.gq": {"record_type": "AAAA", "resolved_at": "2023-04-29T17:30:56.299623606Z"}, "www.adwokat-pancerz.pl.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-03T02:35:21.068173226Z"}, "go789.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:34:21.509585450Z"}, "www.breakthruagent.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T21:12:12.423073791Z"}, "copingarenna.tk": {"record_type": "AAAA", "resolved_at": "2023-01-16T17:49:52.827491940Z"}, "lakadestpageli.tk": {"record_type": "AAAA", "resolved_at": "2022-12-28T17:28:31.912298526Z"}, "lounch.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-09T12:34:15.725375810Z"}, "easardo.gq": {"record_type": "AAAA", "resolved_at": "2022-12-05T14:57:48.157662110Z"}, "cosmicstory.info": {"record_type": "AAAA", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "trueallureforevershinejewelry.com": {"record_type": "AAAA", "resolved_at": "2023-04-04T16:44:01.264807017Z"}, "clean.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.177595997Z"}, "maycijackmo.gq": {"record_type": "AAAA", "resolved_at": "2023-01-02T14:40:23.496602167Z"}, "domainwheel.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-04T22:48:08.612020608Z"}, "take2s.com": {"record_type": "AAAA", "resolved_at": "2023-04-26T16:42:32.449014857Z"}, "zouksedalme.cf": {"record_type": "AAAA", "resolved_at": "2023-01-08T12:26:58.333904645Z"}, "mistwarctolylong.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "wiki.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.887086684Z"}, "slanchogled.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "ciorabutnewsmort.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:31.076583498Z"}, "offer.buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:39:01.965135008Z"}, "cloud.topmax.dev": {"record_type": "AAAA", "resolved_at": "2022-11-09T14:16:47.770763186Z"}, "tiaticviwatch.cf": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:47:13.799688411Z"}, "fisbopowertools.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T14:43:38.993993919Z"}, "dgvsm.com": {"record_type": "AAAA", "resolved_at": "2023-03-18T21:11:44.668409595Z"}, "it-a-br-newcarok.live": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T14:32:56.241553693Z"}, "ritsar.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-03T22:17:27.736952452Z"}, "www.advocateclaims.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T13:25:19.560491085Z"}, "hkjku-liop.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-21T17:17:14.415081307Z"}, "hotel-taormina.info": {"record_type": "AAAA", "resolved_at": "2023-05-04T18:10:13.310895111Z"}, "blacklotusaudio.com": {"record_type": "AAAA", "resolved_at": "2023-01-02T13:02:23.981054734Z"}, "cdn.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T19:28:04.759393053Z"}, "routsaygeehekdest.ga": {"record_type": "AAAA", "resolved_at": "2023-04-14T02:12:59.832119313Z"}, "www.farasoacademy.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "7lakesholidays.co.uk": {"record_type": "AAAA", "resolved_at": "2023-05-11T21:51:15.077407211Z"}, "cumslocals.com": {"record_type": "AAAA", "resolved_at": "2023-04-02T14:31:43.668953015Z"}, "www.mischerhexe.de": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:40:14.150921538Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "brousebiology.com": {"record_type": "AAAA", "resolved_at": "2023-02-02T13:05:34.500687558Z"}, "www.brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "dubadub.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T14:40:56.310744261Z"}, "martohacabe.ga": {"record_type": "AAAA", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "og-e-designscanada.com": {"record_type": "AAAA", "resolved_at": "2022-11-02T14:00:37.786101267Z"}, "nencafuvilate.ml": {"record_type": "AAAA", "resolved_at": "2023-05-10T18:02:40.500759466Z"}, "searchtermresults.com": {"record_type": "AAAA", "resolved_at": "2023-04-27T16:36:47.951727992Z"}, "cdn-1.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T14:00:08.829408117Z"}, "cundasithumbnoda.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:49:51.989235614Z"}, "www.24hrupdate.online": {"record_type": "AAAA", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "www.sripersada.com": {"record_type": "AAAA", "resolved_at": "2022-11-19T14:03:00.698431487Z"}, "kids.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T22:13:24.698234660Z"}, "sentimelt.com": {"record_type": "AAAA", "resolved_at": "2023-04-23T16:01:11.742725624Z"}, "walledgarden.global": {"record_type": "AAAA", "resolved_at": "2023-05-03T00:39:45.829214813Z"}, "xn--b1agjto.xn--p1acf": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:13:25.943966163Z"}, "nieqiulemoru.gq": {"record_type": "AAAA", "resolved_at": "2023-05-03T17:22:24.190764207Z"}, "renalfa.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:47:46.479184263Z"}, "mujeresalaobra.org": {"record_type": "AAAA", "resolved_at": "2023-05-08T21:50:08.391075868Z"}, "hbomedtoday.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:49:34.524954322Z"}, "fatdomisecools.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:22.776371266Z"}, "tegafoods.mx": {"record_type": "AAAA", "resolved_at": "2023-04-26T19:27:47.975723009Z"}, "www.a2zbiotics.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-04-28T20:07:55.631943899Z"}, "aaditrifood.com": {"record_type": "AAAA", "resolved_at": "2022-09-30T12:45:20.759363789Z"}, "baklibabsaringram.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:08.988220251Z"}, "ylcaloketpmentluv.gq": {"record_type": "AAAA", "resolved_at": "2022-12-13T15:15:42.169837303Z"}, "certidao.srv.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:45:01.697407879Z"}, "anactikazida.ga": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:52:35.596026353Z"}, "abkapp.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "nowbiggerwithgta.com": {"record_type": "AAAA", "resolved_at": "2022-12-26T00:35:04.859173648Z"}, "mail.feitonodigital.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T14:30:55.716361269Z"}, "www.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-28T12:17:10.511292940Z"}, "conimexsa.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:25:21.075230785Z"}, "neglectmillspark.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-07T12:49:27.362981875Z"}, "brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:15:03.687712788Z"}, "garluco.ga": {"record_type": "AAAA", "resolved_at": "2023-04-27T18:33:39.654380379Z"}, "auth.gay": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:54:43.280273275Z"}, "www.tizhoo.ir": {"record_type": "AAAA", "resolved_at": "2022-12-03T15:10:06.028885766Z"}, "road.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "gusteiplexmola.tk": {"record_type": "AAAA", "resolved_at": "2023-03-27T05:18:03.996467271Z"}, "diageherpost.ga": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:33:56.882157561Z"}, "pennportcoun.tk": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:45:04.713699318Z"}, "zunbazapecomfo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:52:13.680560969Z"}, "tiosmarigin.tk": {"record_type": "AAAA", "resolved_at": "2023-03-11T19:39:44.575906671Z"}, "buvade.ml": {"record_type": "AAAA", "resolved_at": "2023-04-27T19:50:04.921168507Z"}, "webmail.sylhetbarta24.com": {"record_type": "AAAA", "resolved_at": "2023-02-11T14:21:26.991769121Z"}, "taapakspices.com": {"record_type": "AAAA", "resolved_at": "2023-04-27T16:57:37.830395205Z"}, "autodiscover.dfwtaxi.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:15:13.192169963Z"}, "merrellphboots.com": {"record_type": "AAAA", "resolved_at": "2022-11-30T19:31:43.146946537Z"}, "webmail.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-24T12:18:30.715835062Z"}, "cpcontacts.dailytungipara.com": {"record_type": "AAAA", "resolved_at": "2023-04-12T14:38:48.746210759Z"}, "mail.kasabugraphics.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T14:52:30.444010315Z"}, "jadehost.xyz": {"record_type": "AAAA", "resolved_at": "2022-11-02T17:53:20.233482468Z"}, "searhasbsub.tk": {"record_type": "AAAA", "resolved_at": "2023-05-11T21:42:54.350620579Z"}, "vikk-play.space": {"record_type": "AAAA", "resolved_at": "2023-01-29T18:05:12.078217209Z"}, "edocoutercenma.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:25.411014530Z"}}, "names": ["mail.feitonodigital.com", "go789.ga", "nowbiggerwithgta.com", "searchtermresults.com", "hotel-taormina.info", "webmail.cienci2606:4700:3037::6815:470e
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonea-zoom (Net ID: 00:01:38:D4:87:A3)37.780462,-122.390564
2023-05-12 02:57:26Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://rebrand.ly/zkdr5qh', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [u'18.232.255.120', u'35.229.48.116', u'52.20.78.240'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://rebrand.ly/zkdr5qh#cbk%40cbk.gov.kw', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"18.232.255.120:443"\n "8.249.23.254:80"\n "192.124.249.23:80"\n "35.229.48.116:443"\n "104.17.24.14:443"\n "52.20.78.240:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.godaddy.com"\n "ocsp.sectigo.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ef4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ef4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ef4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3828"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ef4_IESQMMUTEX_0_331"\n "IsoScope_ef4_ConnHashTable<3828>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ef4_IE_EarlyTabStart_0xc2c_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003252]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003252]\n "51C778D1B3D7448EC0DA4AE3D4980DFC_A397D18A0CD6D90D198AF5B25C97EE7F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\51C778D1B3D7448EC0DA4AE3D4980DFC_A397D18A0CD6D90D198AF5B25C97EE7F]- [targetUID: 00000000-00003252]\n "EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D]- [targetUID: 00000000-00003252]\n "CA7EF15DA1A3F288F2EC1D2ED9F27BE3" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CA7EF15DA1A3F288F2EC1D2ED9F27BE3]- [targetUID: 00000000-00003252]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003828]\n "KWL532KX.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\KWL532KX.htm]- [targetUID: 00000000-00003252]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003252]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003252]\n "~DFEB7596C6C011B031.TMP" has type "data"- Location: [%TEMP%\\~DFEB7596C6C011B031.TMP]- [targetUID: 00000000-00003828]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003252]\n "2WBPSNI5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2WBPSNI5.txt]- [targetUID: 00000000-00003828]\n "WZONAU8G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WZONAU8G.txt]- [targetUID: 00000000-00003252]\n "B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E]- [targetUID: 00000000-00003252]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /zkdr5qh HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rebrand.ly\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_18.232.255.120]\n\n "HTTP/1.1 301 Moved Permanently\nCache-Control: no-cache, no-store\nDate: Tue, 26 Jul 2022 05:21:46 GMT\nEngine: Rebrandly.redirect, version 2.1\nExpires: -1\nLocation: https://merry-sawine-195b34.netlify.app/\nStrict-Transport-Security: max-age=15552000\nContent-Length: 0\nConnection: keep-alive"- [Source: SSL_18.232.255.120]\n\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: merry-sawine-195b34.netlify.app"- [Source: SSL_35.229.48.116]\n\n "r$zoN! ;nBZJMV#!?GbQGW E.Sp"ooG+lS]>on f\nthItg]VF4vfw_lB!\\X@LAj6P$aA\n6n^ @ORR?HP3}]m^F9\nn>|1GEx(}.qEW6u%w[ )]|d <q??Bs|\n P]{3\n\\w]V1?~8o<+KTVh{E{P[$H>{miLwILxY%Gz.P\n$o\\E&BXx 9/Pxx>q|:OG~&8d~kX~W}mF;\nj=1#E_X^"tH~c>by;gDYzb8kV*"`d^E|;tu>xbrbb>A5&mich2/F>s4uqav:t_"lc:*+|T#wy|Ja)CBU_\n&.y3a$>SyR~x>i|:O?S>#QYrkw1N{\n75:gdvkkz_:+9+?WO_\nFBR\\pHkzU12$p0G!<|b`7/x|:|?WVJ37{h7cpul!\\wF q:.Ko>v6,r#FL-=@A\'{t:|drMo _/__)7S{O/Mw6S?R;e"&s52$QK\'Tvw_ljOH,="PF6AJ`<0X}pK2WF/1|k\n5_A|:OG|bO}>)rhh5&SkD/7UrV,,>7RrJ7q=eUS UpU[Fgly%5e_oI[ @Kow\'nZg}__/;iPBx 7yT|TGBM\'rri\n<n"{4b#V.Uw\noo@Bx3[G^,Vb6z;^G\n; ;F|<4Otw>Au>IS>}>SU^W)" {*" :@O!qh_wV!,KpAwiT)bf*j%JWP&` AVkw~!V)"U\njFw>.yG|bO#b"@B-"Phw\\f{.hH)~xJb;5OyCMU R3^eG4pj#"Z__)/BL$~\n>}/x=0~GImT/BzgKzz\\UyKJ+y~1i\n~H*S}#KOPW\'kG>}\n||G~)+n_|EGHed[8Rwv5o)~<Av5on>Xb((?\\wz[,@+h6-FZGVO1^_+~%~/F>}0~jO2"- [Source: SSL_35.229.48.116]\n, "#hO^`$c\'~_BwW(7\nZB~o1^\\WoOoo|7PU}a|_t{Xif8wx)\'\'F|~~Oq}~p|oLB|\'V>1b``W[t%AU>y0b?F6i4~?V$6R{M?{q`y?cJ>Ov\n<b}+<K,6r3xqx|t;![$1~G;HP>^>_z4YGzNb0q f:g\\+<H_yqA-hwH@o;Xi^dJ~Gs?{)nO}L) {,!dHD)"- [Source: SSL_35.229.48.116]\n, "& {&ReB=z{~O@#~8"6Stw<h4_{t$V}p\'fThJ3Q?!(3_{KJ0?c%KjHE|V:WL!X%7`>d_5?[~\n+#a> o3&i:[9or;1`Zt!T*^>2sL#b{sT>_\nO%F\nwW}*wMCQrE=&?~O=3Ypg$SHSw2hn:q<S?%G~eHnFR-}9\'dCUw]\neh@!P<TqPU7|o|?*5@Cd6|;)o~X5{OokVu27l;jS>OObD\ni~x&hI}T~?@(6\'#1Hro_z*Lq\'^r;*0PQ-_:#G!?M8_5BcjV2u2A\nO62O\nxxrX?8~}oWG<8w1}sz-Y3*101)HB?EWA{~>\'5jy;\'1?>I[:T8ZU!3x9qV*\n5<"YKH:xy4s9Bu+EF>~\nc|FO-7F}U,Uv"aDNQOQ_#?CPoQ_E2{|bbNH*B#>nS>B{*t!GD3!HS~^xsx?"B7:Gy`gBbc`c=q<G|Q~?;_TCFDoKvUcRU!S@| FGGxMFBHG@Al4e}/o12F8>wc?WXab_x\\5qUAH|q~}hLP8jc6EVMQ|A#Sx?+3WW)kB8e|$Pp*w<^\n~8^NUJ":_c$I<;8?f?|2~j[r~/|KNSEC?n[B|b)i1;3+Ozp*?C@a;s_Eb;l?8n\nkN:~.UJU3z}:3O5Cpmw3e\n?n2?k>RxDA<P!HHn\\gE^&!F{3{c(xgG}j*4}4O?deO}W?zDA\\q\n&{QR[ob>(?b|d~C{\nnFKh<dox\\xaOS,f_doN4_*F#>/?Qq|NJ1^n\nW%Roc;C|=8v0$;N5a|\'P\nz;;xKh<?t(?~>bOayK(~d{bmg<Cv7|R~/Vxp<AHHGox%Kn/?x|NoG<}?2T:}}~/?D4`N,FjiG}({0\n4|}W9(\n@ES?5oz2>:_2%DK\n?vCRUgOM/;7\nG?=(?|W,_c|v"m\\^sOL~,R;~Kc$^Xj\n|OTS?>o<79aA|9,g/ypoOvius}/}<~]2jOZ(F_|HOSJ>^a]G<u0(GeO>!!~Csw3e~+skKzo9F\n%Pu)FBH>|#q!\n?X&<=Wr{(hiT!F*oo/4>S3~o*O>A#_bdV5<7/7}n\'.|xXZ]U<#yZDm3(NH_k~|YJ\n(/[:a|yv\'D]hdYESKmH>\n})?nU81_7)|#@+5dWaW!<"DkDOKxq ^y>C}yA.&iaKB>#*iIB.P!<p-*$H_XU\nhBe(2~]_^ N~_IpCi_`3P%Ni\n\nh$_g~9(JhD" vHEefM\n_Ptgw";c39UeCG&O;T}ar*O?Gc|<s/Dq0A;.^_a%?=\nr,oG(3 <yohoS0Bx"B-7%#X35.229.48.116
2023-05-12 02:46:54IP AddressNoDNS Resolver0020None172.67.168.252vscode.battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:33:E6:06)34.0544, -118.244
2023-05-12 03:00:49Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.68): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:59:06Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.22.0.232', u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cutt.ly/aXzA6sp', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_bd4_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_bd4_IESQMMUTEX_0_331"\n "IsoScope_bd4_ConnHashTable<3028>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bd4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3028"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_bd4_IE_EarlyTabStart_0x860_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bd4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3028"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.0.232:443"\n "34.74.170.74:443"\n "151.101.24.193:443"\n "104.26.4.7:443"\n "23.58.146.135:80"\n "67.202.114.212:443"\n "91.199.212.52:80"\n "151.101.24.158:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"r3.o.lencr.org"\n "crt.usertrust.com"\n "ocsp.sectigo.com"\n "i.imgur.com"\n "video.twimg.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar39D0.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab39CF.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003484]\n "_72F96FE9-1F89-11ED-9450-080027D43B41_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "KPRDW9OF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KPRDW9OF.txt]- [targetUID: 00000000-00003028]\n "device.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003484]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003484]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "Cab39CF.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab39CF.tmp]- [targetUID: 00000000-00003484]\n "7423F88C7F265F0DEFC08EA88C3BDE45_C86B7000B5CEB7F9146D51D7AB048AFE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_C86B7000B5CEB7F9146D51D7AB048AFE]- [targetUID: 00000000-00003484]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003028]\n "E0968A1E3A40D2582E7FD463BAEB59CD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E0968A1E3A40D2582E7FD463BAEB59CD]- [targetUID: 00000000-00003484]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003484]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 16x16 32 bits/pixel"- [targetUID: N/A]\n "index_1_.css" has type "ASCII text"- [targetUID: N/A]\n "pingjs_1_.js" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003028]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /aXzA6sp HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cutt.ly\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.22.0.232]\n\n "0"- [Source: SSL_104.22.0.232]\n\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: cozyfox.netlify.app"- [Source: SSL_34.74.170.74]\n\n "pdL!"hBo%y[/Hd\'Lx?Np2B/5tO$3LEBD9:>;=8EVm\n2j\\VkO9XFG!x9\\5IcsE3`Jto{8i;%04B4Lhr;;Aqo{*Fh#qw{tB@u\\gqIPpEdMRoGS$dg\'#e)Jq_}vimuxpM5wh{g7y<f6~yr*O\n=\nC?P\\>|@{8*l^iFAVt;z7_rk_[:&f.iy/CFns7esgO/_\\<~bIfmp|Ky7lrkk>xp8Q?Th"- [Source: SSL_34.74.170.74]\n, "GET /d6CE5mr.png HTTP/1.1\nAccept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5\nReferer: https://cozyfox.netlify.app/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: i.imgur.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_151.101.24.193]\n, "HTTP/1.1 200 OK\nConnection: keep-alive\nContent-Length: 12161\nLast-Modified: Thu\n 07 Jul 2022 21:19:55 GMT\nETag: "af7c51313b7c4188cf839b655156702a"\nContent-Type: image/png\ncache-control: public\n max-age=31536000\nAccept-Ranges: bytes\nDate: Fri\n 19 Aug 2022 08:38:09 GMT\nAge: 875904\nX-Served-By: cache-iad-kjyo7100064-IAD\n cache-lax10679-LGB\nX-Cache: HIT\n HIT\nX-Cache-Hits: 1\n 1\nX-Timer: S1660898290.859840\nVS0\nVE1\nStrict-Transport-Security: max-age=300\nAccess-Control-Allow-Methods: GET\n OPTIONS\nAccess-Control-Allow-Origin: *\nServer: cat factory 1.0\nX-Content-Type-Options: nosniff"- [Source: SSL_151.101.24.193]\n, "PNG\n\n\nIHDR\'S"/HIDATx}Ed&$!C E |(O\'CSE}~>}<D?EQ"5YHBVd;vw}%}w~N^?Nb/@2aYT.#B0v,r].?|?j bwO;`29+&0yzUgP]98s,;\'0U0jmh+sw|]K)NuhSh(Xh}MLZ`\\kA;JyVnaLs`2ys&w_?J\nNq0q]Y\\a2P{w\nEM*J`\'a9?Dl}7utPr5R1:gkMw%J*)8\nJT#\'`ly7I528h1(G,XGR`J%CKlw\n{z"PTgF#l+"r|+^v]uDv>`oyxJ4zGx\n&,"oNA)EZghqP^*e-U "ts(|=kZ%=7?u*hmX\'QxFe-]<J#g\'!]2?ura:>ur8qi^~=D^}0yU\'dJ_:Lu1q,?_tjJ*)8\')\\-A+j:\'g\'C$h\nm"/_*vgNt^]}`mj62\n3p;PX6glv\n-\nx7_ZR3*;vQoU~}u4!n<\'7\\sI/QJF)3-F,4rg0\n;Yy`Oz+Gdpo<3Xi|rqgUXl`{ihOz4j7?Pz3A4<+P3X^ kkCCY<\\UiY^^e+*,7{pF=m41VzzH/EU\nN2zs(u#IYS*=xY#JOHSI1S6%`YfhyK<02N}oiqa`Fi-"- [Source: SSL_151.101.24.193]\n, ">>{f~uu8u~SUTo!(x:qPrwL41}[=2MZes\'3k `BTa51SXB]4%4KBI0Q0p\n?I\\=J9"s=!\n*g^dO|YX7)R~$w%\nx&#63&]NlTD~dg@VL#*RXhyPlR:M{m.A^tP7%/B6kA-QD\'20!&PkCXC2G<vi_fPwU^CIeL\nK)Ap)9YhuncM!C,\'Q(=lw*pZeg8Q]O&YB BNCoJ_lszZw+0@dp9KbQENI-l-BoE/4\'j~;{UPfjbLYE`BsPLGbGc},\n<ki!8U\'i6%S!.2O=&}2C\'J`~FI6d2kz_]EZE@`.X&4?O;Oa7fvh *P?QzM*]~)D(=8qsNn,;~x3x{-/)_b}\nTuVF=LdU\nY].YVqWl,90^Cj/2>sGkA\n_?I\'T797E`fcoI:rU95[=cm4"+NvXLC:|OSq[><]]5M3r# kgbGm_mKoo{ar2z)O_\nC5Decp4f>7P5\'eSnfuwlC>5AGECP/F]5mzz3gt[{av]e5g]V%~;g6!0=uw^R9zQ?5Tu`"2wP?91EqsNM\nz~ubC!"- [Source: SSL_151.101.24.193]\n, "}#oF|E-7ztuIjwykYZ?{ZIea@(&Q|\'+8_KXE!:1qtto7g\\^ft34cH)u)*T6VN\nuB)0rY$\nYCp2M3AL=I3@[_+6!s*<ryqwlX;x%OT4grZo3S7{xK3iQkmo?t~;X\n`J>Qx}qNhw\nQE9HRB\\/g(nXG^Z5TLfB]}~SP834.74.170.74
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneSternmismuschel (Net ID: 00:01:E3:C9:B9:3F)50.1188, 8.6843
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneJuggernaut (Net ID: 00:0C:41:D7:E4:AF)33.6170672,-111.90564645297056
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: strict-origin-when-cross-origin{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"}
2023-05-12 02:58:10SSL Certificate - Raw DataNoCertificate Transparency7010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1 ayhu.xyz
2023-05-12 02:44:59Physical LocationNoipapi.co0020NoneSan Francisco, California, CA, United States, US185.199.108.153
2023-05-12 03:41:52Software UsedYesCensys0030Nonemicrosoft windows45.131.109.53
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneW4B3P<]00D^20&51%1C35&6H'%***%Ph (Net ID: 00:06:66:2A:52:5E)33.6170672,-111.90564645297056
2023-05-12 03:00:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.2): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"}
2023-05-12 02:48:54Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.coolroof.biz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IE_EarlyTabStart_0xb9c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b74_IESQMMUTEX_0_303"\n "IsoScope_b74_IESQMMUTEX_0_519"\n "IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.235.199.120:80"\n "23.235.199.120:443"\n "142.250.191.42:443"\n "50.18.123.174:443"\n "142.250.191.40:443"\n "162.159.138.60:443"\n "13.227.74.3:443"\n "52.9.93.55:443"\n "13.227.74.65:443"\n "142.251.46.226:443"\n "13.227.74.101:443"\n "142.250.191.46:443"\n "13.227.21.156:443"\n "13.227.74.12:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.coolroof.biz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"birdeye.com"\n "player.vimeo.com"\n "rms.footbridgemedia.com"\n "www.coolroof.biz"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "_.merge(PublicForm.prototype,{formLogic:new WufooFormLogic(),fieldLogic:new WufooFieldLogic(),runningTotal:\'\',ruleLogic:\'\',formHeight:\'\',timerActive:false,genericInputs:{},sortedTabindexes:[],isEntryManager:false,unableToChangeFile:\'We were unable to change your file.\',runInit:function(){var redirectingToPaymentPage=this.continueToPaypal();this.initCalendars();this.formLogic.setLoadTime();this.formLogic.observeFormSubmit();this.fieldLogic.initializeFocus();this.fieldLogic.showRangeCounters();if(!redirectingToPaymentPage){this.formLogic.initAutoResize(0);}" (Indicator: "paypal")\n "if(nextField){nextField.focus();if(event&&event.preventDefault){event.preventDefault();}else{return false;}}}},setFormHeight:function(){this.formHeight=document.body.offsetHeight+this.formLogic.offset;},continueToPaypal:function(){var redirectingToPaymentPage=false;var $merchant=$(\'#merchant\');var $merchantMessageText=$(\'#merchantMessageText\');if($merchant.length){redirectingToPaymentPage=true;if($merchantMessageText.length){$merchantMessageText.show();$(\'#merchantButton\').hide();}" (Indicator: "paypal")\n "{state:0,transportUrl:b,context:c,parent:li()},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+le.ca+"&cx=c";Oo()&&(f+="&sign="+le.Zd);var g=ue||we?No(b,f):void 0;g||(g=xl("https://","http://",le.od+f));fi().destination[a]={state:1,context:c,parent:li()};Hb(g)}};function Po(){if(di()){return!0}return!1};var So=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),To={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Uo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "{state:0,transportUrl:b,context:c,parent:Ll()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Kh.ia+"&cx=c";os()&&(f+="&sign="+Kh.Re);var g=Th||Vh?ns(b,f):void 0;g||(g=Zo("https://","http://",Kh.ue+f));Fl().destination[a]={state:1,context:c,parent:Ll()};mc(g)}};function ps(){if(Dl()){return!0}return!1};var ss=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ts={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},us={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var ew=function(a,b,c){function d(){var g=a();f+=e?(Va()-e)*g.playbackRate/1E3:0;e=Va()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Kg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Kg*h):Math.round(n.Hi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Nk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Hv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "[]);if(!g.length)return!0;var h=rx(a,c,e);P(121);"https://www.facebook.com/tr/"===h["gtm.elementUrl"]&&P(122);if(T(79)&&"https://www.facebook.com/tr/"===h["gtm.elementUrl"])return!0;if(d&&f){for(var m=fb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},ux=function(){var a=[],b=function(c){return Ka(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);" (Indicator: "facebook.com")\n "var my=function(a,b,c,d,e){var f=Lv("fsl",c?"nv.mwt":"mwt",0),g;g=c?Lv("fsl","nv.ids",[]):Lv("fsl","ids",[]);if(!g.length)return!0;var h=Hv(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);P(121);"https://www.facebook.com/tr/"===m&&P(122);if(T(79)&&"https://www.facebook.com/tr/"===m)return!0;h["gtm.elementUrl"]=m;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&" (Indicator: "facebook.com")\n "b,"vert.pix");break;case "PERCENT":My(d.verticalThresholds,b,"vert.pct")}Lv("sdl","init",!1)?Lv("sdl","pending",!1)||J(function(){return Ny()}):(Jv("sdl","init",!0),Jv("sdl","pending",!0),J(function(){Ny();if(Oy()){var e=Py();qc(z,"scroll",e);qc(z,"resize",e)}else Jv("sdl","init",!1)}));return b}Ty.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Uy=["www.youtube.com","www.youtube-nocookie.com"],Vy,Wy=!1;" (Indicator: "youtube")\n "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Fg:d,Dg:e,Eg:f,jh:g,kh:h,Qd:m,ib:b},p=z.YT,q=function(){bz(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(ez(w,"iframe_api")||ez(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Wy&&cz(x[A],n.Qd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "Wy=!0,b});return b}fz.N="internal.enableAutoEventOnYouTubeActivity";var gz;function hz(a){var b=!1;return b}hz.N="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "* Copyright 2011-2018 Twitter, Inc." (Indicator: "twitter")\n "if (!window.isInIFrame && /twitter/i.test(navigator.userAgent) && window.playerConfig.video.url) {" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar300.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id'185.199.110.153
2023-05-12 03:24:50CountryNoCountry Name Extractor0030NoneUnited Statesacilacikveteriner.com
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneRumbleUser (Category: political) https://rumble.com/user/loginlogin
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007us.github.io] https://www.openphish.com/feed.txt007us.github.io
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-oo.github.io185.199.111.153
2023-05-12 02:50:15Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: c7:83:d8:18:48:a0:26:ac:0e:41:bf:5e:7d:c6:c3:07 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Jan 17 09:16:26 2023 GMT Not After : Apr 17 09:16:25 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c9:69:39:93:28:ab:3e:d3:a5:d5:a5:72:cd:be: 43:92:fc:b1:41:1e:65:40:ba:b6:a5:98:c9:0a:c1: 0a:16:38:c6:f0:6f:13:8a:f1:50:6e:63:c7:c9:4d: 3d:84:6a:35:2b:f1:16:92:ef:9c:26:1f:97:22:55: e7:7e:fd:a5:40:94:99:7b:2a:b2:9f:89:9a:e1:30: e0:1b:38:af:f1:7d:fe:1d:f3:e2:fc:ad:49:66:7b: 1e:5b:c2:73:59:c0:35:17:1a:cb:8b:a8:f6:c4:6d: b8:77:b7:bc:64:fb:68:2f:62:4e:80:30:15:70:8f: 2d:50:8e:a9:f6:b0:b5:02:42:f1:48:e2:81:92:3e: 44:a6:5b:69:a6:54:e5:ee:c1:74:2a:c1:ec:11:dc: 59:f2:1e:65:9f:eb:94:d2:24:cd:99:20:ee:91:26: 11:c9:44:8f:62:f0:c5:34:f8:77:d4:9d:29:a7:42: e2:30:2c:71:73:82:02:34:4e:a9:30:9a:b9:ab:95: 0a:72:71:e0:79:05:25:70:cd:6a:cc:a1:b4:51:7d: 04:6f:2b:68:12:e1:a4:1d:84:68:0d:5c:76:58:33: de:fd:16:f6:1b:5f:7b:dc:4d:c0:66:3d:ae:d0:46: c8:c8:e1:83:f9:b8:7a:33:57:f8:8e:90:08:fd:c7: e2:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 31:FB:31:C7:D3:F3:CF:11:AF:91:FA:E4:71:40:41:2F:C4:66:90:11 X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/mFVJO6PGh8g CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/Zn3bDrcK0Gs.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 8f:de:2d:05:92:69:48:3c:56:fc:22:08:a2:35:bd:c8:57:65: b5:6f:33:0c:aa:bc:76:e8:1d:42:77:47:bc:ae:0e:80:ed:dd: d3:8e:f7:0f:aa:49:99:2e:fb:bb:2f:e3:ed:b0:fc:04:11:23: 70:ae:f2:d5:ad:55:18:89:fd:c2:f1:f7:ab:64:01:10:ce:86: 6e:5a:5f:19:d1:b4:39:19:cf:7c:c2:bd:e3:c7:5a:bd:91:f4: 86:d0:db:9a:02:e1:5f:ff:08:f2:7f:c9:ca:5d:f9:53:49:db: 4d:e4:6b:a2:d8:53:33:76:e9:c8:7d:9b:a1:37:1c:e1:fd:14: c0:c4:e2:28:fe:cc:ba:5c:25:d8:86:52:ce:0d:c5:7f:e7:b5: d9:3e:e1:65:14:17:4f:8c:55:fc:01:58:43:fe:c7:c5:4b:26: e2:ea:0b:c9:ff:2c:52:b5:ab:00:e9:06:49:51:c2:01:ca:b5: 6a:c4:ae:a2:17:c3:86:ec:ec:a7:72:a4:4e:b6:4e:3e:d9:0b: df:8f:84:de:6a:96:ce:0d:8d:26:ac:b2:5c:45:1f:a0:e5:df: 88:dd:84:9f:fe:46:1e:e9:a2:91:bb:ae:08:4d:ff:a2:51:db: 43:d0:e5:a3:df:91:dd:52:a9:23:85:54:e1:34:57:f4:c7:f8: 24:6b:63:ba
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneMicrosoft websitesbattleb0t.github.io
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-proxy-cache: MISS{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:00:26Affiliate - Email AddressNoE-Mail Address Extractor0040Nonechacha20-poly1305@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.142): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:53:52HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["80B6:49F3:235A56C:358722C:645CDF0C"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-kigq8000067-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683808012.126331,VS0,VE23"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["68f03409faf68cb6eb3782ac00da0088b30b8906"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}2606:50c0:8003::153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAlparslan (Net ID: 00:08:5C:FF:1B:97)40.2024, 29.0398
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c57adae9fbb90f2-FRA Content-Encoding: gzip 188.114.96.1
2023-05-12 02:55:05Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T00:44:58.534Z", "ip": "188.114.97.1", "location_updated_at": "2023-04-29T21:54:15.361063Z", "autonomous_system_updated_at": "2023-04-29T21:54:15.361178Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"karriere-job-booster.com": {"record_type": "A", "resolved_at": "2023-04-22T14:40:02.799652037Z"}, "landing.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-15T13:31:47.102980654Z"}, "barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-11-07T14:46:42.708236475Z"}, "www.barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-14T14:46:07.712552308Z"}, "en.jahanbaygan.com": {"record_type": "A", "resolved_at": "2022-12-02T13:39:13.675188752Z"}, "www.clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-04-18T20:54:02.995698546Z"}, "stafferty.lt": {"record_type": "A", "resolved_at": "2022-11-13T15:02:07.210831297Z"}, "total-ev-charge.com": {"record_type": "A", "resolved_at": "2023-04-10T16:35:40.386710867Z"}, "smtp.sharoshop.com": {"record_type": "A", "resolved_at": "2022-10-23T14:06:43.660097027Z"}, "question-orthographe.net": {"record_type": "A", "resolved_at": "2022-12-25T11:23:33.248567488Z"}, "edu.rabinia.com": {"record_type": "A", "resolved_at": "2022-10-25T13:57:12.441109542Z"}, "mail.mardinscarf.com": {"record_type": "A", "resolved_at": "2022-11-01T13:38:25.278618273Z"}, "wolny.poker": {"record_type": "A", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "www.alvandcenter.com": {"record_type": "A", "resolved_at": "2022-11-07T12:46:16.283141371Z"}, "www.les1000volets.com": {"record_type": "A", "resolved_at": "2022-10-12T13:36:36.298008873Z"}, "web3rh.tk": {"record_type": "A", "resolved_at": "2023-02-20T04:15:37.204816270Z"}, "cisp.su": {"record_type": "A", "resolved_at": "2023-05-03T21:53:16.954543221Z"}, "megafrica.ao": {"record_type": "A", "resolved_at": "2022-10-02T12:04:18.005028285Z"}, "ftp.baharelm.ir": {"record_type": "A", "resolved_at": "2023-01-11T15:16:43.150193914Z"}, "dl.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-26T15:24:28.844795223Z"}, "www.mrandmrsdesousa.co.uk": {"record_type": "A", "resolved_at": "2023-01-03T16:16:24.443812711Z"}, "barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-15T14:22:57.320001219Z"}, "finalsfootyfantasy.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:32.701218324Z"}, "inthemachine.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:39.481058126Z"}, "api.snoor.shop": {"record_type": "A", "resolved_at": "2022-11-22T01:28:36.076229399Z"}, "www.shop.charkhak.ir": {"record_type": "A", "resolved_at": "2022-10-14T15:11:46.056786726Z"}, "www.irancamping.com": {"record_type": "A", "resolved_at": "2022-10-13T13:47:56.298914617Z"}, "emberstreet.rocks": {"record_type": "A", "resolved_at": "2023-05-01T02:31:05.910468718Z"}, "www.sanayepishro.com": {"record_type": "A", "resolved_at": "2022-10-23T11:24:26.165823422Z"}, "bezi386.xyz": {"record_type": "A", "resolved_at": "2023-03-16T01:18:53.784985236Z"}, "www.vitanco.com.mx": {"record_type": "A", "resolved_at": "2023-04-23T18:35:54.572453429Z"}, "stafferty.lv": {"record_type": "A", "resolved_at": "2022-11-12T15:01:01.637935320Z"}, "www.otherend.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:39.580563012Z"}, "clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-05-07T21:19:52.237134340Z"}, "oscord.net": {"record_type": "A", "resolved_at": "2023-05-07T20:04:57.891682634Z"}, "mail.bokharsanat.com": {"record_type": "A", "resolved_at": "2023-04-28T14:34:55.423339504Z"}, "irancamping.com": {"record_type": "A", "resolved_at": "2022-10-07T10:43:58.475530009Z"}, "www.barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-10-10T14:59:00.508858938Z"}, "beautybeyondhair.buzz": {"record_type": "A", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "www.oxinpc.ir": {"record_type": "A", "resolved_at": "2022-10-09T15:06:46.974209710Z"}, "www.ostrovok.net": {"record_type": "A", "resolved_at": "2023-05-07T20:05:01.309575808Z"}, "centrumpedikury.sk": {"record_type": "A", "resolved_at": "2022-10-02T16:33:19.851015297Z"}, "uncoveryourconfidence.org": {"record_type": "A", "resolved_at": "2023-05-01T20:11:56.835607536Z"}, "dubuy.dk": {"record_type": "A", "resolved_at": "2023-05-04T17:27:40.171255307Z"}, "mail.lskala.com": {"record_type": "A", "resolved_at": "2023-01-21T13:35:04.083346865Z"}, "compete.pics": {"record_type": "A", "resolved_at": "2023-05-03T21:18:20.511512892Z"}, "karriere-job-booster.at": {"record_type": "A", "resolved_at": "2023-04-12T21:48:57.147456694Z"}, "mail.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "fi.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-05-01T14:32:55.216085423Z"}, "assistant.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-11-15T19:04:22.316842630Z"}, "oytunjivillage.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:58.523823601Z"}, "beautybeyondhair.net": {"record_type": "A", "resolved_at": "2023-03-30T19:32:04.069794297Z"}, "ftp.netrobotic.ir": {"record_type": "A", "resolved_at": "2023-04-04T18:41:04.300955582Z"}, "faryabkhabar.ir": {"record_type": "A", "resolved_at": "2022-12-17T14:50:17.458081363Z"}, "de.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-04-28T15:19:37.298278045Z"}, "demo.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-24T14:59:01.147426415Z"}, "les1000volets.com": {"record_type": "A", "resolved_at": "2022-10-11T03:19:20.280901310Z"}, "lt.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-24T13:34:44.275517531Z"}, "diacounneirepuhar.ml": {"record_type": "A", "resolved_at": "2023-02-18T02:32:50.074200205Z"}, "mybots.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-12-02T15:15:41.628857633Z"}, "e-rundev.ir": {"record_type": "A", "resolved_at": "2023-05-07T17:49:10.633989137Z"}, "ectasy.wtf": {"record_type": "A", "resolved_at": "2023-05-05T04:39:30.020839530Z"}, "hola.organizoo.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:38.886997403Z"}, "pop.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-18T13:44:12.923874025Z"}, "www.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-16T17:06:44.448663582Z"}, "ritta.app": {"record_type": "A", "resolved_at": "2023-04-20T12:15:33.428852719Z"}, "odenneszolaca.cf": {"record_type": "A", "resolved_at": "2023-02-17T02:27:33.470439994Z"}}, "names": ["www.clinic.tanyar.org", "beautybeyondhair.buzz", "bezi386.xyz", "api.snoor.shop", "mail.mardinscarf.com", "compete.pics", "les1000volets.com", "megafrica.ao", "www.oxinpc.ir", "demo.jamalghamari.com", "cisp.su", "emberstreet.rocks", "total-ev-charge.com", "dl.jamalghamari.com", "inthemachine.com.au", "lt.makingprojec.com", "irancamping.com", "stafferty.lv", "www.wolny.poker", "barbecue-masters.dk", "stafferty.lt", "www.shop.charkhak.ir", "barbecuemasters.dk", "question-orthographe.net", "smtp.sharoshop.com", "www.mrandmrsdesousa.co.uk", "ftp.netrobotic.ir", "www.ostrovok.net", "oytunjivillage.net", "edu.rabinia.com", "ritta.app", "ftp.baharelm.ir", "landing.makingprojec.com", "www.irancamping.com", "wolny.poker", "e-rundev.ir", "web3rh.tk", "beautybeyondhair.net", "uncoveryourconfidence.org", "mybots.amirhsvip.ir", "www.vitanco.com.mx", "mail.lskala.com", "www.les1000volets.com", "faryabkhabar.ir", "finalsfootyfantasy.com.au", "ectasy.wtf", "assistant.amirhsvip.ir", "karriere-job-booster.at", "www.barbecue-masters.dk", "karriere-job-booster.com", "centrumpedikury.sk", "odenneszolaca.cf", "www.sanayepishro.com", "www.barbecuemasters.dk", "clinic.tanyar.org", "dubuy.dk", "mail.wolny.poker", "www.otherend.net", "hola.organizoo.net", "pop.makingprojec.com", "oscord.net", "diacounneirepuhar.ml", "en.jahanbaygan.com", "fi.helsinkicard.com", "www.alvandcenter.com", "mail.bokharsanat.com", "de.helsinkicard.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://188.114.97.1/"}, "response": {"body": "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js ie7 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 8]> <html class=\"no-js ie8 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if gt IE 8]><!--> <html class=\"no-js\" lang=\"en-US\"> <!--<![endif]-->\n<head>\n<title>Direct IP access not allowed | Cloudflare</title>\n<meta charset=\"UTF-8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"robots\" content=\"noindex, nofollow\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\" />\n<link rel=\"stylesheet\" id=\"cf_styles-css\" href=\"/cdn-cgi/styles/main.css\" />\n\n\n<script>\n(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){var c=document.getElementById(\"error-feedback-survey\"),d=document.getElementById(\"error-feedback-success\"),b=new XMLHttpRequest;a={event:\"feedback clicked\",properties:{errorCode:1003,helpful:a,version:1}};b.open(\"POST\",\"https://sparrow.cloudflare.com/api/v1/event\");b.setRequestHeader(\"Content-Type\",\"application/json\");b.setRequestHeader(\"Sparrow-Source-Key\",\"c771f0e4b54944bebf4261d44bd79a1e\");\nb.send(JSON.stringify(a));c.classList.add(\"feedback-hidden\");d.classList.remove(\"feedback-hidden\")};document.addEventListener(\"DOMContentLoaded\",function(){var a=document.getElementById(\"error-feedback\"),c=document.getElementById(\"feedback-button-yes\"),d=document.getElementById(\"feedback-button-no\");\"classList\"in a&&(a.classList.remove(\"feedback-hidden\"),c.addEventListener(\"click\",function(){e(!0)}),d.ad188.114.97.1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBikemap (Category: health) https://www.bikemap.net/en/u/login/routes/created/login
2023-05-12 03:03:27Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.nwapi.battleb0t.xyz
2023-05-12 02:56:51Internet NameNoDNS Resolver0030Nonenwapi2.battleb0t.xyz[{"url": "https://nwapi2.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi2.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [akashpmani.github.io] https://www.openphish.com/feed.txtakashpmani.github.io
2023-05-12 03:03:20Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-fog.github.io
2023-05-12 02:54:13Web Content TypeNoWeb Spider0010Nonetext/html;charset=utf-8ayhu.xyz
2023-05-12 03:09:59Affiliate - Domain NameNoDNS Resolver2050Noneamcodev.mestage-sdb-n1-fra1.amcodev.me
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f6041aa868cdc-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:23:25Open TCP PortNoPulsedive0030None188.114.96.8:8080188.114.96.0/24
2023-05-12 03:12:16Affiliate - Domain WhoisNoWhois0060None% Copyright (c)2023 by NIC.AT (1) % % Restricted rights. % % Except for agreed Internet operational purposes, no part of this % information may be reproduced, stored in a retrieval system, or % transmitted, in any form or by any means, electronic, mechanical, % recording, or otherwise, without prior permission of NIC.AT on behalf % of itself and/or the copyright holders. Any use of this material to % target advertising or similar activities is explicitly forbidden and % can be prosecuted. % % It is furthermore strictly forbidden to use the Whois-Database in such % a way that jeopardizes or could jeopardize the stability of the % technical systems of NIC.AT under any circumstances. In particular, % this includes any misuse of the Whois-Database and any use of the % Whois-Database which disturbs its operation. % % Should the user violate these points, NIC.AT reserves the right to % deactivate the Whois-Database entirely or partly for the user. % Moreover, the user shall be held liable for any and all damage % arising from a violation of these points. domain: beatrixhaller.at registrar: easyname GmbH ( https://nic.at/registrar/414 ) registrant: <data not disclosed> tech-c: <data not disclosed> nserver: ns1.easyname.eu nserver: ns2.easyname.eu changed: 20220307 12:53:33 source: AT-DOM beatrixhaller.at
2023-05-12 03:22:52Open TCP PortNoPulsedive0020None188.114.96.1:80188.114.96.1
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneJDKolgen (Net ID: 00:0C:F6:CC:40:31)50.8897, 6.0563
2023-05-12 02:53:32Netblock MembershipNoCensys0020None185.199.111.0/24185.199.111.153
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None00arthur00.github.io185.199.111.153
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0140NoneGitHub.com{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 02:45:56Physical CoordinatesNoAbstractAPI0040None39.0469, -77.49032600:1f18:2489:8201::c8
2023-05-12 02:57:42Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.vrcarena.com/species/dQLXfvdRHnc8JmSFeTy1/avatar', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "142.251.211.234:443"\n "142.251.215.232:443"\n "142.250.217.99:443"\n "52.85.247.97:443"\n "142.250.69.206:443"\n "104.18.27.135:443"\n "52.85.247.24:443"\n "54.230.18.97:443"\n "104.244.42.200:443"\n "142.250.217.80:443"\n "52.85.247.96:443"\n "104.46.162.224:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6844:120:WilError_01"\n "Local\\SM0:6596:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:6596:120:WilError_01"\n "Local\\SM0:6844:304:WilStaging_02"\n "Local\\SM0:6844:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6844:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4044:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\6844_544713811\\Part-RU]- [targetUID: 00000000-00006844]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006844]\n "f_00023e" has type "gzip compressed data last modified: Wed Nov 2 19:43:37 2022 from Unix original size modulo 2^32 98857"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006844]\n "84e68c01236e4db9_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\84e68c01236e4db9_0]- [targetUID: 00000000-00006844]\n "c36ee6c5c3d6defa_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\c36ee6c5c3d6defa_0]- [targetUID: 00000000-00006844]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ZxcvbnData\\3.0.0.0\\manifest.fingerprint]- [targetUID: 00000000-00006844]\n "4c619ea7-d902-43ed-b735-14327b833f02.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4c619ea7-d902-43ed-b735-14327b833f02.tmp]- [targetUID: 00000000-00006844]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6844_2131939810\\shopping_iframe_driver.js]- [targetUID: 00000000-00006844]\n "96de8815-40a5-4b15-9b75-d58711f01a5f.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\96de8815-40a5-4b15-9b75-d58711f01a5f.tmp]- [targetUID: 00000000-00006844]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 50230"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00006896]\n "3cec8455-ee81-40cf-a112-d3662d1d59c2.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\3cec8455-ee81-40cf-a112-d3662d1d59c2.tmp]- [targetUID: 00000000-00006896]\n "4491cd861a319b67_0" has type "data"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6844_2131939810\\shopping.js]- [targetUID: 00000000-00006844]\n "c0110775-0c41-4f39-bee8-7b05c4fac42c.tmp" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6844_2131939810\\auto_open_controller.js]- [targetUID: 00000000-00006844]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\6844_2018864076\\deny_domains.list]- [targetUID: 00000000-00006844]\n "ec03c6bc0dd41943_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\ec03c6bc0dd41943_0]- [targetUID: 00000000-00006844]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\WebStorage\\QuotaManager-journal]- [targetUID: 00000000-00006844]\n "Part-NL" has type "PGP symmetric key encrypted data -"- Location: [%TEMP%\\6844_544713811\\Part-NL]- [targetUID: 00000000-00006844]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006844]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.vrcarena.com/species/dQLXfvdRHnc8JmSFeTy1/avatar"\n Pattern match: "https://www.vrcarena.com"\n Heuristic match: "_11__vlcarena.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\6844_2131939810\\shopping_iframe_driver.js]- [targetUID: 00000000-00006844]\n Dropped file: "shopping.js" - Location: [%TEMP%\\6844_2131939810\\shopping.js]- [targetUID: 00000000-00006844]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\6844_2131939810\\auto_open_controller.js]- [targetUID: 00000000-00006844]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\6844_2131939810\\shoppingfre.js]- [targetUID: 00000000-00006844]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\6844_2131939810\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006844]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\6844_2131939810\\edge_tracking_page_validator.js]- [targetUID: 00000000-00006844]\n Dropped file: "product_page.js" - Location: [%TEMP%\\6844_2131939810\\product_page.js]- [targetUID: 00000000-00006844]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\6844_544713811\\adblock_snippet.js]- [targetUID: 00000000-00006844]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\6844_2131939810\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006844]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\6844_544713811\\Part-RU]- [targetUID: 00000000-00006844]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE4-12250267518\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d0313995-11ad-4fbc-ac47-fb134ed2e3e0" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE6-28199932469\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\1f4ff203-90ab-4416-938f-e487c16d6306" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE4-28209209127\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\OptimizationGuidePredictionModels" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE6-42546228845\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EntityExtraction" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE4-80289175563\n "C:\\Users\\HAPUBWS\\AppData\\Local34.148.97.127
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.182): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:21Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-tikaro.github.io
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneReddit (Category: social) https://www.reddit.com/user/battleb0tbattleb0t
2023-05-12 02:54:13Web Content TypeNoWeb Spider0040Nonetext/html;charset=utf-8https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs
2023-05-12 03:00:51Co-Hosted SiteNoHackerTarget2020None000.lt185.199.111.153
2023-05-12 03:35:41Raw Data from RIRsNoipapi.co0030None{u'region_code': u'LI', u'country_tld': u'.nl', u'ip': u'45.131.109.53', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 17231017, u'country_code': u'NL', u'timezone': u'Europe/Amsterdam', u'city': u'Eygelshoven', u'network': u'45.131.109.0/24', u'languages': u'nl-NL,fy-NL', u'version': u'IPv4', u'latitude': 50.8897, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Netherlands', u'country_capital': u'Amsterdam', u'org': u'SYNLINQ', u'postal': u'6471', u'asn': u'AS44486', u'country': u'NL', u'region': u'Limburg', u'longitude': 6.0563, u'country_calling_code': u'+31', u'country_area': 41526.0, u'country_code_iso3': u'NLD'}45.131.109.53
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.225): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneEminent_5G (Net ID: 00:14:5C:91:C2:74)50.8897, 6.0563
2023-05-12 03:00:51Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.77): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/withat_4.jpghttps://funny.battleb0t.xyz/
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneAirport ST FRA (Net ID: 00:02:2D:07:C4:ED)50.1188, 8.6843
2023-05-12 02:45:25Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://espressif.github.io/esptool-js/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3628"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_IE_EarlyTabStart_0x76c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_ConnHashTable<3628>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_e2c_IE_EarlyTabStart_0x76c_Mutex"\n "IsoScope_e2c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.11.207:443"\n "151.101.1.229:443"\n "142.250.191.42:443"\n "142.250.189.234:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "cdn.jsdelivr.net"\n "espressif.github.io"\n "fonts.googleapis.com"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "bootstrap.min_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"esp-logo_1_.png" has type "PNG image data 200 x 200 8-bit/color RGB non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "xterm.min_1_.js" has type "data"- [targetUID: N/A]\n "crypto-js_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003628]\n "esp-logo_1_.png" has type "PNG image data 200 x 200 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003628]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF89E15DF29DBA29AC.TMP" has type "data"- Location: [%TEMP%\\~DF89E15DF29DBA29AC.TMP]- [targetUID: 00000000-00003628]\n "~DF11E296B765867100.TMP" has type "data"- Location: [%TEMP%\\~DF11E296B765867100.TMP]- [targetUID: 00000000-00003628]\n "~DFDF1C77609DE36ABC.TMP" has type "data"- Location: [%TEMP%\\~DFDF1C77609DE36ABC.TMP]- [targetUID: 00000000-00003628]\n "~DFE2D69294CDF7FEC7.TMP" has type "data"- Location: [%TEMP%\\~DFE2D69294CDF7FEC7.TMP]- [targetUID: 00000000-00003628]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "index_1_.js" has type "Java source ASCII text"- [targetUID: N/A]\n "_4D0457A1-EE71-11ED-B780-080027413500_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._4D04579F-EE71-11ED-B780-080027413500_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_54818866-EE71-11ED-B780-080027413500_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "urlref_httpsespressif.github.ioesptool-js" has type "HTML document ASCII text"- [targetUID: N/A]\n "xterm_1_.css" has type "ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "PZPOVD2E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PZPOVD2E.txt]- [targetUID: 00000000-00003628]\n "LC3EP32V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LC3EP32V.txt]- [targetUID: 00000000-00003628]\n "OOO5AMX1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOO5AMX1.txt]- [targetUID: 00000000-00003628]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "css_1_.css" has type "ASCII text"- [targetUID: N/A]\n "KXCE27YI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KXCE27YI.txt]- [targetUID: 00000000-00003628]\n "ZDDLZ4C8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZDDLZ4C8.txt]- [targetUID: 00000000-00003628]\n "2YDQ0988.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2YDQ0988.txt]- [targetUID: 00000000-00003628]\n "Z9ELHG1D.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Z9ELHG1D.txt]- [targetUID: 00000000-00003628]\n "esptool-js_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://espressif.github.io/esptool-js/"\n Pattern match: "https://espressif.github.io"\n Pattern match: "https://espressif.github.io/esptool-js"\n Pattern match: "8cu.mP/n9kjk@$x8qf.3|`,gC/?\'.75ee&-S9ZQPB=z8`VLf&*c,VVkyg=/4Q?Ecr`u:ml35&sDTF!F@nm.A"\n Pattern match: "https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css"\n Pattern match: "https://github.com/chjj/term.js"\n Pattern match: "SUIDmicrosoft.com/9216302719590431032051132555703631031934MUID1D8C8FE0DEC66C4D23ED9CECDF8A6DCCmicrosoft.com/1025315968512031110405132555703631031934_EDGE_Vmicrosoft.com/9216315968512031110405132571328631031934SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216302719590431032051132555703631031934MUID1D8C8FE0DEC66C4D23ED9CECDF8A6DCCmicrosoft.com/1025315968512031110405132555703631031934SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/9216302719590431032051132555703631031934SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mi"\n Pattern match: "https://fonts.gstatic.com/s/orbitron/v29/yMJMMIlzdpvBhQQL_SC3X9yhF25-T1nyGy6BoWg1.woff"\n Pattern match: "9216315968512031110405132915078631031934MUID2F6B3FECBAF36563318B2CE0BB7764BEmsn.com/1025315968512031110405132915078631031934"\n Pattern match: "MUIDB1D8C8FE0DEC66C4D2185.199.111.153
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneUnited Statesclientify.net
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneVero (Category: art) https://vero.co/loginlogin
2023-05-12 02:56:52Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1: a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99: 22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a: be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6: 21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f: cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4: d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e: c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e: cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2: 17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62: e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64: f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b: 5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc: 63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e: df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3: 58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb: f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa: 05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91: f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe: b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b: 03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40: 44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74: 54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27: 4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28: 32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97: 57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6: 26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8: 43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d: f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9: b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c: 1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9: ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39: 9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76: 9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10: eb:dc:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 29:76:7a:56:81:b0:95:01:3f:0a:9d:7d:c4:e5:17:5f:14:64: 31:1f:ff:e8:89:b7:73:d0:e5:48:95:94:90:79:71:5f:5e:bd: 11:57:2e:35:46:0a:d0:46:0d:68:f1:c5:7a:ea:d2:5c:76:4c: 32:7a:df:e5:15:1f:4c:85:80:9e:03:4d:56:80:ad:4b:2c:6b: b1:00:96:20:ff:02:5c:fe:b3:6b:a4:df:10:d7:1a:34:e6:05: 8a:93:ce:43:93:43:f0:21:83:34:dd:3b:5d:cd:02:a2:f7:69: 01:e6:a2:9d:c4:0a:00:06:c9:25:8d:66:34:7e:e7:56:fc:96: 0c:11:f2:15:8e:1b:ee:a8:bc:70:25:91:eb:fa:be:46:78:f9: 43:e5:48:f9:88:3a:38:53:b4:c2:e1:83:7c:30:6a:d7:b6:1a: 08:51:7a:03:5c:ed:3d:25:45:1e:03:b4:ab:40:92:83:1a:fd: 41:7d:5f:d2:40:54:63:0d:0f:36:db:fd:2f:13:eb:5b:2e:6b: 08:c3:7d:13:ce:a1:6a:1d:ba:e8:54:c7:19:87:ff:c8:d8:2e: 77:d7:9f:17:34:29:b1:63:1a:a3:70:9f:2d:0d:32:ff:45:66: 9c:81:e8:0c:a2:cc:74:6a:75:0f:61:f4:74:74:89:88:86:e3: ba:d0:68:2d
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010Nonewattpad (Category: social) https://www.wattpad.com/user/ayshooayshoo
2023-05-12 03:11:17Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Amsterdam', u'security': {u'is_vpn': False}, u'city_geoname_id': 2759794, u'region_geoname_id': 2749879, u'country': u'Netherlands', u'region': u'North Holland', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'CloudFlare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/NL_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/NL_flag.png', u'unicode': u'U+1F1F3 U+1F1F1', u'emoji': u'\U0001f1f3\U0001f1f1'}, u'postal_code': u'1012', u'longitude': 4.8975, u'country_code': u'NL', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Amsterdam', u'current_time': u'05:11:16'}, u'latitude': 52.3759, u'country_geoname_id': 2750405, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'188.114.96.1', u'continent': u'Europe', u'region_iso_code': u'NH'}188.114.96.1
2023-05-12 03:11:26Physical LocationNoAbstractAPI0030NoneArizona, United States+14806242599
2023-05-12 02:45:34Raw DNS RecordsNoDNS Raw Records0010Nonebattleb0t.xyz. 300 IN TXT "v=spf1 include:_spf.mx.cloudflare.net ~all"battleb0t.xyz
2023-05-12 02:54:13HTTP Status CodeNoWeb Spider0110None403ayhu.xyz
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.39): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:41HTTP HeadersNoCensys0030None{"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06QWFV48ACFBYY7E5EAJW1H"], "Server": ["Netlify"]}104.196.30.220
2023-05-12 03:33:44Raw File Meta DataNoBinary String Extractor0040None!22222222222222222222222222222222222222222222222222 sH GN t5ad C'Y2z OB:`S pF>oj OQTeuy YYK`s gnqV N9FX6 EQY66 1pO'94 pj'R7pz` 0Kdes xnj $ Zx<g? X2r:z T/z`A G'?QN $RpG9 Vdrnr1 mP0>Lc 1RNG\T Uwp9' YYWvz Ru?wnz a$$cp m?/_J kFpFv 2OAMYI ``VZH .NGAM yG`<c lr@?L h`NFx @JgR I?w<f E BY8 <7LqQH jLbFC0 .jG30 <.Y@O sY_kV$ `-vSX OOjLp 1D!@ ww P' vOpjN 0?.qOY 1UONy 8nGqXW0 cQ2-c 5RG8 H Gb:UW HIRA ?q'fq 7aG'x R`k xPW HC$vf P2W$g FNGP3 :TerT :sP1U qhoSo 'wwEU o_ZiP nbO\qS .Ojvv EUbNTrI 5mPdRF Df9`q JVfrI r0r3SF j0AbHa oBwg> COv!FO9 XM.Iz I@V98 1QH@bG'8 .A`A< i2wpIa 5 b V .0G5NR1 H`ePs !?36H j9c!A t4.Vel U\D!I H09'q Nj\JL fE''p Ilg4 <dRIa" pFH'q' i9'9? uO_Z\ XiH`G $pqJwd n5px$ 6GzyUhttps://pics.battleb0t.xyz/images/random_2.jpeg
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.94): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:45:40Physical CoordinatesNoAbstractAPI94020None34.0544, -118.244185.199.111.153
2023-05-12 02:44:04Raw Data from RIRsNoTool - WAFW00F0010None[{"url": "https://battleb0t.xyz", "firewall": "Fastly", "detected": true, "manufacturer": "Fastly CDN"}, {"url": "https://battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]battleb0t.xyz
2023-05-12 02:44:40Affiliate - Domain NameNoDNS Resolver2040Nonegoogleusercontent.com220.30.196.104.bc.googleusercontent.com
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.234): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.126): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050Noneow.ly (Category: social) http://ow.ly/user/AltpapierAltpapier
2023-05-12 02:54:15Linked URL - ExternalNoWeb Spider2030Nonehttps://github.com/Altpapier/SkyHelperAPI/issueshttps://nwapi2.battleb0t.xyz/
2023-05-12 03:24:21HTTP HeadersNoWeb Spider10020None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}https://ayhu.xyz/lol.html
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020None* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 87.248.157.102
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneUECTouch (Net ID: 00:18:0A:7A:D6:B0)32.8608, -79.9746
2023-05-12 02:54:17Netblock IPv6 MembershipNoCensys0040None2606:4700:3037::/482606:4700:3037::6815:470e
2023-05-12 03:03:29Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0036labs.github.io
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAG-EA (Net ID: 00:13:33:91:70:BC)40.2024, 29.0398
2023-05-12 03:09:55Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.105
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.122): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneMy Passport (2.4 GHz) - 0778A5 (Net ID: 00:00:C0:07:78:A5)37.780462,-122.390564
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:FA:75:55)33.617190550339146,-111.90827887019054
2023-05-12 02:45:31Malicious IP AddressYesPhishStats0120NonePhishstats [185.199.110.153] 185.199.110.153
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2087172.67.168.252
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonepgi50 (Net ID: 00:01:21:10:7A:10)37.7813933,-122.3918002
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneXPONENT (Net ID: 00:02:6F:C6:43:88)33.6170672,-111.90564645297056
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01101101.github.io] https://www.openphish.com/feed.txt01101101.github.io
2023-05-12 02:50:15Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://base32check.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3280:120:WilError_01"\n "Local\\SM0:2564:304:WilStaging_02"\n "Local\\SM0:2564:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:3280:304:WilStaging_02"\n "Local\\SM0:3280:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5760:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00003280]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003280]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003280]\n "702d1a59af9078e8_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\702d1a59af9078e8_0]- [targetUID: 00000000-00003280]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003280]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\3280_676834451\\shopping_iframe_driver.js]- [targetUID: 00000000-00003280]\n "1327ba10-b1f0-4f07-a4d5-ec916f8b3b9a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1327ba10-b1f0-4f07-a4d5-ec916f8b3b9a.tmp]- [targetUID: 00000000-00003280]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.fingerprint]- [targetUID: 00000000-00003280]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005824]\n "Part-ZH" has type "data"- Location: [%TEMP%\\3280_1262552392\\Part-ZH]- [targetUID: 00000000-00003280]\n "0af395f2-e575-4794-b38d-549209b43991.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\0af395f2-e575-4794-b38d-549209b43991.tmp]- [targetUID: 00000000-00003280]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003280]\n "8141af25-c36c-4d1c-b901-863b7ca6d582.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8141af25-c36c-4d1c-b901-863b7ca6d582.tmp]- [targetUID: 00000000-00003280]\n "87110fb3-e1ef-4309-8cc5-8ec59a11e326.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\87110fb3-e1ef-4309-8cc5-8ec59a11e326.tmp]- [targetUID: 00000000-00003280]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00003280]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00003280]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.12.1\\crl-set]- [targetUID: 00000000-00003280]\n "Session_13320197892362944" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13320197892362944]- [targetUID: 00000000-00003280]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\3280_1262552392\\adblock_snippet.js]- [targetUID: 00000000-00003280]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://base32check.org/"\n Pattern match: "https://base32check.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\3280_676834451\\shopping_iframe_driver.js]- [targetUID: 00000000-00003280]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\3280_1262552392\\adblock_snippet.js]- [targetUID: 00000000-00003280]\n Dropped file: "product_page.js" - Location: [%TEMP%\\3280_676834451\\product_page.js]- [targetUID: 00000000-00003280]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\3280_676834451\\shoppingfre.js]- [targetUID: 00000000-00003280]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\3280_676834451\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00003280]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\3280_676834451\\edge_checkout_page_validator.js]- [targetUID: 00000000-00003280]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\3280_676834451\\auto_open_controller.js]- [targetUID: 00000000-00003280]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\3280_676834451\\edge_tracking_page_validator.js]- [targetUID: 00000000-00003280]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00003280]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-43', u'name': u'Writes a PE file header to disc', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 6, u'description': u'"msedge.exe" wrote 8192 bytes starting with PE header signature to file "%TEMP%\\3280_724529871\\_platform_specific\\win_x64\\widevinecdm.dll": 4d5a78000100000004000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000780000000e1fff0e00ff09ff21ff014cff21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e2400005045000064ff0a00 ...'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"\n Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE"'}], u'threat_level': 0, u'size': None, u'job_id': u'63e18140d18c55450952de88', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': N185.199.110.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneThermiCam2Production TRC (Net ID: 00:05:FE:C6:35:F1)33.336199,-111.89446440830702
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5e6685bb0686ab-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}188.114.96.1
2023-05-12 03:43:29CountryNoCountry Name Extractor0070NoneAustria Domain Name: INFLANY.COM Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: http://www.world4you.com Updated Date: 2023-04-13T07:19:32Z Creation Date: 2022-04-12T14:21:11Z Registry Expiry Date: 2024-04-12T14:21:11Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.WORLD4YOU.AT Name Server: NS2.WORLD4YOU.AT DNSSEC: signedDelegation DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:42:43Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: inflany.com Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: https://www.world4you.com Updated Date: 2023-04-13T21:36:05Z Creation Date: 2022-04-12T14:21:11Z Registrar Registration Expiration Date: 2024-04-12T14:21:12Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: abuse@world4you.com Registrar Abuse Contact Phone: +43.73293035 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: AT Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AT Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: https://whoispro.domain-robot.org/whois/inflany.com Name Server: ns1.world4you.at Name Server: ns2.world4you.at DNSSEC: signedDelegation URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp # World4You Internet Services GmbH WHOIS service. # # The data in the World4You WHOIS database is provided to you by # World4You Internet Services GmbH for informational purposes only and # may be used to assist persons in obtaining information about or # related to a domain name registration record. # Except for agreed Internet operational purposes (such as register or # modify existing registrations), no part of this information may be # stored, reproduced or transmitted by any means. # World4You does not guarantee its accuracy. # # By submitting a WHOIS query, you agree that you will use this data # only for lawful purposes and that, under no circumstances, you will # use this data to # (1) allow, enable, or otherwise support the transmission of mass # unsolicited, commercial advertising or solicitations via E-mail # (spam); or # (2) enable high volume, automated, electronic processes that apply # to World4You (or its computer systems). # World4You reserves the right to modify these terms at any time. # By submitting this query, you agree to abide by this policy. # www.world4you.com - Your hostingprovider.at
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0150NoneNetlify{"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-nf-request-id": "01H06Y2YH7X6V06YSWWEW2NH9C", "content-type": "text/css; charset=UTF-8", "age": "0"}
2023-05-12 03:23:35Open TCP PortNoPulsedive0030None188.114.96.13:443188.114.96.0/24
2023-05-12 03:18:49Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18}https://pics.battleb0t.xyz/images/withat_3.jpg
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:36:07Open UDP PortNoTool - nbtscan1030None45.131.109.53:13745.131.109.53
2023-05-12 02:49:41Malicious IP AddressYesVirusTotal0120NoneVirusTotal [185.199.111.153] https://www.virustotal.com/en/ip-address/185.199.111.153/information/185.199.111.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-github-request-id: F620:0A4B:1087FED:17E0EF4:645DA7F4{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 02:57:21Internet NameNoCertificate Transparency2010Nonepanel.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:16:25UsernameNoAccount Finder6010NonedawidsulejDawid Sulej
2023-05-12 03:00:48Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.65): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5bed4978fe2c9b-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.96.1
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/carti_2.PNGhttps://pics.battleb0t.xyz/
2023-05-12 03:01:06Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.115): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneUSR9108 (Net ID: 00:14:C1:10:CB:2C)40.2024, 29.0398
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:99587.248.157.102
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider2030Nonehttps://pics.battleb0t.xyz/images/random_3.jpghttps://pics.battleb0t.xyz/
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneThe Batcave (Net ID: 00:11:32:7C:A3:89)50.8897, 6.0563
2023-05-12 02:52:54Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://t.length/5)+1),n', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://ltec.biz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ba8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ba8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ba8_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ba8_ConnHashTable<2984>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_ba8_IE_EarlyTabStart_0xea4_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2984"\n "IsoScope_ba8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"150.60.170.23:80"\n "183.181.98.34:80"\n "183.181.98.34:443"\n "69.16.175.10:443"\n "142.251.46.234:443"\n "185.199.108.153:443"\n "142.250.189.195:443"\n "20.125.62.241:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ltec.biz"\n "www.ltec-biz.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: ltec.biz\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"c.clarity.ms"\n "code.jquery.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "ltec.biz"\n "www.ltec-biz.com"\n "yubinbango.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")\n Found string "function $y(a,b){var c=this;return b}$y.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),az=["www.youtube.com","www.youtube-nocookie.com"],bz,cz=!1;" (Indicator: "dir "; File: "js_1_.js")\n Found string "function mz(a,b){var c=this;return b}mz.M="internal.enableAutoEventOnYouTubeActivity";var nz;function oz(a){var b=!1;return b}oz.M="internal.evaluateMatchingRules";" (Indicator: "dir "; File: "js_1_.js")\n Found string "<meta name="twitter:card" content="summary" />" (Indicator: "dir "; File: "0QMW5MWA.htm")\n Found string "<meta name="twitter:title" content=" " />" (Indicator: "dir "; File: "0QMW5MWA.htm")\n Found string "<meta name="twitter:description" content="LSI/\n" />" (Indicator: "dir "; File: "0QMW5MWA.htm")\n file/memory contains long string with (Indicator: "dir "; File: "gtm_2_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar134C.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"top-mv-img-02-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-bg-01_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-mv-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-mv-img-04-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-report-02-bg-01_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-06_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-05_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-feature-img-01-sp_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-feature-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "0-bg-text-06_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "0-bg-text-04_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-02_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-03_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "0-bg-text-05_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-recruit-img-01-sp_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-04_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-01_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-strengths-img-01-sp_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-strengths-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-recruit-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003076]\n "Cab134B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab134B.tmp]- [targetUID: 00000000-00003076]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{57fa0f5d-ea68-11ed-870b-08002755372b}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfb7efb9e3daa9514d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfb7efb9e3daa9514d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{57fa0f5d-ea68-11ed-870b-08002755372b}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{57fa0f5f-ea68-11ed-870b-08002755372b}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfaa00dfa09949a97d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniqu185.199.108.153
2023-05-12 02:44:21SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 Validity Not Before: Feb 21 00:00:00 2023 GMT Not After : Mar 20 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f: a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af: ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24: 29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09: 23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a: 5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed: f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99: 4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77: c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2: 38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3: f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57: 77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee: 3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76: b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1: 95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f: 43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97: 2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07: 24:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4 X509v3 Subject Key Identifier: 8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Feb 21 15:03:41.179 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD: F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24: D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25: A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53: A4:D8:EF:86:C7:5C:70:1A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6: 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5 Timestamp : Feb 21 15:03:41.162 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7: 09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3: 74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A: 04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37: AB:35:8B:24:23:B9:2B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Feb 21 15:03:41.130 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09: BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45: 49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98: 13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E: 4F:4E:1C:82:A5:B3 Signature Algorithm: sha256WithRSAEncryption 37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08: 1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79: 13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22: 8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37: 4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0: 4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43: 64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef: 4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c: f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a: fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da: 33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08: e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8: 28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96: d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75: 27:d0:e3:df 185.199.108.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAltan (Net ID: 00:12:BF:67:61:97)40.2024, 29.0398
2023-05-12 02:44:03UsernameNoSpiderFoot UI0000NoneDawixSulej"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 03:08:48Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.227104.196.30.220
2023-05-12 03:18:06URL (Uses Javascript)NoPage Information0030Nonehttp://funny.battleb0t.xyz<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:09:41Affiliate - Internet NameNoDNS Resolver0040None120.48.229.35.bc.googleusercontent.com35.229.48.120
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None0065paula.github.io185.199.111.153
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.152): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0070NoneNameCheap, Inc.Domain Name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2022-06-08T05:38:27Z Creation Date: 2022-06-03T05:37:56Z Registry Expiry Date: 2026-06-03T05:37:56Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-06-03T05:37:56.70Z Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:08:47Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.222104.196.30.220
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.209): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:27Linked URL - InternalNoURLScan.io4010Nonehttps://kekw.battleb0t.xyz/jarbattleb0t.xyz
2023-05-12 03:08:51Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12034.148.97.127
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Host": ["87.248.157.102:2091"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Restricted Area\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"]}87.248.157.102
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-oo.github.io] https://www.openphish.com/feed.txt0-oo.github.io
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneCarmen (Net ID: 00:00:28:F1:95:B9)41.8781, -87.6298
2023-05-12 02:45:34Physical LocationNoipapi.co0030NoneNorth Charleston, South Carolina, SC, United States, US34.74.170.74
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:60:35:51)33.6170672,-111.90564645297056
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes256-gcm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:8443188.114.97.1
2023-05-12 02:44:12Web TechnologyNoTool - Wappalyzer0020NoneNginxkekw.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneLichtensteiner (Net ID: 00:01:E3:57:D3:4C)50.1188, 8.6843
2023-05-12 02:54:51Open TCP PortNoCensys0030None34.74.170.74:8034.74.170.74
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c596497ac4b8134-ORD Content-Encoding: gzip 104.21.71.14
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneSuperonline_WiFi_7320 (Net ID: 00:02:61:5C:85:FF)40.2024, 29.0398
2023-05-12 03:09:37Affiliate - Internet NameNoDNS Resolver0040None226.30.196.104.bc.googleusercontent.com104.196.30.226
2023-05-12 02:44:17Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.111.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:24:48CountryNoCountry Name Extractor0040NoneGermanyFrankfurt am Main, Hesse, 60306, Germany, Europe
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:E5:E0:81)33.336199,-111.89446440830702
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:02:2D:09:F8:70)37.780462,-122.390564
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.171): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:29Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0031.github.io
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneThe Batcave (Net ID: 00:11:32:A4:B5:6D)50.8897, 6.0563
2023-05-12 02:44:06Domain WhoisNoWhois14010NoneDomain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice. ayhu.xyz
2023-05-12 03:18:53Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Rotated 90 CW @ 18}https://funny.battleb0t.xyz/images/withat_4.jpg
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.12035.229.48.116
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.32): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:32:18Malicious AffiliateYesabuse.ch0140Noneabuse.ch URLhaus (Domain) [cdn-185-199-110-154.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-110-154.github.com
2023-05-12 02:54:30Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Server: nginx Date: <REDACTED> Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"64217dc5-156" Content-Encoding: gzip 64.226.81.43
2023-05-12 02:44:09Co-Hosted SiteNoSSL Certificate Analyzer2110Nonegithub.iobattleb0t.xyz
2023-05-12 02:45:02Physical LocationNoipapi.co0020NoneSan Francisco, California, CA, United States, US2606:50c0:8002::153
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ee2a62d9a2306-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.96.1
2023-05-12 02:54:13Web Content TypeNoWeb Spider0030Nonetext/html;charset=utf-8https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneMCName (Minecraft) (Category: gaming) https://mcname.info/en/search?q=ayhuayhu
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES_RT-205 (Net ID: 00:12:BF:3D:DD:C5)40.2024, 29.0398
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneGitHub (Category: coding) https://github.com/ayshooayshoo
2023-05-12 03:28:06Open TCP PortNoPulsedive0030None188.114.96.144:8080188.114.96.0/24
2023-05-12 03:31:28Affiliate - Email AddressNoE-Mail Address Extractor0050Noneabuse@godaddy.com Domain Name: 001VIET.COM Registry Domain ID: 2685910837_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-10-01T07:27:47Z Creation Date: 2022-03-31T20:18:54Z Registry Expiry Date: 2024-03-31T20:18:54Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:05Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: 001viet.com Registry Domain ID: 2685910837_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-03-31T15:18:54Z Creation Date: 2022-03-31T15:18:54Z Registrar Registration Expiration Date: 2024-03-31T15:18:54Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:44:10Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0110Nonegithub.iobattleb0t.xyz
2023-05-12 02:44:22Physical LocationNoipstack0020NoneUnited States172.67.135.9
2023-05-12 02:58:58Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.74.170.74', u'34.74.170.74', u'184.50.50.164'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.automox.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.automox.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:80"\n "34.74.170.74:443"\n "184.50.50.164:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCC02.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d30_IESQMMUTEX_0_519"\n "IsoScope_d30_ConnHashTable<3376>_HashTable_Mutex"\n "IsoScope_d30_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3376"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d30_IESQMMUTEX_0_303"\n "IsoScope_d30_IE_EarlyTabStart_0xa8c_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d30_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabCC01.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpwww.automox.com" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "_D69E16F9-2DF2-11ED-B0FF-080027103F92_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002536]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "D2A4F93EC4F5B9C4C799775424B5AD98" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\D2A4F93EC4F5B9C4C799775424B5AD98]- [targetUID: 00000000-00002536]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003376]\n "RecoveryStore._D69E16F7-2DF2-11ED-B0FF-080027103F92_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "~DFA0927F58997C2571.TMP" has type "data"- Location: [%TEMP%\\~DFA0927F58997C2571.TMP]- [targetUID: 00000000-00003376]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002536]\n "_E196A91A-2DF2-11ED-B0FF-080027103F92_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "MYFHZ4TT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MYFHZ4TT.txt]- [targetUID: 00000000-00002536]\n "CabCC01.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\CabCC01.tmp]- [targetUID: 00000000-00002536]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTBASE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEFRAME.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\FLTLIB.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SSPICLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEShims.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SECUR32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IPHLPAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WINNSI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DWMAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\MSHTML.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.automox.com"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 304 Not Modified\nAccept-Ranges: bytes\nAge: 3368\nCache-Control: max-age=3600\nDate: Tue, 06 Sep 2022 16:48:09 GMT\nEtag: 0x8D8BDBB0003E830\nLast-Modified: Thu, 21 Jan 2021 03:16:52 GMT\nServer: ECAcc (saa/838B)\nX-Cache: HIT\nx-ms-blob-type: BlockBlob\nx-ms-lease-status: unlocked\nx-ms-request-id: 0b6a3ee4-101e-00d0-6408-c251a0000000\nx-ms-version: 2009-09-19"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:b47e5e27-bf85-45ba-a97c-0377ce0e5779\nX-Response-Cache-Status: True\nExpires: Tue, 06 Sep 2022 16:48:44 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Tue, 06 Sep 2022 16:48:44 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"- [Source: SSL_184.50.50.164]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "h34.74.170.74
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:01:E6:93:CF:EC)37.7813933,-122.3918002
2023-05-12 02:44:35Software UsedYesTool - Wappalyzer0020NoneGoogle Analyticsfluid.battleb0t.xyz
2023-05-12 02:57:24Internet Name - UnresolvedNoCertificate Transparency0010Nonetiktok.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:47:12Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://heartex.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f9c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_f9c_ConnHashTable<3996>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f9c_IESQMMUTEX_0_519"\n "IsoScope_f9c_IESQMMUTEX_0_331"\n "IsoScope_f9c_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3996"\n "IsoScope_f9c_IE_EarlyTabStart_0xea8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"analytics.twitter.com"\n "heartex.com"\n "js.hsadspixel.net"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"13.227.74.56:80"\n "13.227.74.56:443"\n "142.250.189.202:443"\n "13.227.74.90:443"\n "104.17.186.73:443"\n "13.227.21.217:443"\n "185.199.111.153:443"\n "172.217.164.106:443"\n "142.250.191.67:443"\n "142.250.189.168:443"\n "142.250.189.174:443"\n "104.17.214.204:443"\n "13.227.74.89:443"\n "23.55.103.51:443"\n "151.101.24.157:443"\n "104.17.112.176:443"\n "172.64.154.85:443"\n "104.17.130.171:443"\n "104.17.69.176:443"\n "13.227.74.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"heartex.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"6102a46ccec85d017bcc2ea4_ek_team-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6103d15f93e9fa6c012c8905_ek_check-icon-light_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "61027ead2e82974a47ffe5fc_ek_green-right-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "62845fcc117dd7a6fe0a0330_right-yellow-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a13ad6dfa169537a8465_ek_check-icon-yellow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6101e8714894dbfc5bef0fa5_Logo%20_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "webflow-badge-text.6faa6a38cd_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a13f33808950ccb6b0a7_ek_check-icon-dark_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "610406eb48709a315b97318b_ek_distribution-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a55d9e941b7adf11922c_ek_diagram-second-bg_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a5695227bc2dfbc40fcc_ek_diagram-first-bg_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "610406eb48709a7de897318a_ek_stats-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a46ca6246aa43f715335_ek_source-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a46c77137f94f59ea443_ek_person-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a46c151a70571e8e0d8a_ek_diagram-sources-logos_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "634e0a11af42084e411d009e_62ebcfe5d1d25479db4287d3_yext%201_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "webflow-badge-icon.f67cd735e3_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "61027e702e82970a07ffe572_Vector_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpheartex.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"analytics.twitter.com" (Indicator: "twitter")\n "GET /uwt.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://heartex.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.ads-twitter.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "HTTP/1.1 200 OK\ndate: Fri, 03 Mar 2023 20:33:38 GMT\nperf: 7626143928\nserver: tsa_p\nset-cookie: personalization_id="v1_b2bnC1YShnqqYcU8imaaVg=="; Max-Age=63072000; Expires=Sun, 02 Mar 2025 20:33:38 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None\ncontent-type: text/html;charset=utf-8\ncache-control: no-cache, no-store, max-age=0\ncontent-length: 0\nx-transaction-id: f947248016427219\nx-xss-protection: 0\nstrict-transport-security: max-age=631138519\naccess-control-allow-credentials: true\nx-response-time: 6\nx-connection-hash: 6a22b51b9194de2aeabd35b4c00e43e07f8e10848fa5ea2f38546b537c37a204" (Indicator: "twitter")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: heartex.com"\n "HTTP/1.1 200 OK\nContent-Type: text/html\nContent-Length: 11658\nConnection: keep-alive\nDate: Fri, 03 Mar 2023 20:33:29 GMT\nx-amzn-RequestId: 9caa9f24-d37e-4bdc-a944-8bf45e2c7515\nX-Cache-Hits: 1\nContent-Encoding: gzip\nx-amzn-Remapped-Content-Length: 11658\nContent-Security-Policy: frame-ancestors \'self\' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com\nx-amzn-Remapped-Connection: keep-alive\nX-Timer: S1677875610.649584,VS0,VE1\nx-amz-apigw-id: BOLwDF0QoAMFkYQ=\nVary: x-wf-forwarded-proto, Accept-Encoding\nX-Served-By: cache-iad-kjyo7100030-IAD\nAccept-Ranges: bytes\nx-amzn-Remapped-Date: Fri, 03 Mar 2023 20:33:29 GMT\nX-Cache: Miss from cloudfront\nVia: 1.1 3d33f952c2b7fe5b0308385e96c9263c.cloudfront.net (CloudFront)\nX-Amz-Cf-Pop: SFO20-C1\nX-Amz-Cf-Id: lTokqI3fqL10sQQ4g0f5g2nhevRA_cQ0eLSc4ldBFY0F5O7pdLFEQw==\nAge: 749\n\n}KF+MJrZV[r: !\nq3y1\n;\' GiTe;f,$\'Og_c1&Xx&L{(H+/v>>ja\'A4\nT%WD\n:O@f: hz\\)d%q`vgY#k39Tn{AV=x`q]etUgx T\n&r:<i\nsQ28?QH&k,,f\n2xjMXfaL#KMxO7iHIcuycUrc/4dS91PNfxt:$Kkb:8><&<U 4UQjTN@@~DM5~"QjJZ<<b\nsQ=TYe*e+uDr& hcK:Ldrz\nzM9ex8P\n.iErlNTv>iho o(Q!VfS)-Fc6x$~6ej93hLiWD4x#$eFClNa!&fO5K(:UW1$x7\n?4N!In9x"C_"y4wqMnntN7/_z7T!S\n}?`8wBhz|"hH|U{:I]Vj3+$3=Jpw_s*\n8OI7Xq<BG IGi5ofHWQ5)ZA8$Lo?@U=+%rrV#GG5~P?`DSoq>6.*E?<X~pML;l~JxjMVAL9i["q4+=Ffce1."3AcE!KJaL1;9N\n.i}\\;j1o{1I:ac2LsIb_]bX*!&:Hj}]XP%L^w?h|t7\n^L\n+A\\yD4H(0G^aN?jCa|`-7Y~WwznS|rwxX\'3X\'c Jgcyq$J|MHivO|w("P!V"{yA5Q6{7Iz\'!\n7Qb>\n|\'[GbAb9nvtZu2[L6a\n+\\\n#tf|DwdOpB$-_4|*~Dx\n<&!BzdZb<bqdF|4w[,.4"S%89Q|\'2Ky4\n;)`)<f3fsa;Jb.H93<R!YcJ2nc/.y\'SB`FP2Nx0.(y`N{5%rt$#L8"6r?pnxt3BA8zqp!XsAtIm_x*,nKlYh\n3(&~b3($:,{5|KFN$+F}}{MO0mu[vGuvTr)1m\\k?DTlANOUT`G\ndlw}{A0:Zn^e#a$A S=5FI7%Rogfl>7bH:\'OT&VM)9}\\-5T`t7>{_#Zz3|2&1UY?5O(/.%{yA8Vp`NG%kk")bp^={wbbA}e]/<{\n;N7p7\n@Ml<Ha>aJ7CypWn]e;~-\n4\n8%Xj}Y}\\}3uO^^+ Tt*f#1@ncY[5l[vtm3X]gna;S}jCx\n2Ex-\nAj\\8.Nl[\n(D{$FQ=!#"FmY37<Jp)D=ujraduk\'_*F-)\n0iW9MU\\yhoHiH=ek N4nK:A 3SlLiFg?m)j/=QAls)gp!aYbMn&4f%}@+4MCv/`I>lD1 xTaM\n`Jb=/,<\nMr>1Wsmbc&-\n+Dz2aF[SyZ]L|AW\\-8i,dZ\no;g@dx:}X iKsSj\ny,y!hI)8|`+`9mtzVm+MF<2@:^%[\\C\n-S^Fc,CBFmjrV6QzKnfP9}Y}3o\n(SF$mr7=^lMhS5u/I\nh"m $\'N+)Z^HNdv}tU)+$t/Sro 6JC4i)V4kexSb\\4t&n2\n^Sik&g&.&t>:AX\nX}7/qjCP:@z9\\UHD&^V\n X|\ndEyAmnh6`.VW+ZwlX\nv`{~Fl$>@q7.\nsbfI@TUmbIx5=x/F-%5IK <ydI \'5!$3F!185.199.111.153
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None00088.github.io185.199.111.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040None1136 4120 (Net ID: 00:0F:CC:76:66:44)32.8608, -79.9746
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonereferrer-policy: strict-origin-when-cross-origin{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 03:37:16Physical LocationNoMetaDefender0030NoneNorthbrook, United States165.232.113.85
2023-05-12 02:44:18Internet NameNoDNS Resolver2020Nonefunny.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:10:37Open TCP PortNoPulsedive0030None185.199.108.154:443185.199.108.0/24
2023-05-12 03:03:18Internet NameNoDNS Resolver0020Nonewww.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 18:07:07 2022 GMT Not After : Mar 13 18:07:06 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5: cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40: 8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da: 78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a: 56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00: cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85: b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4: 1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d: 86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9: c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0: 2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f: 7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28: 87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb: 3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9: ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf: fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce: a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1: d3:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 19:07:08.083 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D0:FF:78:AE:C3:62:89:90:F2:A9:F6: CF:41:A5:B6:AB:51:6D:6E:FB:5E:D8:9D:88:9E:50:39: 26:BD:EC:AC:34:02:21:00:BC:89:FB:E2:F1:35:F7:00: 0B:4C:4C:DE:C4:12:88:E0:4F:52:7D:18:21:0D:AC:62: BC:76:DD:A2:F8:3F:5B:1D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 13 19:07:08.583 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:51:94:B0:CF:3C:86:38:A4:D9:80:6F:E3: EC:3D:37:CB:B4:65:E2:35:17:5E:BA:96:76:F4:A6:90: 1D:6A:AE:4B:02:21:00:9D:89:ED:FC:FA:3F:52:5C:6A: FF:DA:D2:C4:54:F3:CB:81:7B:1B:4B:4F:01:26:9F:C1: 04:B7:D6:CE:B9:77:B8 Signature Algorithm: sha256WithRSAEncryption 91:4e:e2:bf:36:57:41:de:a3:6f:91:fb:a2:73:ec:c8:9e:f7: 1f:0d:59:7b:c6:09:e3:fb:bf:a4:c2:8a:32:fa:c4:f6:df:3f: aa:05:e0:24:98:16:08:84:62:26:41:b9:6f:39:f4:71:d6:ee: 5c:b1:36:f4:e8:21:c1:33:ce:b6:3c:af:4d:e7:18:2f:6c:27: 6e:cd:40:66:5d:d7:bd:71:74:93:04:96:39:63:25:d2:be:99: 3b:37:81:f8:a4:eb:0b:81:a4:3b:25:e3:9f:76:85:e0:0f:1a: 92:b6:27:46:71:61:51:3a:f7:5d:72:65:00:9d:09:05:5c:de: c1:d4:54:d5:5a:d7:d7:34:d4:2c:67:0d:f8:a4:f0:c4:3a:47: 80:3c:8b:81:06:a8:34:d6:42:45:55:c8:42:f9:cf:43:4d:ee: bd:e9:55:d7:d8:77:a3:d9:4c:76:08:4a:3c:a8:97:42:30:c9: 07:48:ea:bf:5e:b8:93:d2:56:00:0f:04:1c:00:01:69:ac:de: 20:d1:8a:7a:88:01:7c:94:e0:3d:d3:30:5e:a9:3c:d3:38:56: 5b:30:14:08:f5:b9:a1:f9:56:6c:72:be:02:ce:ad:d8:53:46: 35:20:ba:70:c5:77:bf:fa:4e:08:fb:a6:cd:30:77:f4:dc:52: 90:b6:5b:91
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None00d.github.io185.199.111.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneFruityWifi-003 (Net ID: 00:07:0E:65:CF:39)33.617190550339146,-111.90827887019054
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Nonejames-gamboa.github.io185.199.108.153
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:443172.67.135.9
2023-05-12 03:09:45Affiliate - Internet NameNoDNS Resolver0040None137.97.148.34.bc.googleusercontent.com34.148.97.137
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneJe buurman (Net ID: 00:01:71:0C:63:FC)52.3759, 4.8975
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomD04238 (Net ID: 00:0C:F6:D0:42:38)50.8897, 6.0563
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneVilla (Net ID: 00:01:E3:07:FC:86)50.1188, 8.6843
2023-05-12 02:44:31Affiliate - Internet NameNoDNS Resolver23020Nonecdn-185-199-111-153.github.com185.199.111.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneWowhead (Category: gaming) https://www.wowhead.com/user=loginlogin
2023-05-12 02:54:22Linked URL - InternalNoWeb Spider4030Nonehttps://www.ayhu.xyz/cdn-cgi/styles/challenges.csshttps://www.ayhu.xyz/
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.65): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:56:51Internet NameNoDNS Resolver0030Nonekekw.battleb0t.xyz[{"url": "https://kekw.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneGHARANA (Net ID: 00:01:E3:0F:5B:9B)50.1188, 8.6843
2023-05-12 03:17:44Account on External SiteNoAccount Finder0010NoneTikTok (Category: social) https://www.tiktok.com/@_BattleB0t_?lang=en_BattleB0t_
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010Noneimgur (Category: images) https://imgur.com/user/Battleb0t/aboutBattleb0t
2023-05-12 02:55:12Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://dai.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3588"\n "IsoScope_e04_IESQMMUTEX_0_519"\n "IsoScope_e04_IESQMMUTEX_0_331"\n "IsoScope_e04_ConnHashTable<3588>_HashTable_Mutex"\n "IsoScope_e04_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_e04_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3588"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dai.com"\n "www.dai.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dai.com"\n "www.dai.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "104.22.14.253:80"\n "104.22.14.253:443"\n "104.16.122.175:443"\n "216.239.32.178:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpdai.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "F11KGYX1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\F11KGYX1.txt]- [targetUID: 00000000-00003588]\n "sharect_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFE2916D6CF490E071.TMP" has type "data"- Location: [%TEMP%\\~DFE2916D6CF490E071.TMP]- [targetUID: 00000000-00003588]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mexico-blog-hero_1_.jpg" has type "JPEG image data progressive precision 8 903x495 components 3"- [targetUID: N/A]\n "_7D9BD89C-B41E-11ED-92C7-080027889E1B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_72D7BA37-B41E-11ED-92C7-080027889E1B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF6EC52A9F677717F8.TMP" has type "data"- Location: [%TEMP%\\~DF6EC52A9F677717F8.TMP]- [targetUID: 00000000-00003588]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "yjb4iuu_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "d_3_" has type "Web Open Font Format CFF length 20688 version 0.0"- [targetUID: N/A]\n "d_2_" has type "Web Open Font Format CFF length 20024 version 0.0"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "R60X53XL.htm" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\R60X53XL.htm]- [targetUID: 00000000-00002992]\n "p_1_.gif" has type "GIF image data version 89a 1 x 1"- [targetUID: N/A]\n "d_1_" has type "Web Open Font Format CFF length 20656 version 0.0"- [targetUID: N/A]\n "less-obviously-not-ethiopian_1_.jpg" has type "JPEG image data progressive precision 8 903x495 components 3"- [targetUID: N/A]\n "d_1_" has type "Web Open Font Format CFF length 20700 version 0.0"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.dai.com\nConnection: Keep-Alive"\n "?Z.+uZ/\';<k~YY7~!QY-W#,?8_9%x$yGAUZInv[^1?^AAPrbL57wvwWa&[O{G(HcWiCt/_F\'qNp|}~8|y8po.\\niDOz[z&Z/w^.6+){2b{o4i3Teh01Z^n,ZfLLY+u ^_>SOX=Zv})9}~xbeVW7\nYM0^+=}:Sz=,8bsbe8vq!bt^f\n7f~FF/o-O~zw8.z/#/Mgh_n}~9t}\\g/boSm=}Z(Y\\Ojl{~d`sP~Yzg3}~vf\\YW/lo5{|lkmNfBU<5gOv]zOf;^\\w3nghZllh}=/?9?IfZvnW:>58A#O|jrfB7|h&5~ck=qPza-\n;$yB-Q}x~VnsTDvym8GaLS:g~_/6ank=S;y~TJ2#|={R|_{R|;u#qN<;_S},)Ej1&ZG7DH:?W~x#uF9?WNggyxB!\'V`jF^{Qjak0T<a)$i~p,4qOIDg#,[%y\\Ww5?"6jC:~wwuM5Q8Cx!Vmwl{", ">.Mat}>={>EjHOW$>SO1QKvw\\f|tY4P8aIbsyf+s<2Oyw{YprACte\'&X\\~naA_fC^_N,o:_rEo@Z}v>^gA:MXvb=fE[2V68Y|q<=%C)uRqwWW*...pC,zdN*Mxdm4)!Pk(e\n.6C,6\nM^~1Bl>n>S>$Wa5lY`Xrd;4f=_:>nYnrOu[jZ]iS57)"U\'ag5jM^Pkjsk./<5\nSVik_S\ny]UMUKB\\fxKrmFhejWVM0ls=\\tvpaOnDa\nWu3&7M^:}7?-TcUO/uLr_ZSXZ@m5DYiU>NJO5.1Uq"MbumiUU[5VUn]+JVUi0p_44MXUq1uZBUT@G]j]cR5-B@mB6M4E[V:@]&92JLhJ&[U%SZ(l0JU2Jue,@RAXWiM^(Q>qS\nhnmEqxrW>I\nv>.K3- Bj\nq[HYX?&P\')fka(EAf[:M+WD)*.ne<mK{V]vgKc\\a7lj[*MKd:BuI_>* \nizsgmZHaQ8LhYImy+$)lm\\Q8HW"4}meM_RAS6F6[ }Y^g[mr:dyYV&:io", "+hWI2KV1Qt"\nwM:[&xCKVuTm@RU&Fw*L\'[61V{+S1tIz8QW"1Ou[@XUEXhX\nXhiWYGP;^e@r\nPUfXk*qA\np\\\n.E%oW:s$^DV@c=]\n:]%+y?yx0>7YFA.;wi~%DG`\'.JIi5D,L-DSHQ]<UJVp+v<lycTah6UTMWICXBWSl\n;^J*,$=*v<KW\\KbI,]@Nhp! ]hVu.r|;]\'U85\\e*;@eU\'\n05&@6lb,i5[Z0urkf#Ug-2\nQ#8ehudD\\\'o]X[kgt 8h!*`")&-pr+nPFrK76SuLM\\%FE.cade#&tuo%pipvi\'K6!!M(M~Rsm(\\n*?glXv>Mp4oU0^P>|,8^UJmx%qpp\\ah"\n`WTc<Z]%(J<}H$A1(BkQ7)fXt_4OUFKx!jrusCO}vIJa(Mrd,XT\'}Q!EY(wP`w[grUR&1Tk3h\nC0G\\UUR1otqZv0\\bhpw)d7d$\n(Lda6,ZxqJT0_F3T#a:YpnT"iD;a9Fb\n$W.6i#-&r&-[K0RX/e\nsH><^ [BK ]q3Kk,X+"`hl}*\'!wE~d`&3g-8"]$kW`Gcg", "EWLdbw"8~"V\\asbL3]N0zjP%8dV?q;v\\tY?,,ze;hOHP2JUHI<r)+[&K2b/"\\|yP<rW\no/%8H8*R2H\ntGsA,\nHowLP&wU|PJky}N:@@P]B&T+$GL"\\Sp\\\'\'Vdw<\\mFQ(X5"6}`4x]jN!#b3*?T8<^a/<g5.5Ohd7IwbzsaAF$<S8/T<odD7S9S(CR^!dh_\'Df,z\nEqIhH"k*`ux0yapC.X~2K(`.?FrqegcHD2d8x"R*ae98AyE\n\\,Q?J]4h_cKd%J$*$*?%u$zwO;T$&Qt>>\\?lu~\naMgH}oD\nU&n"p%86"\'lgN~,\' Q\'=WI*;qE?Uj+Wy\n#dsVrLEv;\n&boP*Jy]j^y<S3`HNMOzE-pQY1^h\'Jk,pEBRWc<KAg1ZdQf\n!PF6"5+?wql2bVk"gRMN9Dc}#[,asF+u\n_IT\'*KTlBM]ke-25~F,NTDyvp%v)K0earG7<MhD#*8t5*394089K\n<f^iSs;cn|;u$1HUIxMA0It48%-\nI!`9T:=G9TU1G=TWqPrz&\'gRbT#:)ca#JXRs6LO_R(DG)%", "8HI22%H/J2qLN6IZMRk\nK_qU:QOd{G&`SN2\'q\\qVE*;8`y12<4VZzQ%?fG0WXTxTDDDIs\\V+>A4\'OJgQ*VfVVs\\L"*kqI5g,w9<{jSpUqD0lt<k%Eg7ShX&fd0clX](xvrh|h%D1cS1\nbz.J:5-uP!,NCZQE@e|IE"RV__JqJhCqRH!3=GY)*\\BSlyX R0mxRR#k0,ge96!(YY1%hwt4A1D5=LK^S<.WK_3o5MHH\'o:wwz#4(ii|UT9e\n[\\,kr(Jmr\\[UA$s58rmi#YjqyW,p`v$`gsoe#P|nWHpKEQ\\I_jB \\^qr)P$o2og`ah\n~mc@8qu f\\}jQ[%uU\n(,T_M0[Wj_U0]u}t8k[AI]5@ns(j)j`X5?wuE[TQ2KqJ;:V%q&hM^]JGQZ_x\n`MIR=O8-lSYZ\n1X)"KlZmi&zGV%Yyeo@gutN]BIjC5D-w:q0!(I-jZ<jPk#->5wTU-=|-<`k6!D<ZybHIQ5g\nr@U5Bq2B$4/Icu]P_-\nh())5H9p"\n "yw9q-Jm>"ka.S"CL[\nTR9.q\ntvPS4]\nzWjWM4KUEh*h{i-KGFPT.q][GmlS0bi\\ahS |\nhh4TEk@+F*ZkbI;&`S91m^`VFV}Uwe);jC=n5tAFh8BHmPTH]0^&I9!maj67Mc>!rlaZFr*5 ECxkn/;7@`V._s1Eh!mvM4`B3AaU0wDS56/]t`#vmLA#&J71?nK[%>O4&?2UR6xvV,j1srC&ept%*H}c4Yes`m][h_](*\n*pOZ_k_%[mn`g!vlU,$|\nB)(EV&EE(SEX6;M\\tW<vESWdS3,H+1/.r&)fI: K-nX+*K2-bE d[\npDnBV"-L:yUu01!``?8e:QQXp\n\\45ho:[X=Les\\+1\nw)UZU`<@;dF`eMBT$:W4r\\JweR7\nX\n1y`<I2&sk"0:<Y2(JSXE\n$g7+kXnC"WtfEj-Zj$\n9Ll-NP06K*6V;~Jbu>\nwLm1$$AYbBqU<\\ t3YHm!+qL`BeV\n3#s[:XbaM\n`!XZF@YofynJ)#FBZ+xSVaf$1I<>8#s=ro*rWF[r5X\n$xeI|.<QxpH4pwxN`rO?lkCJ Hc1 Q*["Qb76>%"Hn7UA!n", "HTTP/1.1 200 OK\nDate: Fri\n 24 Feb 2023 09:37:27 GMT\nContent-Type: text/html; charset=utf-8\nTransfer-Encoding: chunked\nConnection: keep-alive\nLast-Modified: Thu\n 23 Feb 2023 18:42:16 GMT\nVary: Accept-Encoding\nAccess-Control-Allow-Origin: *\nexpires: Fri\n 24 Feb 2023 09:47:27 GMT\nCache-Control: max-age=600\nx-proxy-cache: MISS\nX-GitHub-Request-Id: F7D6:6485:B658CF:FF1FFC:63F88557\nCF-Cache-Status: DYNAMIC\nServer: cloudflare\nCF-RAY: 79e73904ef6acf93-SJC\nContent-Encoding: gzip\n\n2f2b\n}rGo)1-%zSvzhyvfp@@\\%{OOs*fo#\nrg}RO^z{.fgm{gbog*~(wY^mV~wuW_,Rm+|O\\?\\r=,&\nszq{,w73uN-Qcxb@iT/~/O_oW{sn8w[u|x:~Z_~L~{\\_S~qm6=GcaEp1[s5j5>~uo31r\'(k:./hd=szp1W_V=f{~m_OGb5Y]6WW}\\zZ]3_^[;S~s1.=2PCtG,<W/Y3jg/f ]oW[.w>j`}m7?nnv^7e?07v?^H(w0#=-1bM=j_kqVfNV(7PYVaZ^C5185.199.109.153
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NonePrivately held companies of Englandbaffin.netcraft.com
2023-05-12 02:59:50Affiliate - Email AddressNoE-Mail Address Extractor0030Nonejloup@gzip.org[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamask3.cc/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xda8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"103.60.109.137:80"\n "185.199.111.153:443"\n "65.8.165.91:443"\n "58.216.15.119:443"\n "142.251.32.42:80"\n "142.251.46.163:443"\n "142.250.188.3:80"\n "104.16.89.50:443"\n "104.17.210.243:443"\n "104.17.214.243:443"\n "142.250.189.238:443"\n "142.250.188.3:443"\n "142.251.46.194:443"\n "142.251.46.230:443"\n "142.250.189.202:443"\n "172.217.164.118:443"\n "142.250.189.161:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamask3.cc"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"\n "GET /fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.embedly.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "metamask.io"\n "metamask3.cc"\n "perf.hsforms.com"\n "s4.cnzz.com"\n "static.doubleclick.net"\n "www.gstatic.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "qk.prototype.remove=function(a){this.g&&this.g.remove(a);var b=this.h;be.remove(""+a,"/",void 0===b?"youtube.com":b)};var rk=function(){var a;return function(){a||(a=new qk("ytidb"));return a}}();" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string ""undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Fp();var qq=z.onYTReady;qq&&qq();var rq=z.onYouTubeIframeAPIReady;rq&&rq();var sq=z.onYouTubePlayerAPIReady;sq&&sq();}).call(this);" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "<meta content="MetaMask - A crypto wallet &amp; gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="A crypto wallet &amp; gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "5IBMEWA7.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-close-black_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FE2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FB1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "maxresdefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1280x720 components 3" and extension "jpg"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "Unknown" and extension "png"\n "dapp-uniswap_1_.png" has type "Unknown" and extension "png"\n "dapp-gitcoin_1_.png" has type "Unknown" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "unnamed_1_.jpg" has type "Unknown" and extension "jpg"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FB0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FB0.tmp]- [targetUID: 00000000-00000852]\n "Cab1FE1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FE1.tmp]- [targetUID: 00000000-00000852]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "base_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "v2_1_.js" has type "UTF-8 Unicode text with very l
2023-05-12 03:09:30Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.ioetherum-libs.github.io
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.24): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:33SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:01 2022 GMT Not After : Feb 15 09:44:00 2023 GMT Subject: CN=portainer.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b: ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3: bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20: df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1: 57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59: fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9: be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47: ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f: 9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de: 5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e: 71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5: 8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98: 8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd: 1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90: c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85: 69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14: 0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef: 5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42: eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d: b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69: 74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9: 94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7: 06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c: ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68: 1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20: ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5: 7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3: 23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82: d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0: 9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9: 0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba: 34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af: b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46: 99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82: 5c:f7:3f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:portainer.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 7b:33:f1:a4:1d:68:11:39:8e:a5:85:a1:57:3a:ca:d6:76:61: f8:90:77:ab:e2:9c:59:92:45:d9:89:9e:df:9d:5a:f5:8b:7f: 42:54:73:71:1b:ca:7f:2b:96:f8:66:7c:34:c0:4e:2c:4c:9f: 09:95:c5:44:f7:32:57:ad:ef:51:b6:f3:c5:42:de:f8:f8:40: ba:f2:1b:dc:8d:ef:98:6c:11:da:4c:0a:34:59:21:6e:c6:73: f1:61:40:2e:f2:b9:f0:51:47:9f:99:b8:d9:0d:49:7a:ef:27: e4:14:a2:91:4e:c8:ff:77:ed:d8:2a:08:39:4d:00:8c:b1:9e: 3f:a5:b7:7f:34:b6:23:7c:d8:2c:35:c9:7e:78:84:b5:e7:43: e6:b4:77:80:74:b2:b6:5f:6a:41:e0:e4:7d:ef:7c:67:27:96: b1:ac:62:09:93:da:ed:11:2b:48:d5:94:7a:0b:9e:f1:11:21: dc:75:a1:c4:c6:6d:aa:ec:0e:65:68:9b:cf:38:b0:39:f3:a1: 13:80:f1:21:f3:20:a7:54:f6:76:9a:e6:a2:d4:20:0b:0a:f3: 8c:94:c2:94:30:fd:f1:9c:4a:e9:36:b3:ce:d7:bf:1f:5a:c8: 68:2f:89:7a:a2:d2:eb:17:ad:ce:de:30:8f:4f:0e:24:60:d8: dd:33:cb:70 battleb0t.xyz
2023-05-12 02:45:35Internet NameNoDNSDumpster0010Nonefluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneFriendFinder-X (Category: dating) https://www.friendfinder-x.com/profile/ayshooayshoo
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.165): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:56:58Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1: a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99: 22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a: be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6: 21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f: cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4: d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e: c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e: cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2: 17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62: e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64: f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b: 5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc: 63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e: df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3: 58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb: f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa: 05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91: f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe: b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b: 03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40: 44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74: 54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27: 4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28: 32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97: 57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6: 26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8: 43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d: f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9: b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c: 1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9: ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39: 9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76: 9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10: eb:dc:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:03.171 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:96:05:95:D9:0A:4B:A3:9F:B3:54:99: 3D:9F:1C:1C:B3:12:27:04:D0:20:E1:F2:2F:C1:45:57: B6:CE:43:39:BB:02:20:00:C0:44:63:1A:7F:1F:D9:F8: FD:B5:9E:08:05:34:0B:45:8D:91:19:03:CA:A5:AA:D6: E1:FD:44:B5:26:35:45 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 10:44:03.648 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:9E:83:39:0E:B7:7E:92:F8:91:94:2D: C4:39:B4:D1:61:0F:10:40:37:17:81:C1:64:FE:E3:2B: 7F:80:28:64:1B:02:20:24:5F:97:C1:F8:98:B3:7F:80: 98:C6:50:33:A7:E2:50:93:AF:06:19:6A:DF:BA:37:94: 1F:D4:D6:CD:5F:4C:B0 Signature Algorithm: sha256WithRSAEncryption 40:a0:9d:f6:3d:3c:ac:ae:91:12:9b:4e:a3:fc:45:ec:e5:64: da:45:37:2c:ee:d8:2a:d2:8f:88:31:a0:95:c3:dc:c4:40:0e: a8:93:80:23:39:bf:89:3d:dd:29:75:89:26:f6:5c:52:03:15: 6f:e8:31:57:f9:25:b3:bd:ee:60:ab:89:7b:bf:4a:3b:90:d7: 1d:6e:f0:15:a6:a8:33:e3:0a:a3:63:24:df:b6:b2:88:74:9c: 53:ba:d0:31:ab:00:8b:eb:a4:eb:bb:ba:98:6b:22:46:8c:5e: 84:5b:6e:2e:cc:c4:3d:09:cd:d2:87:a3:5d:75:e5:ec:73:75: 14:60:08:bd:90:75:45:e0:a0:1e:53:73:ca:fb:93:72:15:2f: 6a:41:43:d4:73:dd:23:81:1a:84:6d:10:98:76:2d:ce:b5:a3: 74:e9:cc:ad:0f:8c:bd:73:70:b3:fe:0a:4e:d0:aa:f9:06:ca: 2e:6d:c1:ec:f4:03:98:d8:dd:ea:da:88:14:c5:af:7a:46:c1: 65:1f:db:ea:14:67:fb:45:d8:16:12:e2:c1:56:a5:f6:63:45: 0e:7f:b7:be:8a:a0:59:b7:47:0c:b8:cc:46:e6:d5:5e:8d:78: 17:a9:cd:35:86:26:df:ba:4a:09:fb:46:5e:4a:81:95:bb:26: df:1f:91:9c
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonehamaha (Category: finance) https://hamaha.net/loginlogin
2023-05-12 02:44:12SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 9d:49:08:08:d4:e9:44:f0:ed:d2:82:b7:e0:6b:90:98 Signature Algorithm: sha256WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA Validity Not Before: Apr 27 00:00:00 2023 GMT Not After : May 27 23:59:59 2024 GMT Subject: CN=*.cloudwaysapps.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d1:3a:67:3d:ac:93:fe:a1:38:17:a2:78:ab:33: a2:2b:b2:61:9e:b0:28:f5:b1:4b:36:8d:ac:be:b1: c0:fe:fd:0b:68:83:80:c9:b2:6b:9d:ce:40:cb:26: 30:81:2e:8f:4e:77:39:58:cb:20:c2:55:5e:20:7e: 53:22:78:e6:78:4b:04:8a:75:da:4a:51:8e:ae:c5: 7b:1a:6f:d9:5b:ee:cf:33:36:2b:2b:82:8c:3f:b8: 39:3e:ff:79:43:92:54:ec:54:d0:bf:11:c0:cd:11: b1:92:f3:c3:cd:cc:a8:82:83:49:22:4d:4a:5e:05: 4b:3f:17:54:c9:df:81:d5:41:55:ad:33:2b:a8:09: 08:7f:43:35:1d:1c:dd:5a:53:87:bf:e3:84:b1:0d: 90:8d:c9:d7:3f:49:88:74:31:7a:b1:b0:e7:b3:d9: 25:22:dd:3d:3f:9f:60:d3:32:fe:f8:e6:52:22:4b: db:21:12:b2:be:42:9c:9a:9f:bb:dc:74:11:17:4a: 63:9f:64:98:d9:12:4a:30:4c:41:ce:02:25:3c:32: b3:70:72:ea:0c:c3:d1:97:6c:cf:f1:37:08:77:34: 63:17:f5:f8:ad:16:1a:eb:8c:b1:aa:63:18:20:3b: 38:58:f9:e1:92:9a:3b:73:9b:93:2b:b7:f8:4c:52: 14:d5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1 X509v3 Subject Key Identifier: C9:A4:B7:DE:EA:0B:C6:29:AD:C2:08:FF:9A:8D:BB:00:2C:61:53:C2 X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.2.7 CPS: https://sectigo.com/CPS Policy: 2.23.140.1.2.1 Authority Information Access: CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt OCSP - URI:http://ocsp.sectigo.com X509v3 Subject Alternative Name: DNS:*.cloudwaysapps.com, DNS:cloudwaysapps.com CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Apr 27 08:49:21.510 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:54:5F:22:AA:E5:91:D8:97:BC:1A:12:E0: 0D:19:AD:B4:23:74:C7:19:0B:C4:40:FB:51:89:5B:39: 3E:C4:C1:CC:02:21:00:DD:E6:D8:AC:B4:ED:A2:F3:9F: C5:81:F6:57:5C:08:09:CE:A0:CE:8E:00:A3:67:0E:10: B5:84:4C:5D:F0:6B:A3 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70: 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB Timestamp : Apr 27 08:49:21.600 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:9D:80:77:45:D7:5E:B4:81:61:12:02: 29:B7:09:6D:AA:A8:EE:C0:C9:01:FE:75:B3:DD:F0:06: DC:3E:42:DF:D0:02:21:00:F3:29:18:40:3E:1C:7B:74: 47:39:A3:57:7F:3D:0C:BE:90:CC:A8:A1:A7:11:FB:28: 6B:3A:89:A0:1D:92:A4:B6 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2: 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B Timestamp : Apr 27 08:49:21.550 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:7C:D6:D7:21:C2:B8:D3:3C:1A:E2:29:5D: A7:78:9A:B9:61:1E:8F:1D:0D:45:66:77:67:5A:0C:C3: 73:FD:9F:2E:02:20:1B:D9:E7:E8:46:D6:95:23:C8:69: C9:B7:FD:00:71:38:3D:72:E8:26:CA:93:39:E1:22:47: 44:C3:7B:B6:58:C7 Signature Algorithm: sha256WithRSAEncryption c2:e5:27:b1:49:8d:0c:b8:23:cc:ad:af:a2:37:17:1f:51:5f: 10:2b:2e:2c:a5:d0:39:c9:d2:53:1f:0e:b5:e4:c2:19:75:77: 48:c8:b8:2e:d8:97:35:66:1c:7f:72:90:0f:1a:b8:3a:65:bd: 9f:90:0c:35:2b:9e:fa:54:ce:78:18:0b:07:4e:0e:d6:da:2d: b2:8b:53:d5:da:55:08:c8:37:85:a6:8b:12:14:78:6a:d5:51: 7e:f7:58:58:6a:f4:59:0c:a3:31:26:2d:fd:1a:fe:da:d0:05: 5d:26:d1:01:9e:67:1c:9c:4d:2b:07:03:e0:1f:19:40:76:89: 3d:9f:ba:6c:0c:01:c7:12:04:82:d0:3c:b5:b0:6c:8c:48:af: 91:80:42:07:ba:a0:18:f2:c7:57:76:34:05:a4:b2:7b:9f:cd: f2:57:04:13:8a:15:7b:e3:78:fd:cc:f9:fb:3e:ee:46:57:be: a8:be:94:c1:0c:96:ec:10:93:e0:36:2d:91:5c:a3:c9:e4:2d: 7c:ba:e9:51:8b:91:a0:77:08:a8:df:48:5b:6f:72:7a:d3:ed: ad:97:85:76:71:19:18:df:9e:f7:1b:82:3f:24:cc:75:af:96: 74:0e:15:b3:cc:fb:a8:3c:e6:07:2b:89:aa:f9:0a:70:0d:02: b5:99:9c:87 kekw.battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneShuttle (Net ID: 00:01:36:07:54:71)52.3759, 4.8975
2023-05-12 03:03:18Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 19:16:54 2022 GMT Not After : Mar 13 19:16:53 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72: ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02: 41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31: b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d: cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94: 1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8: ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d: 38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8: 2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89: 33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1: 40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70: fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9: 72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4: 6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41: 26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7: 68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03: 83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5: 91:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 20:16:54.437 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C8:55:7C:0B:F2:4A:D4:C9:EE:94:0C: EF:F0:9C:B6:19:B4:91:58:D6:05:71:7A:F5:C2:94:2C: 9E:8C:8E:37:13:02:21:00:C3:46:D2:16:74:93:8F:9F: 59:96:75:0B:A5:1F:5C:5A:BA:2E:0B:68:95:99:31:FD: 8E:F4:F0:AD:8C:28:9C:38 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 13 20:16:54.945 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:56:36:5F:B8:65:E8:68:80:21:A3:19:B2: BC:D2:DF:5E:37:2A:78:11:0B:85:DC:F6:3B:9D:68:A0: 01:45:B2:7A:02:21:00:F7:C3:7B:2A:F6:13:73:9F:A7: 7D:92:7F:BE:68:5C:0B:AC:65:3E:D3:C0:77:63:D7:8E: 8C:49:1F:4E:78:C9:F8 Signature Algorithm: sha256WithRSAEncryption 19:28:98:d2:20:85:e1:e5:94:d2:07:4b:30:9a:e6:b6:e4:f1: ad:75:85:78:99:6b:59:96:02:40:a2:83:06:c7:f8:4b:09:6b: d8:c6:16:df:8e:4c:8d:6d:4a:1d:5a:f5:c8:a4:e3:2f:c5:9a: c2:e7:23:9f:4a:37:31:fd:55:44:73:22:2a:44:61:cf:38:41: c2:bf:84:91:0c:26:d9:7f:95:38:c2:5e:aa:df:96:5c:61:36: 99:62:0f:05:bf:92:14:5f:8a:b8:a2:35:64:d7:1c:77:57:f2: 14:f6:3d:8f:7c:2a:9d:f0:7f:5d:fa:03:91:91:47:ff:d2:1a: 85:ec:d6:48:54:87:06:a2:cf:92:72:de:97:97:3d:dc:bf:11: 68:d0:47:02:79:9f:6f:0e:40:4b:ee:a8:97:3a:1f:7e:86:fc: be:c0:35:24:74:e2:90:dc:a8:be:80:41:5d:16:68:1a:e2:f2: 91:2d:ad:23:3a:69:76:43:d0:49:f2:a4:be:8e:a3:7f:0d:0c: dc:d6:f8:b0:66:4e:c9:15:34:47:d2:92:fb:73:d0:4a:4c:2e: 53:df:fc:69:43:c4:55:ae:6f:33:b7:7f:e1:98:80:11:3e:a5: b5:ef:1b:cd:21:0c:3d:64:7d:11:08:c6:8c:70:59:7e:61:c0: ea:e4:74:3d
2023-05-12 02:44:27Internet NameNoDNS Resolver0020Nonewww.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 26 02:43:31 2023 GMT Not After : Jul 25 02:43:30 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Apr 26 03:43:31.388 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:43:38:D1:BA:46:EB:FB:AE:E5:0E:F5:96: 0C:2E:94:E5:49:45:23:64:6A:0D:BD:FC:87:A8:B8:00: 87:FD:24:62:02:20:75:87:54:4A:DF:64:4F:88:2E:B1: 25:57:3C:E7:3A:E0:19:3B:72:E0:C9:1A:87:B9:BB:3F: 35:51:E8:55:8F:82 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 26 03:43:31.409 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:5D:9E:62:37:CB:DB:77:1F:86:0C:C3:56: 8B:76:28:CE:A6:09:34:6A:3E:14:48:88:F6:21:96:4B: D9:19:A8:EE:02:21:00:BC:CD:90:3B:08:38:44:A5:BB: D6:38:35:73:D2:AD:F4:37:33:C9:DB:0D:66:F0:E9:9B: ED:6A:44:1F:1B:F5:8E Signature Algorithm: sha256WithRSAEncryption 7c:fa:bc:17:47:a7:e5:00:0d:95:46:f6:aa:b8:5c:00:e2:ec: d7:d1:7a:8b:68:b6:74:b4:92:6d:3d:5e:34:79:68:36:4b:b1: 22:bc:39:10:53:ed:b5:6d:cb:32:be:a6:64:84:36:56:88:b4: 46:53:a9:13:77:42:0f:15:bd:f9:cb:e5:28:5d:fb:7e:a2:45: 2c:88:d0:5e:f0:2b:7e:c6:76:b9:0b:22:71:21:a1:7c:97:5c: 3a:e6:c7:51:0e:74:ba:87:b5:20:a9:b3:67:69:9c:c8:fc:3e: a3:b5:ad:ee:73:7a:3e:e4:18:0a:93:40:47:fa:a9:04:04:e1: f7:88:c4:73:97:3f:0c:9b:41:a3:36:f3:ec:33:03:ab:0c:30: 00:c0:20:bd:7a:4b:9a:0b:2b:5b:6d:f2:ba:7f:cc:e9:7b:ea: fb:92:46:62:0b:ad:ee:b0:ba:89:ac:82:3a:17:07:50:53:81: b3:41:01:ce:5c:08:dd:10:1b:6c:39:d6:14:34:c6:10:a8:c1: d6:c2:f7:02:f7:45:91:38:08:18:a2:cd:a4:11:ec:4f:45:cb: 9e:27:ab:1e:0d:3e:e8:66:62:38:57:e6:40:15:8a:71:ee:e2: dc:77:56:dc:8b:57:bb:4b:a9:03:f5:23:c6:cf:0a:e7:07:60: 58:ae:4b:bd
2023-05-12 02:44:03UsernameNoSpiderFoot UI7000None_BattleB0t_"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 02:53:45HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["C1F8:9B05:D303FE:F3CF12:645CF509"], "Age": ["0"], "X_Cache_Hits": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-gig2250041-GIG"], "X_Cache": ["MISS"], "X_Timer": ["S1683813642.858818,VS0,VE273"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["df03515606cb10d86a4e0fd793a1bc65b6eaa2df"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}2606:50c0:8002::153
2023-05-12 02:54:00Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer104.21.6.166
2023-05-12 02:59:59Affiliate - Email AddressNoE-Mail Address Extractor0030Nonejloup@gzip.org[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050Nonewattpad (Category: social) https://www.wattpad.com/user/AltpapierAltpapier
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-access-domain: panel.battleb0t.xyz{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.220): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneBrandon (Net ID: C4:49:BB:70:F9:3A)37.751, -97.822
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneTEKER PERFORMANS (Net ID: 00:13:33:8D:5A:FE)40.2024, 29.0398
2023-05-12 02:57:03Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.ibisci.com/products/the-spin-dr-tube-rotator?_kx=vizvI-JRPBLiz2WSUolyRzD4z1y8jXdUi3K-8u9VCZS89GBYZ3jti4Wh6njSNfNu.MenwDE&_pos=1&_sid=e69e48d55&_ss=r&utm_campaign=10.17.22%20-%20Spin%20Dr%20Video%20%282022-10-17%29&utm_medium=email&utm_source=Subscribers%20%28Customers%20and%20non-customers%29&variation=B', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "ico-select_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "TarC703.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_684_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_684_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_684_IESQMMUTEX_0_519"\n "IsoScope_684_IESQMMUTEX_0_303"\n "IsoScope_684_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1668"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_684_ConnHashTable<1668>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_684_IE_EarlyTabStart_0xfe4_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_684_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.74:443"\n "172.253.115.95:443"\n "104.17.24.14:443"\n "162.159.135.68:443"\n "142.251.16.95:443"\n "31.13.70.7:443"\n "104.21.88.99:443"\n "18.155.181.15:443"\n "35.229.48.116:443"\n "162.159.129.71:443"\n "142.251.16.94:443"\n "142.251.163.102:443"\n "172.217.2.110:443"\n "162.159.138.60:443"\n "142.251.163.155:443"\n "157.240.19.35:443"\n "157.240.19.26:443"\n "172.253.122.155:443"\n "142.251.163.149:443"\n "142.250.73.225:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"apps-uso.netlify.app"\n "cdn.shopify.com"\n "cdnjs.cloudflare.com"\n "in.visitors.live"\n "qab.hextom.com"\n "settings.luckyorange.net"\n "visitors.live"\n "www.ibisci.com"\n "www.pxucdn.com"\n "www.webyze.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "FNIZQ81G.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FNIZQ81G.txt]- [targetUID: 00000000-00003144]\n Dropped file: "YQ267VSL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ267VSL.txt]- [targetUID: 00000000-00003144]\n Dropped file: "OP4TNIKT.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OP4TNIKT.txt]- [targetUID: 00000000-00003144]\n Dropped file: "7XYK1WC8.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7XYK1WC8.txt]- [targetUID: 00000000-00003144]\n Dropped file: "0PG5YZ7F.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0PG5YZ7F.txt]- [targetUID: 00000000-00003144]\n Dropped file: "CFKG5CLE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CFKG5CLE.txt]- [targetUID: 00000000-00003144]\n Dropped file: "EX0SJD32.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EX0SJD32.txt]- [targetUID: 00000000-00003144]\n Dropped file: "SI0NUM7L.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SI0NUM7L.txt]- [targetUID: 00000000-00003144]\n Dropped file: "KCA9UIC0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KCA9UIC0.txt]- [targetUID: 00000000-00003144]\n Dropped file: "H88ZOVT1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H88ZOVT1.txt]- [targetUID: 00000000-00003144]\n Dropped file: "HJIXL0AW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HJIXL0AW.txt]- [targetUID: 00000000-00003144]\n Dropped file: "4A84WL3Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4A84WL3Z.txt]- [targetUID: 00000000-00003144]\n Dropped file: "HLMAT6CX.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HLMAT6CX.txt]- [targetUID: 00000000-00003144]\n Dropped file: "I9D9AAFE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I9D9AAFE.txt]- [targetUID: 00000000-00003144]\n Dropped file: "0ZBM6C0E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0ZBM6C0E.txt]- [targetUID: 00000000-00003144]\n Dropped file: "Q7Z941OM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q7Z941OM.txt]- [targetUID: 00000000-00003144]\n Dropped file: "CKUE1YAL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CKUE1YAL.txt]- [targetUID: 00000000-00003144]\n Dropped file: "ZY1RZW68.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZY1RZW68.txt]- [targetUID: 00000000-00003144]\n Dropped file: "DNZGTUBL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DNZGTUBL.txt]- [targetUID: 00000000-00003144]\n Dropped file: "X5KQRM7V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X5KQRM7V.txt]- [targetUID: 00000000-00003144]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC6F0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC702.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ico-select_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "FNIZQ81G.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FNIZQ81G.txt]- [targetUID: 00000000-00003144]\n "YQ267VSL.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ267VSL.txt]- [targetUID: 00000000-00003144]\n "OP4TNIKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OP4TNIKT.txt]- [targetUID: 00000000-00003144]\n "hCqgMXugxYV_7yMwWzW3hH2RpGpkXJCcfgSKJizSQFw_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jPvWsOdC5_1_.woff" has type "Web Open Font Format TrueType length 19208 version 1.1"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003144]\n "quickannouncementbar_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "sdk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20012 version 1.1"- [targetUID: N/A]\n "redirect-app_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "shop_events_listener-65cd0ba3fcd81a1df33f2510ec5bcf8c0e0958653b50e3965ec972dd638ee13f_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "7cH3v4okm5zmbtYtMeA0FKq0Jjg2drF0feC9hpk_1_.woff" has type "Web Open Font Format TrueType length 19932 version 1.1"- [targetUID: N/A]\n "0SljmOUUHURP_y3FUALXiFiF5YoIw6lFyjq_newAlf4_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "TarC703.tmp" has type "data"- Location: [%TEMP%\\TarC703.tmp]- [targetUID: 00000000-00003144]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "7XYK1WC8.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7XYK1WC8.txt]- [targetUID: 00000000-00003144]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Mem35.229.48.116
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner2020Nonerathook.cc185.199.111.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneIntel Gateway (Net ID: 00:02:B3:A5:C9:64)33.336199,-111.89446440830702
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneKeybase (Category: social) https://keybase.io/loginlogin
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.83): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:38Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00yongshiwangzi.github.io
2023-05-12 02:46:03Raw Data from RIRsNoAbstractAPI0030None{u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Halliburton Company', u'organization_name': u'Halliburton Company', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:02'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'34.148.97.127', u'continent': u'North America', u'region_iso_code': u'SC'}34.148.97.127
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom (Net ID: 00:0C:F6:37:01:3C)50.8897, 6.0563
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None0001vrn.github.io185.199.111.153
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneMCUUID (Minecraft) (Category: gaming) https://mcuuid.net/?q=battleb0tbattleb0t
2023-05-12 03:08:49Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11435.229.48.116
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00p513-dev.github.io185.199.111.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050None3Com (Net ID: 00:04:75:62:7A:78)33.336199,-111.89446440830702
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Noneherron-libson (Net ID: 00:01:24:F1:75:B2)37.780462,-122.390564
2023-05-12 03:00:22Raw Data from RIRsNoCertificate Transparency1020None[{u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.373', u'id': 8595002735}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.278', u'id': 8512878872}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.851', u'id': 8238674246}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.092', u'id': 8232262063}]kekw.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCH2SC6TY (Net ID: 00:16:46:71:5C:B0)32.8608, -79.9746
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneTwitter (Category: social) https://twitter.com/ayshooayshoo
2023-05-12 03:12:41Vulnerability - CVE HighYesTool - testssl.sh0220NoneCVE-2016-2183 https://nvd.nist.gov/vuln/detail/CVE-2016-2183 Score: 7.5 Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.188.114.97.1
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneDTT (Net ID: 00:02:2D:2C:9F:8D)34.0544, -118.244
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:14387.248.157.102
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0050NoneNics Telekomunikasyon Ltd. Domain Name: KEYUBU.NET Registry Domain ID: 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registry Expiry Date: 2024-07-31T21:39:25Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: ok https://icann.org/epp#ok Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.NET Registry Domain ID : 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registrar Registration Expiration Date: 2024-07-31T21:39:25Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: ok http://www.icann.org/epp#OK Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 02:54:13HTTP HeadersNoWeb Spider8030None{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}https://battleb0t.xyz/main.built.js
2023-05-12 03:10:03Affiliate - Internet NameNoDNS Resolver10040Nonebaffin.netcraft.com207.154.228.159
2023-05-12 02:44:22Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.108.153
2023-05-12 03:32:06Open TCP PortNoPulsedive0030None188.114.97.4:8443188.114.97.0/24
2023-05-12 02:54:20Web Content TypeNoWeb Spider0040Nonetext/csshttp://nuke.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 03:01:32Raw Data from RIRsNoTool - WhatWeb1030None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://vscode.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'Title': {u'string': [u'vscode.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'104.21.71.14']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}]vscode.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonefotka (Category: social) https://fotka.com/profil/loginlogin
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.12235.229.48.116
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneAMX (Net ID: 00:02:E3:40:F7:BD)33.6170672,-111.90564645297056
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.151): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:30Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 02:54:20Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8funny.battleb0t.xyz
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None172.67.168.252fluid.battleb0t.xyz
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None0066cc.github.io185.199.111.153
2023-05-12 02:54:17HTTP HeadersNoCensys0040None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5e062258aa2252-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}2606:4700:3037::6815:470e
2023-05-12 02:50:23Blacklisted IP AddressYesHoneypot Checker0130NoneHoneypotproject (104.21.71.14): Search Engine Last Activity: 0 days ago Threat Level: 29104.21.71.14
2023-05-12 03:00:58Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.97): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneJWNK (Net ID: 00:14:5C:88:0D:74)50.8897, 6.0563
2023-05-12 03:23:33Open TCP PortNoPulsedive0030None188.114.96.12:443188.114.96.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneZiggo61714 (Net ID: 00:0C:F6:59:F1:12)50.8897, 6.0563
2023-05-12 02:54:18Linked URL - ExternalNoWeb Spider3030Nonehttp://code.jquery.com/jquery-3.2.1.jshttps://pics.battleb0t.xyz/
2023-05-12 02:46:55SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:22:44 2022 GMT Not After : Feb 15 13:22:43 2023 GMT Subject: CN=www.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8: 01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55: 3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01: 75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed: a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5: 3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08: ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e: 21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5: d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd: 4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7: c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b: 82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21: 90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d: 9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19: f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17: 7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81: ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad: f0:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 36:fd:c3:ee:77:8a:70:b0:4d:2d:e7:2a:5c:5f:4d:da:b4:a1: e2:01:81:ed:f5:51:9e:99:02:16:e3:a3:0b:1f:75:93:c8:5e: b9:d7:f5:17:db:c5:b5:da:58:15:fd:4b:36:d5:4d:d6:5d:2b: 4f:49:fe:17:38:11:d4:b2:eb:07:49:19:e3:43:16:4c:57:7c: 97:e9:db:e2:60:b9:08:77:50:48:9b:b0:17:ef:9d:09:42:2e: 2c:30:28:d5:83:ed:da:76:33:41:0d:5b:41:19:c5:b8:7f:74: cf:bd:8b:ac:7e:2d:b1:2d:d2:aa:05:f2:50:61:9c:8f:16:2d: 59:13:65:6c:9c:0b:8f:2b:a9:e1:4d:ad:99:3c:ae:24:73:55: 9d:81:3b:f1:9e:69:4c:61:66:fb:26:19:5a:2f:78:df:76:be: 4f:90:40:ce:71:fc:d7:53:04:9e:03:82:87:39:e3:ba:6f:94: e1:23:1d:69:45:b3:a4:42:55:02:7e:d3:af:be:34:75:9f:16: a6:29:8b:66:c6:ca:4a:93:de:4b:14:90:c7:14:68:7f:9c:0a: 30:11:89:14:58:e3:55:39:f0:a4:c6:80:42:fc:39:c9:c9:40: ba:10:84:83:2d:87:52:29:63:ea:37:f2:50:8b:de:a9:ff:9e: bc:f4:cc:e6 battleb0t.xyz
2023-05-12 03:34:02Raw File Meta DataNoBinary String Extractor0040NoneIDATx A`qRWQ @Qh9' WYW`Q 6:E<0s qt2!X O"Np /Z9l6 23W4R p$ke'V sZSjUQ S\-up iTb.T IDAT? ZYjy9 k-<Z6 DRZ1s NLgiN 7jI\k q8cH$ cG$C: 70/1c Zmfdc2 FC1Qh IDATU aEPq<aF yPbDap @j518b .!5Cw epCrZ nYy\o F'Tjms s2OUvm wfD/fG o-\kY gGtIx9 t?T x `q\41 r`qOp /. rqS hTKCz bkV_n aU9zH svPOI LwXr3 L?3t1 V'DYE 78AHzS h7YIvh- Xg:5B jAQY3 <Eh_- ZJvh1 Q`6Vh xk1ao 6xyMC YGH2f? PbtsQ vu11h Ip@ \ x0Er- ZIuZM<F HDBs! D$r"r"r 5e8YW hd@87 3\-:9 L!sA6z l ?K8' Z\1hp ?JWEG5 N@1$!EHq 4 1Qb IDATae KJ:. -:. XWU:\Us 0:HB8 0>>7c MU0t5 RtVTMT ktCtE T1SffT DoV:LLN Ey8UQ xsqO7 DtOJoJ k Q:1 RS-.7 Ty NW le1NU Qt@tBr 3 "B"q B8!u` BGt4: PiZEOK 1VuEE V2xqwbH IDAT/v ?KwP0TA jO/Tyhttps://funny.battleb0t.xyz/images/carti_2.PNG
2023-05-12 03:24:22Linked URL - InternalNoWeb Spider4030Nonehttps://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChAhttps://ayhu.xyz/
2023-05-12 02:53:41Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3DpyHG_2XvlAmvoAz3TtepUWzZ-2Fg6Vtpb0zElD-2BU8dA0uWhdmvWpUzFQRCBLPcsU5at7iOPzNbZzyRCb5bSh-2BoMMyAUQdyJp9IV2xfegy0-2FMwvEi-2BwozwcLtcNHqHaMRs8zAm7v5oZ8wTMu7PUckSXiY1wEtthrMiHMmlt1SKTk4hf2iioRh3-2B86BVSrTZJJ2g6sue3eW6I57lqbc2bcdpC-2Bp22gAow8TiD5sSYFOCPPeJl4SEjho6CtTHi1SkbZeCNjuDVaCHb7ZN7pl7M8J4fMd6cYgTzAMer0zWo7ptC-2FaDcdGyQ5alZBCdDDYj-2BhHCJI3n5O7QbBOTHbEW4BPzmKn4frv1-2FDXuZomKHcSKPoCB6HeEWrY9Qr5sgHr-2BneuGSXpzCfRF8yt-2FeaaoqJDE-2B2ngu0d2quGV2vB4dMuXQiRsmUpk-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b60_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b60_IESQMMUTEX_0_331"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2912"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b60_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b60_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b60_IE_EarlyTabStart_0xa2c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b60_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.120:80"\n "52.25.204.60:443"\n "13.227.74.22:443"\n "142.250.191.74:443"\n "18.205.222.128:443"\n "185.199.109.153:443"\n "13.227.21.217:443"\n "142.250.191.42:443"\n "13.227.74.93:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.250.189.163:443"\n "13.227.74.48:443"\n "91.199.212.52:80"\n "204.141.43.48:443"\n "136.143.191.144:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "connect.facebook.net"\n "crt.usertrust.com"\n "css.zohocdn.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "js.zohocdn.com"\n "maciejsawicki.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "script.hotjar.com"\n "static.hotjar.com"\n "uploads-ssl.webflow.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"\n "www.bugherd.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"src="https://www.facebook.com/tr?id=2116198561850213&ev=PageView" (Indicator: "facebook.com"), "</style><meta name="twitter:card" content="summary" />" (Indicator: "twitter"), "<meta name="twitter:site" content="@Preventorft" />" (Indicator: "twitter"), "{state:0\ntransportUrl:b\ncontext:c\nparent:Wk()}\nP(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1\ncontext:c\nparent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/)\nYr={cl:["ecl"]\ncustomPixels:["nonGooglePixels"]\necl:["cl"]\nehl:["hl"]\nhl:["ehl"]\nhtml:["customScripts"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\ncustomScripts:["html"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\nnonGooglePixels:[]\nnonGoogleScripts:["nonGooglePixels"]\nnonGoogleIframes:["nonGooglePixels"]}\nZr={cl:["ecl"]\ncustomPixels:["customScripts"\n"html"]\n" (Indicator: "youtube"), "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0\nf=0;return{createEvent:function(g,h,m){var n=a()\np=n.Lg\nq=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi)\nr=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100)\nt=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube"), "b\n"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0)\nnv("sdl","pending",!0)\nI(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"])\nyy=["www.youtube.com"\n"www.youtube-nocookie.com"]\nzy\nAy=!1;" (Indicator: "youtube"), "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d\nEg:e\nFg:f\nlh:g\nmh:h\nWd:m\nib:b}\np=z.YT\nq=function(){Gy(n)};if(p)return p.ready&&p.ready(q)\nb;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script")\nu=t.length\nv=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe")\ny=x.length\nA=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")\n" (Indicator: "youtube"), "Ay=!0\nb});return b}Ky.N="internal.enableAutoEventOnYouTubeActivity";var Ly;function My(a){var b=!1;return b}My.N="internal.evaluateMatchingRules";" (Indicator: "youtube"), "GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter"), "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2FA0.tmp" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d0e96629fb1faee847_mob_app%20store_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d096183ee5c61f2081_mob_google%20play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff60f8b3be007f3ef5780f3_Cover%20AML%20risk%20screening_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff5c5146d1b1ad22260e36b_seamless-integration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ac6d2755267bbee952_nav-anti-money-laundering_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c51ee3b2917a9fc9d3_nav-financial-services_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73185.199.109.153
2023-05-12 02:44:32Affiliate - Internet NameNoDNS Resolver2020Nonecdn-185-199-108-153.github.com185.199.108.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040None7622 0155 (Net ID: 00:00:C5:F9:20:A8)32.8608, -79.9746
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneDuolingo (Category: hobby) https://www.duolingo.com/profile/AltpapierAltpapier
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050None^D^M^L^W^]^C^A^U^M^Y^E^L^_^R^G (Net ID: 00:05:5D:D9:90:56)33.617190550339146,-111.90827887019054
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.12535.229.48.116
2023-05-12 02:48:29Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://habby-bit.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://habby-bit.github.io/NetflixClone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_cc8_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_cc8_IESQMMUTEX_0_331"\n "IsoScope_cc8_ConnHashTable<3272>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_cc8_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3272"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3272"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "185.199.110.153:443"\n "104.18.23.52:443"\n "172.64.101.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"habby-bit.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"habby-bit.github.io"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<p class="text-dark">Watch right on Netflix.com</p>" (Indicator: "netflix.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF4963DA67E64EB8AA.TMP" has type "data"- Location: [%TEMP%\\~DF4963DA67E64EB8AA.TMP]- [targetUID: 00000000-00003272]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003272]\n "~DFF31E5E821B61D096.TMP" has type "data"- Location: [%TEMP%\\~DFF31E5E821B61D096.TMP]- [targetUID: 00000000-00003272]\n "~DF42C5F4D22EAE6326.TMP" has type "data"- Location: [%TEMP%\\~DF42C5F4D22EAE6326.TMP]- [targetUID: 00000000-00003272]\n "~DF20A640065AD00792.TMP" has type "data"- Location: [%TEMP%\\~DF20A640065AD00792.TMP]- [targetUID: 00000000-00003272]\n "~DF17599AD0A6701A34.TMP" has type "data"- Location: [%TEMP%\\~DF17599AD0A6701A34.TMP]- [targetUID: 00000000-00003272]\n "NetflixClone_2_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /NetflixClone/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://habby-bit.github.io/NetflixClone/"\n Pattern match: "http://habby-bit.github.io"\n Pattern match: "SUIDMmicrosoft.com/921636467187231027693355855405031027575*MUID0C1B981BC3486B7C30C18AEDC2046A44microsoft.com/102549716108831106047355902280031027575*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA694"\n Pattern match: "MUIDB0C1B981BC3486B7C30C18AEDC2046A44ieonline.microsoft.com/921649716108831106047355933530031027575*"\n Pattern match: "https://kit.fontawesome.com/098a7050d2.js"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "SUIDMmicrosoft.com/921636467187231027693355855405031027575*MUID0C1B981BC3486B7C30C18AEDC2046A44microsoft.com/102549716108831106047355902280031027575*_EDGE_V1microsoft.com/921649716108831106047355949155031027575*SRCHDAF=NOFORMmicrosoft.com/10243323789440310"\n Pattern match: "MUID19FA43693F9268132655519F3E166994msn.com/102550716108831106047397246030031027575*"\n Pattern match: "SUIDMmicrosoft.com/921636467187231027693355855405031027575*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=2022013"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025140058060831063802397136655031027575*"\n Pattern match: "www.msn.com/"\n Heuristic match: "habby-bit.github.io"\n Heuristic match: "ka-f.fontawesome.com"\n Heuristic match: "kit.fontawesome.com"\n Pattern match: "https://habby-bit.github.io/NetflixClone/Accept-Language"\n Heuristic match: "GET /NetflixClone/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: habby-bit.github.io"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Heuristic match: "abby-bit.github.io"\n Pattern match: "habby-bit.github.io/NetflixClone/"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc185.199.110.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonezoom (Net ID: 00:01:38:85:BD:08)37.7642, -122.3993
2023-05-12 02:44:07Software UsedYesTool - Wappalyzer0010NoneGitHub Pagesbattleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneChess.com (Category: gaming) https://www.chess.com/member/loginlogin
2023-05-12 03:24:48CountryNoCountry Name Extractor0050NoneUnited StatesAshburn, Virginia, 20149, United States, North America
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonelinksys (Net ID: 00:14:BF:93:D4:35)40.2024, 29.0398
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:52:05 2023 GMT Not After : Jun 11 12:52:04 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28: 87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68: c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0: d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d: 57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc: c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42: 4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af: b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24: 39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d: be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93: a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b: ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50: 55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16: 09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d: d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71: 65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67: 46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af: 98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42: ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3: f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e: 45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05: 52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12: 73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63: ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc: 21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d: 64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14: be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c: e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd: 2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1: da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2: 87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39: e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae: 96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b: 5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35: 1b:42:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 13 13:52:05.336 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:57:F9:C2:75:97:36:8B:12:D4:C1:E7:CA: 50:E7:70:49:3E:19:7B:CF:6E:2E:B2:32:0A:7B:AB:5D: 31:9F:A6:29:02:21:00:A5:FD:E1:03:A8:C4:49:20:AF: 46:1D:1E:50:E3:8E:07:43:7A:DC:16:22:84:DD:F5:8B: 28:06:E9:91:CB:AE:41 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 13 13:52:05.327 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:EA:4C:FF:35:E1:97:F0:36:1E:40:22: 0D:44:8D:BA:C6:F1:8F:73:35:1F:B7:67:97:EA:2B:1B: FC:27:7F:33:02:21:00:81:59:F8:29:60:75:D8:8F:00: 60:06:8E:9A:65:C6:5E:93:57:7E:5C:BF:B5:78:29:4F: 6F:C1:3B:97:29:1D:C7 Signature Algorithm: sha256WithRSAEncryption 24:d6:1b:d8:e4:8b:66:d1:df:e9:e2:97:93:78:a9:26:b8:6c: f8:3c:98:90:50:e1:55:d7:91:ae:77:21:2c:40:df:85:16:56: 67:98:1c:b9:14:ca:43:24:bf:39:32:06:c7:fe:42:03:fa:45: 3b:3f:39:c5:26:88:13:e9:3d:1d:bc:bd:a1:0a:08:74:1a:3b: e6:07:80:5b:f5:9a:21:ed:4a:45:40:ac:8a:6d:c1:de:40:12: 47:d5:33:88:6e:06:c5:32:a1:76:01:b1:50:fb:53:29:92:fa: e1:03:af:88:12:00:9a:38:a5:9d:32:3e:46:8b:7c:f6:27:29: ec:fa:85:68:fa:91:a6:95:c5:d7:a0:da:33:eb:03:cf:9c:a6: c0:5c:0d:e8:d8:f8:03:5d:fb:9f:61:df:e1:a0:63:74:01:18: 4c:0d:17:f3:db:74:32:3c:fc:3b:44:24:e7:10:2b:f7:69:d2: 89:35:6f:e7:d7:11:5a:13:0a:a9:83:9e:0f:c2:f2:ea:d8:50: 30:65:9c:16:49:f6:30:d8:a2:e3:83:ff:5d:ff:00:a2:ff:57: de:68:f4:70:90:a3:db:c8:9c:55:ce:ea:f6:4c:08:6a:01:70: 91:f9:f8:91:9d:f2:99:1f:be:06:10:87:53:07:83:04:df:62: 62:3f:1f:52 battleb0t.xyz
2023-05-12 02:53:17IP AddressNoMnemonic PassiveDNS0010None172.67.135.9ayhu.xyz
2023-05-12 02:44:14SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1pics.battleb0t.xyz
2023-05-12 02:44:16IPv6 AddressNoDNS Resolver0030None2606:4700:3037::6815:470eoldfluid.battleb0t.xyz
2023-05-12 03:03:19Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Dec 14 04:12:32 2022 GMT Not After : Mar 14 04:12:31 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a: e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd: d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d: ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11: f7:82:81:c2:c2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 14 05:12:32.135 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:3B:59:29:35:BE:AB:71:65:F9:96:06:4F: 5B:59:CE:57:24:54:B9:12:04:B5:DF:8A:07:E6:76:0F: 20:03:70:03:02:21:00:B7:78:F0:A2:3F:27:E7:3B:21: C5:33:D6:55:11:C6:40:C1:C5:5B:26:28:AF:CA:56:1E: 26:52:58:CD:58:16:E5 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 05:12:32.070 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:15:09:02:D4:FF:29:7B:0F:E9:E1:19:A4: 68:CC:B6:9A:5B:B7:91:A8:77:5F:34:7E:C8:58:7A:5D: F7:C7:09:DA:02:20:1E:EF:33:8E:F5:7A:6D:A5:37:EA: 0D:F2:52:F7:31:2F:0F:C3:A2:0E:FC:59:37:68:C1:0E: F3:7B:09:D9:73:6E Signature Algorithm: ecdsa-with-SHA384 30:65:02:31:00:c4:f1:3e:03:59:6c:36:cb:84:da:12:51:f5: 76:a2:e4:bc:23:64:76:f4:b2:f0:4c:8f:9b:8b:90:fb:12:ce: 7b:42:97:0a:3a:61:32:82:0b:b0:21:2a:25:06:6a:5f:a9:02: 30:75:43:e3:50:ce:c6:89:24:bf:1b:e6:c4:50:fc:7d:e6:4e: 0c:28:05:6d:f7:e2:b6:59:55:90:02:80:b6:cc:fc:7e:93:a5: f6:0f:4b:2a:01:37:a1:29:5b:b6:a5:1d:89
2023-05-12 03:09:28Open TCP PortNoSSL Certificate Analyzer0020None87.248.157.102:44387.248.157.102
2023-05-12 03:09:46Affiliate - Internet NameNoDNS Resolver0040None67.170.74.34.bc.googleusercontent.com34.74.170.67
2023-05-12 03:00:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.15): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.124): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:54Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.83): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneSK_WiFi20D4 (Net ID: 00:01:36:9F:20:D5)34.0544, -118.244
2023-05-12 03:00:58Malicious AffiliateYesVXVault.net0130NoneVXVault Malicious URL List [cdn-185-199-111-153.github.com] http://vxvault.net/URL_List.phpcdn-185-199-111-153.github.com
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None101 (Net ID: 00:01:03:7C:1B:D2)37.7813933,-122.3918002
2023-05-12 02:44:07Co-Hosted SiteNoCertSpotter1010Nonesni.cloudflaressl.combattleb0t.xyz
2023-05-12 03:13:02Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-ye.github.io] https://www.openphish.com/feed.txt0-ye.github.io
2023-05-12 02:44:03UsernameNoSpiderFoot UI15000NoneBattleb0t"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 02:54:07Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-11T22:54:40.561Z", "ip": "2606:4700:3031::ac43:8709", "location_updated_at": "2023-05-06T00:44:41.372312Z", "autonomous_system_updated_at": "2023-05-07T11:38:36.576170Z", "location": {"province": "Illinois", "city": "Rosemont", "country": "United States", "coordinates": {"latitude": 41.99531, "longitude": -87.88451}, "postal_code": "60018", "country_code": "US", "timezone": "America/Chicago", "continent": "North America"}, "dns": {"records": {"faculdade.kennedy.br": {"record_type": "AAAA", "resolved_at": "2023-05-05T12:38:49.993145868Z"}, "resultscaraccidentlawyers.info": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:51:50.273083754Z"}, "mail.atlas-media.net": {"record_type": "AAAA", "resolved_at": "2023-05-11T18:53:21.824413141Z"}, "dasecotibi.ml": {"record_type": "AAAA", "resolved_at": "2023-04-20T22:04:20.422633323Z"}, "unbeatableteams.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:19:06.771575554Z"}, "ronnebytorget.se": {"record_type": "AAAA", "resolved_at": "2023-04-13T20:13:15.262547330Z"}, "www.cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-21T12:55:12.348140033Z"}, "nakedvampire.com": {"record_type": "AAAA", "resolved_at": "2023-04-06T15:40:27.395207080Z"}, "homesayofficial.com": {"record_type": "AAAA", "resolved_at": "2023-05-08T14:59:56.576817191Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "www.detroitabortioncenter.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:18:13.771625214Z"}, "olypay.com": {"record_type": "AAAA", "resolved_at": "2023-04-13T00:46:10.231275663Z"}, "4wdinfo.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "www.plus-fm.es": {"record_type": "CNAME", "resolved_at": "2023-05-09T17:04:29.567246924Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "mynutrition365.com": {"record_type": "AAAA", "resolved_at": "2023-01-28T13:41:29.917096426Z"}, "antiquetablesalem.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T13:43:55.541214446Z"}, "theucontgi.tk": {"record_type": "AAAA", "resolved_at": "2023-04-23T21:28:34.547869491Z"}, "rockspitmarsliga.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:55.555920792Z"}, "valleyorchards.ca": {"record_type": "AAAA", "resolved_at": "2023-05-09T12:53:46.516773828Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "as2.wwbn.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:29:12.196675622Z"}, "atlantic-hearing.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T13:58:40.953790783Z"}, "mispditbobe.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:29:10.107963353Z"}, "www.progettatimobili.net.br": {"record_type": "AAAA", "resolved_at": "2023-03-26T12:54:52.310136130Z"}, "www.magulike.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T20:37:49.019589614Z"}, "www.meeturplanet.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T15:22:12.227518637Z"}, "alexandrubadiu.ro": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:03:40.049773053Z"}, "patconsidine.com": {"record_type": "AAAA", "resolved_at": "2023-05-01T15:09:59.045459058Z"}, "liftux.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:56:52.096682674Z"}, "www.anizm.tv": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:49:32.910799070Z"}, "hessenjazz.de": {"record_type": "AAAA", "resolved_at": "2023-04-04T17:07:11.850443808Z"}, "meedsi.prinsapps.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T18:53:45.364969538Z"}, "wildanmaulana.cf": {"record_type": "AAAA", "resolved_at": "2023-05-04T13:01:54.678346749Z"}, "itallolik.gq": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:19:14.126442672Z"}, "www.magulike.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:30.641844587Z"}, "ppm.amikom.id": {"record_type": "AAAA", "resolved_at": "2022-11-29T14:52:50.795015812Z"}, "naturisme-robertanne.fr": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:46:36.240542292Z"}, "centreonicinga.wwbn.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T16:18:28.593025009Z"}, "erkilgalegohlo.cf": {"record_type": "AAAA", "resolved_at": "2022-12-22T12:29:44.995025840Z"}, "www.seribusenyum.org": {"record_type": "AAAA", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "camlovers.org": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:36:27.672632585Z"}, "www.proappsys.com": {"record_type": "CNAME", "resolved_at": "2023-05-04T15:48:48.652972292Z"}, "beatroulettestrategy.net": {"record_type": "AAAA", "resolved_at": "2023-05-09T18:46:48.783088104Z"}, "www.palaciorentacar.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T20:48:31.555576583Z"}, "gymnasie-portal.dk": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:28:07.281800383Z"}, "celtabetgirisdestek.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:41:36.658675345Z"}, "kmit17.com": {"record_type": "AAAA", "resolved_at": "2023-01-29T13:41:58.275178074Z"}, "congeohryverre.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:50:17.495400280Z"}, "oradfoy.tk": {"record_type": "AAAA", "resolved_at": "2023-04-18T21:32:57.447114952Z"}, "www.fopprey.com": {"record_type": "AAAA", "resolved_at": "2022-11-11T13:13:15.748303827Z"}, "bouncev2.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-05-08T12:27:03.617492048Z"}, "crabcamkanawi.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:51.293879545Z"}, "xn--kkkenvgte-l3a6q.dk": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:07:19.955735049Z"}, "riostitelos.ga": {"record_type": "AAAA", "resolved_at": "2023-04-25T17:42:06.424778601Z"}, "catchhartmactaros.tk": {"record_type": "AAAA", "resolved_at": "2023-04-24T22:19:56.707459197Z"}, "topcard.com.pl": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:48:11.468590186Z"}, "www.comeunity.club": {"record_type": "AAAA", "resolved_at": "2023-04-20T16:30:09.585410651Z"}, "longchampcolombia.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T15:13:12.725728600Z"}, "rezidenceaurum.cz": {"record_type": "AAAA", "resolved_at": "2023-03-11T15:26:42.690547113Z"}, "webdisk.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-05-01T12:42:56.064120059Z"}, "cpcalendars.menuin.pe": {"record_type": "AAAA", "resolved_at": "2023-03-16T07:00:36.539543312Z"}, "cdg-sex-game.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:10:46.256225534Z"}, "ftp.jogjacontemporary.net": {"record_type": "AAAA", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "shop.geminibio.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:29:06.617280204Z"}, "kola-jen.com": {"record_type": "AAAA", "resolved_at": "2022-12-01T13:36:32.553804192Z"}, "askasdkas.jkhs.ml": {"record_type": "AAAA", "resolved_at": "2023-04-24T18:46:30.034839654Z"}, "kozan.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:33:17.879735441Z"}, "observatoriodevino.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T13:56:38.631534190Z"}, "cpanel.vertexhc.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T16:02:17.928893946Z"}, "ok-medicalbilling-ok.live": {"record_type": "AAAA", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "pwrcdn.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T05:41:18.589594638Z"}, "cpcalendars.diegobruno.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-06T12:35:36.066684702Z"}, "login.sanopoly.com": {"record_type": "AAAA", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "bouncefitness.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:15:56.351172926Z"}, "houseofbeauty.org.uk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:44:36.458226231Z"}, "ymfasti.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:41:20.884654729Z"}, "typearound.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "romacerah.org": {"record_type": "AAAA", "resolved_at": "2023-05-01T02:19:33.400343679Z"}, "www.seminare-steinbergerhof.com": {"record_type": "AAAA", "resolved_at": "2022-11-05T14:24:46.885115354Z"}, "charme-des-montagnes.com": {"record_type": "AAAA", "resolved_at": "2022-12-02T09:33:27.167277863Z"}, "mail.hlb.co.za": {"record_type": "AAAA", "resolved_at": "2023-04-26T22:59:18.792128403Z"}, "growthwithsystem.be": {"record_type": "AAAA", "resolved_at": "2022-10-31T12:14:11.983652539Z"}, "profmarpdust.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:40:52.408802267Z"}, "adrdangerousgoods.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T13:16:27.339530183Z"}, "xelxican.cf": {"record_type": "AAAA", "resolved_at": "2022-10-22T12:32:56.395415126Z"}, "oliveandspicecroatia.com": {"record_type": "AAAA", "resolved_at": "2023-04-29T15:31:59.293869948Z"}, "voyrabapbo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:30:30.625066762Z"}, "kerzcoobamabasvio.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "centraldeviviendas.es": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:34:28.683222668Z"}, "www.invertsport.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-10-25T15:57:28.766154138Z"}, "myneonglow.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T15:10:52.426252771Z"}, "fowenthotatecsu.tk": {"record_type": "AAAA", "resolved_at": "2023-04-24T22:20:29.238762448Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "dhff3aa.fit": {"record_type": "AAAA", "resolved_at": "2022-10-21T14:23:24.018557130Z"}, "www.sexytie.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:32:31.959854869Z"}, "comprafcesssuptitog.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:33:53.554671898Z"}, "www.brianelstonlaw.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:13:06.005656367Z"}, "datenschlauch.de": {"record_type": "AAAA", "resolved_at": "2023-05-02T23:34:28.039399648Z"}}, "names": 2606:4700:3031::ac43:8709
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneGettr (Category: social) https://gettr.com/user/AltpapierAltpapier
2023-05-12 02:54:54Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America2a06:98c1:3121::1
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NonePastebin (Category: tech) https://pastebin.com/u/Battleb0tBattleb0t
2023-05-12 02:54:08SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 19:07:11 2023 GMT Not After : Apr 2 19:07:10 2023 GMT Subject: CN=files.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64: a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73: 63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50: e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72: aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77: e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11: 32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7: 52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7: 67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df: 54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae: 0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50: ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52: 06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8: 47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d: cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a: c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59: da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43: 38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40: b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4: 82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71: 31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33: 62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9: 68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0: ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21: 2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f: e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f: 58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3: bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f: 4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33: 84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f: 42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce: 0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c: ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df: 19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4: 12:1c:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:files.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 2 20:07:12.002 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:A6:85:F1:8A:49:83:21:33:60:55:2D: 99:FB:CF:EE:44:65:69:64:79:C2:61:04:D1:E4:30:AC: C7:73:4A:13:C5:02:21:00:AC:83:C1:FC:AB:D2:CB:09: E8:3B:57:0B:C4:10:3C:51:28:96:2A:AD:6A:76:88:D3: 6A:BA:99:2E:34:BF:39:86 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77: 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13 Timestamp : Jan 2 20:07:12.157 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:06:67:C4:B5:35:BC:02:1A:34:AD:6C:A4: C6:E0:88:8E:0A:15:4F:7B:AF:4C:84:1D:15:95:9C:34: C6:69:14:75:02:21:00:D6:5B:0E:91:76:65:0A:B8:EF: EA:C9:50:39:9F:B1:18:05:1A:64:EC:3B:EF:73:22:11: ED:D2:3B:B2:A5:63:2B Signature Algorithm: sha256WithRSAEncryption 94:68:ec:5c:d2:7e:2d:82:58:3e:f0:cb:47:6a:10:74:ed:14: 31:55:d2:fc:07:ea:e6:b9:2b:a6:5d:fb:b0:be:2a:39:98:6e: 1b:fd:2d:97:20:dd:74:9f:d7:b0:2d:0e:14:3a:21:fd:55:19: 4d:bc:eb:97:a9:5a:64:1e:5e:ab:09:fd:8c:47:43:b4:97:96: 97:49:ac:a8:a8:ae:80:dc:40:88:24:da:62:81:70:26:c1:be: e3:8b:70:a0:e6:b0:9f:c5:a7:45:00:28:1e:05:50:30:08:27: e0:d5:e0:62:45:15:16:96:8c:13:de:49:ea:61:78:cb:7e:a1: d5:93:da:97:f7:07:f3:be:42:4f:13:74:e1:ff:46:94:80:da: f1:1d:04:f6:72:d0:2d:92:05:be:d4:04:69:d5:82:84:f9:5a: ef:98:c5:5d:b0:27:36:45:cf:eb:71:54:9a:0d:6f:3c:49:23: b6:9b:be:8a:ca:3c:4b:e8:78:6a:03:13:65:55:9c:8c:1b:f0: fe:30:16:e0:6f:32:f7:3f:aa:f2:94:1e:87:e0:1f:d5:4c:32: ca:75:84:5e:e4:d3:9f:f9:2a:a5:85:29:a3:9b:57:5a:6b:b7: d0:02:0c:a9:a2:a4:01:0e:75:01:9b:03:39:3e:0b:d4:cf:11: 0e:ca:93:36 battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom707CF8 (Net ID: 00:0C:F6:70:7C:F8)50.8897, 6.0563
2023-05-12 03:09:59Affiliate - Domain NameNoDNS Resolver2050Noneclientify.netinbox.clientify.net
2023-05-12 03:15:46UsernameNoAccount Finder8010NonepatrickpogodaPatrick Pogoda
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneChess.com (Category: gaming) https://www.chess.com/member/Battleb0tBattleb0t
2023-05-12 02:53:07Web TechnologyNoTool - WAFW00F0020NoneNone Nonefunny.battleb0t.xyz
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-512-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneTDFFE (Net ID: 00:02:2D:42:1D:82)34.0544, -118.244
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<hidden ssid> (Net ID: 00:01:E3:55:BC:8C)52.3759, 4.8975
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.245): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:34BGP AS MembershipNoCensys0030None13335104.21.71.14
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneEPSON (Net ID: 00:00:48:03:3B:CF)41.8781, -87.6298
2023-05-12 03:09:49Affiliate - Internet NameNoDNS Resolver0040None81.170.74.34.bc.googleusercontent.com34.74.170.81
2023-05-12 03:27:33Open TCP PortNoPulsedive0030None188.114.96.128:443188.114.96.0/24
2023-05-12 02:44:31Internet Name - UnresolvedNoDNS Resolver0020Nonefiles.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:32Raw Data from RIRsNoTool - WhatWeb1030None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://panel.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://panel.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.71.14']}}}, {}]panel.battleb0t.xyz
2023-05-12 02:45:16Raw Data from RIRsNoipapi.co0040None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3030::ac43:a8fc', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3030::/46', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}2606:4700:3030::ac43:a8fc
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneOnward (Net ID: 00:06:25:D6:7A:6F)39.0469, -77.4903
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:10:22Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0040NoneVOIPBL Publicly Accessible PBX List [46.101.128.0/17] http://www.voipbl.org/update46.101.128.0/17
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0150NoneNetlify{"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WPKRCCC7SJ49ZB68B31", "content-type": "text/css; charset=UTF-8", "age": "0"}
2023-05-12 03:03:31Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007.github.io
2023-05-12 03:24:21Linked URL - InternalNoWeb Spider4030Nonehttps://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChAhttps://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU
2023-05-12 02:55:22Linked URL - InternalNoGoogle5010Nonehttps://ayhu.xyz/lol.htmlayhu.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:02:CF:C6:25:17)40.2024, 29.0398
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F4:A6:EC)41.8781, -87.6298
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneYouTube Channel (Category: video) https://www.youtube.com/c/Altpapier/aboutAltpapier
2023-05-12 02:53:42Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 1626:5CFD:236BDF0:36406A6:645D3ABC Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100102-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683831485.544725,VS0,VE28 Vary: Accept-Encoding X-Fastly-Request-ID: b61afadfbad522ceb47c8a79f54a7ce4c88966b0 185.199.109.153
2023-05-12 02:47:25Open TCP PortNoPulsedive0020None185.199.108.153:80185.199.108.153
2023-05-12 02:54:23Open TCP PortNoCensys0040None2600:1f18:2489:8201::c8:4432600:1f18:2489:8201::c8
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-cache-hits: 1{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:01:28Raw Data from RIRsNoTool - WhatWeb1020None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}]nwapi.battleb0t.xyz
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.176): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0030Nonehttps://funny.battleb0t.xyz/images/master058_3.PNGhttps://funny.battleb0t.xyz/
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonepolygon (Category: gaming) https://www.polygon.com/users/loginlogin
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonejk9@home (Net ID: 00:0C:F6:71:B1:B4)50.8897, 6.0563
2023-05-12 02:44:30Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonerisk.ru (Category: hobby) https://risk.ru/people/loginlogin
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D7:2D)32.8608, -79.9746
2023-05-12 02:44:14IPv6 AddressNoDNS Resolver16010None2606:4700:3031::6815:6a6ayhu.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneAndrea Schwartz Gallery 5G (Net ID: 00:01:9F:3D:4F:6C)37.780462,-122.390564
2023-05-12 03:15:36Physical LocationNoipstack0020NoneIran87.248.157.102
2023-05-12 02:45:03CountryNoCountry Name Extractor0020NoneRussiaDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.73): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5853301ea41251-ORD Content-Encoding: gzip 172.67.168.252
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None1232 (Net ID: 00:01:03:7C:2D:17)52.3759, 4.8975
2023-05-12 02:44:30Software UsedYesTool - Wappalyzer0020NoneFont Awesomepics.battleb0t.xyz
2023-05-12 02:45:34Email Gateway (DNS MX Records)NoDNS Raw Records0010Noneroute2.mx.cloudflare.netbattleb0t.xyz
2023-05-12 03:41:58Affiliate - Domain NameNoDNS Resolver2050Nonedomixo-hosting.dedomixo-hosting.de
2023-05-12 02:50:28Raw Data from RIRsNoGLEIF0030None[{u'relationships': {u'lei-records': {u'data': {u'type': u'lei-records', u'id': u'5493005GJOH8HLL11157'}, u'links': {u'related': u'https://api.gleif.org/api/v1/lei-records/5493005GJOH8HLL11157'}}}, u'attributes': {u'highlighting': u'<b>Go</b> <b>Daddy</b> Operating Company, <b>LLC</b>', u'value': u'Go Daddy Operating Company, LLC'}, u'type': u'autocompletions'}]Go Daddy, LLC
2023-05-12 02:44:21IPv6 AddressNoDNS Resolver0030None2606:4700:3037::6815:470enwapi2.battleb0t.xyz
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00x44.github.io185.199.111.153
2023-05-12 02:44:09SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 0d:40:8d:d9:7c:a1:bd:4c:0d:06:c5:3f:c3:e9:2e:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Apr 11 04:54:50 2023 GMT Not After : Jul 10 04:54:49 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a5:65:fa:d8:79:b7:aa:9f:cd:61:b9:6d:61:bb: e3:07:27:16:d3:e1:46:58:db:ea:35:f8:26:d8:c8: 09:7e:b6:39:79:12:45:7f:4a:96:c2:65:47:bc:37: b3:76:46:83:08:24:7b:32:63:f5:07:b6:17:66:20: 18:e4:18:8c:6e:16:7f:bc:81:ec:10:38:cc:20:6d: 2c:d6:29:65:3d:24:15:7a:78:2a:d0:43:3c:46:03: 10:b3:27:47:c6:2c:d9:37:1a:f8:11:aa:82:ad:00: 76:a7:88:0c:2b:f1:1a:b2:9a:95:76:c4:a9:4b:c3: 62:f9:12:87:35:9a:50:60:71:89:06:0b:f5:83:3f: b3:37:8b:3d:cb:f9:c2:99:ee:99:d3:c8:08:07:e1: c6:20:fc:1e:cb:95:74:f5:c1:74:33:8b:1b:39:2e: 63:89:98:62:bd:9a:c6:13:b2:b5:95:ec:cb:ee:ce: 27:e7:da:24:f1:8e:b6:e6:ab:e2:7a:20:63:e1:26: ab:e8:05:03:30:6e:ae:59:d4:02:26:10:36:ee:3d: 2a:f4:c0:78:59:fa:77:cd:2a:88:bd:16:94:1a:e1: c4:ca:d8:5b:b7:12:2e:db:10:0e:ec:94:77:40:49: b3:6f:75:18:22:d3:cb:58:3c:44:d0:05:e2:db:a8: 00:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BA:51:29:0E:2E:1D:B8:E3:1A:BA:7C:11:8D:3C:69:BB:27:B0:51:A7 X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/TQXQbT5nMS4 CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/PX7fR59yV-s.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 35:8a:d2:67:fd:ed:b1:23:72:f0:a2:4c:97:ee:c5:7e:e1:b0: 84:de:17:e3:7f:b0:fd:4c:e4:f5:d9:c1:87:4a:b8:32:d6:97: 13:2d:ab:c3:d8:0c:ce:60:02:7a:3d:d5:8b:4f:9b:89:37:1e: 07:e8:65:4f:13:db:bc:f2:3f:ba:ea:3a:b7:97:d8:a0:c0:4a: 65:8c:35:35:fd:69:77:08:6c:3c:bf:e2:a6:4a:02:ca:fc:ed: e5:52:89:bc:c1:b6:61:98:79:3c:a3:31:8c:d6:1d:49:4c:6e: 4f:51:4b:80:2f:a3:0a:eb:fd:a0:1d:23:01:9e:b7:13:91:2e: ea:39:a6:6a:a5:6e:65:a0:60:47:cf:fa:44:01:e4:af:f2:74: c6:c0:9c:28:45:d7:eb:58:39:c7:39:24:41:f2:f3:e3:a3:aa: 8b:59:5c:05:a1:91:0e:a2:f0:b0:ab:cb:39:e8:59:97:1b:9f: 8d:d8:c2:47:ab:c2:d9:46:03:7a:5d:eb:fd:3e:65:0d:f9:fe: dc:1b:a2:95:80:34:f0:64:f6:d6:5a:43:e4:2b:5f:53:8b:84: 65:53:97:2f:8f:bb:f4:1d:f8:10:82:18:da:d2:33:31:94:ea: 59:b0:de:49:31:a7:28:65:0c:5e:e7:fb:cf:58:f0:de:70:9b: 5c:67:53:d1 ayhu.xyz
2023-05-12 03:09:31Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.iojames-gamboa.github.io
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.23): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-8F90 (Net ID: 84:94:8C:33:8F:98)37.751, -97.822
2023-05-12 03:41:52Open TCP Port BannerNoCensys0130NoneSMB SMB 2.145.131.109.53
2023-05-12 02:46:00Physical LocationNoAbstractAPI0030NoneChicago, Illinois, 60666, United States, North America172.67.168.252
2023-05-12 02:54:13Web Content TypeNoWeb Spider0030Noneapplication/javascript;charset=utf-8https://battleb0t.xyz/main.built.js
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonedowntown5 (Net ID: 00:01:E3:E9:56:90)50.1188, 8.6843
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneHubPages (Category: blog) https://hubpages.com/@ayhuayhu
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NonemyLGNet8FBA (Net ID: 00:01:36:5C:8F:B8)37.7642, -122.3993
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00ihsan.github.io] https://www.openphish.com/feed.txt00ihsan.github.io
2023-05-12 03:08:45Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.211104.196.30.220
2023-05-12 02:44:31IPv6 AddressNoDNS Resolver0030None2606:4700:3030::ac43:a8fcpanel.battleb0t.xyz
2023-05-12 02:54:54Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer2a06:98c1:3121::1
2023-05-12 03:09:40Affiliate - Internet NameNoDNS Resolver0040None119.48.229.35.bc.googleusercontent.com35.229.48.119
2023-05-12 03:00:57Co-Hosted SiteNoHackerTarget2020None00yongshiwangzi.github.io185.199.111.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneAPC (Net ID: 00:09:5B:4F:F1:CA)33.617190550339146,-111.90827887019054
2023-05-12 02:44:36Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:32:07 2022 GMT Not After : Mar 27 01:32:06 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 27 02:32:07.311 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:AA:9D:DE:C7:1A:03:CE:A4:C0:00:4F: 87:A8:C3:99:28:44:9B:D2:01:EB:31:A5:4D:CA:E6:87: EC:A0:EC:55:A7:02:20:46:FF:BE:46:93:AD:B8:EF:FE: 25:F8:15:56:F7:DA:CF:93:CC:B6:57:60:7E:B3:1F:4E: 3D:D7:BC:FE:3F:5C:95 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 27 02:32:07.904 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:37:07:AC:16:A5:95:2E:57:A3:0B:B3:64: CD:EA:6B:54:2E:81:8A:01:52:42:FF:1C:53:89:7A:D2: 6B:24:50:80:02:20:40:76:C6:34:39:4A:07:B1:8F:D5: 9F:21:37:77:6A:98:1B:06:80:4F:64:F6:8D:4F:C6:A8: 76:64:CB:D7:21:98 Signature Algorithm: sha256WithRSAEncryption 5a:91:30:6e:b9:53:94:e1:7e:bb:e0:98:45:df:78:b3:43:5d: de:b7:e8:48:7b:6b:85:d8:3d:1f:0c:8e:55:6a:96:e0:1e:5a: 3f:a6:43:96:72:8b:0f:19:07:ee:9c:42:c7:4a:fa:00:d6:38: 45:8a:ea:1d:27:96:1c:3b:da:42:ff:fd:72:61:04:85:27:14: 44:a3:15:9a:66:dc:fe:95:f3:8c:98:0f:18:5b:f9:85:a2:67: 99:97:5a:de:6b:1e:8a:f6:0f:26:41:36:b4:b1:3e:27:57:59: 6e:d6:c4:ee:ce:b2:6c:21:fe:aa:fe:21:90:56:0b:ea:b9:fb: 42:2f:c1:77:37:3f:05:10:f5:44:c7:f2:f2:69:75:ed:35:ad: bf:14:45:0f:8e:50:cc:75:c2:b4:48:82:8d:27:02:be:21:98: 49:ee:ec:f9:0b:27:d8:83:27:62:ad:0a:7b:66:8c:06:c8:72: 57:56:3c:6b:ac:63:49:11:4f:62:ea:70:01:53:cf:56:53:4b: 71:08:c9:75:ee:50:8f:d1:87:f6:68:91:33:35:2a:99:1f:6e: f5:48:cb:c7:f5:99:a1:3f:39:b8:fe:33:3a:31:fe:e7:7d:d5: 4e:6f:92:4f:57:86:fc:b0:8f:23:98:3e:8f:91:f6:d5:3d:5c: a6:e5:1c:71
2023-05-12 02:45:04CountryNoCountry Name Extractor0020NoneUnited Statesgithub.com
2023-05-12 03:18:53Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Rotated 180 @ 18}https://funny.battleb0t.xyz/images/random_3.jpg
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneFRBEACH (Net ID: 00:02:2D:8A:07:45)34.0544, -118.244
2023-05-12 03:00:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.50): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Noneapple network 3a656b (Net ID: 00:02:2D:05:9A:3A)34.0544, -118.244
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.26): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes128-gcm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 02:44:14Co-Hosted SiteNoSSL Certificate Analyzer3120Nonenetlify.apppics.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneBJNPSETUP (Net ID: 00:00:85:F4:1C:9A)37.780462,-122.390564
2023-05-12 03:24:21HTTP Status CodeNoWeb Spider0030None403https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Noneomniblock (Net ID: 00:09:5B:E9:6B:D6)33.617190550339146,-111.90827887019054
2023-05-12 03:15:36Physical LocationNoipstack0030NoneGermany46.101.229.70
2023-05-12 02:46:50SSL Certificate - Issued toNoSSL Certificate Analyzer1030NoneC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app34.148.97.127
2023-05-12 02:45:58Physical LocationNoAbstractAPI1030NoneFrankfurt am Main, Hesse, 60313, Germany, Europe64.226.81.43
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00yongshiwangzi.github.io] https://www.openphish.com/feed.txt00yongshiwangzi.github.io
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2053188.114.96.1
2023-05-12 03:09:24Vulnerability - CVE LowYesTool - testssl.sh0130NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.64.226.81.43
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.173): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:08Open TCP PortNoPulsedive0030None185.199.110.133:80185.199.110.0/24
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited Statescloudflare.com
2023-05-12 02:54:16Linked URL - InternalNoWeb Spider4030Nonehttps://oldfluid.battleb0t.xyz/./script.jshttps://oldfluid.battleb0t.xyz/
2023-05-12 02:47:30Open TCP PortNoPulsedive0020None104.21.6.166:80104.21.6.166
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.255): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:56Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.111.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.108.0/22', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}185.199.111.153
2023-05-12 03:23:17Open TCP PortNoPulsedive0030None188.114.96.4:443188.114.96.0/24
2023-05-12 02:54:03Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T00:51:50.399Z", "ip": "172.67.135.9", "location_updated_at": "2023-04-28T23:58:12.936747Z", "autonomous_system_updated_at": "2023-05-06T01:54:19.985382Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"hubeitc.com": {"record_type": "A", "resolved_at": "2023-05-08T15:02:25.771434390Z"}, "sox.li": {"record_type": "A", "resolved_at": "2023-04-26T19:09:57.006302220Z"}, "www.oldthdoo.xyz": {"record_type": "A", "resolved_at": "2022-09-26T19:11:07.076925735Z"}, "outimpivutinli.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:31.066836981Z"}, "dhcp.pro": {"record_type": "A", "resolved_at": "2023-04-07T20:54:25.762591525Z"}, "interviewerinauguration.top": {"record_type": "A", "resolved_at": "2023-04-28T22:49:56.118650578Z"}, "www.lulucloud.top": {"record_type": "A", "resolved_at": "2023-05-01T02:54:57.371742635Z"}, "sufferwith.info": {"record_type": "A", "resolved_at": "2023-05-10T17:23:47.734514798Z"}, "pillsplusrx.com": {"record_type": "A", "resolved_at": "2022-12-02T13:59:11.413529095Z"}, "homesayofficial.com": {"record_type": "A", "resolved_at": "2023-05-08T14:59:56.576817191Z"}, "eraliser.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:10.208194848Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-09T01:43:37.823377424Z"}, "nzfortress.nz": {"record_type": "A", "resolved_at": "2022-12-07T17:06:16.407969123Z"}, "dmca.online": {"record_type": "A", "resolved_at": "2023-05-08T21:44:13.486013576Z"}, "webmail.healthcaringz.com": {"record_type": "A", "resolved_at": "2022-10-23T13:30:37.119563541Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "mynutrition365.com": {"record_type": "A", "resolved_at": "2023-01-28T13:41:29.917096426Z"}, "account-dev.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-23T16:34:50.737558857Z"}, "bezapach.site": {"record_type": "A", "resolved_at": "2022-11-17T16:10:10.763315118Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "welovemazda2.com": {"record_type": "A", "resolved_at": "2023-05-07T16:16:24.443322279Z"}, "nicksdevlab.com": {"record_type": "A", "resolved_at": "2023-05-05T15:10:48.612601219Z"}, "usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-02T23:18:02.110883898Z"}, "backup.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.633015199Z"}, "webmail.dynimighti.com": {"record_type": "A", "resolved_at": "2023-05-05T14:26:03.262859839Z"}, "www.kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-05T19:50:13.137718896Z"}, "locorfulb.cf": {"record_type": "A", "resolved_at": "2023-04-06T22:56:37.751080597Z"}, "wildanmaulana.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:54.678346749Z"}, "obhkitchens.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T10:58:42.826529023Z"}, "www.bouncefitness.precisiongroup.com.au": {"record_type": "A", "resolved_at": "2023-04-26T12:25:18.625366391Z"}, "www.onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-07T21:18:07.768786749Z"}, "dailyaid.com.co": {"record_type": "A", "resolved_at": "2023-04-28T13:15:27.402942692Z"}, "www.seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-20T19:15:51.646804259Z"}, "www.palaciorentacar.com": {"record_type": "A", "resolved_at": "2023-04-30T20:48:31.555576583Z"}, "prefahoutesraismac.ga": {"record_type": "A", "resolved_at": "2023-05-10T17:09:09.762399021Z"}, "apps.codiotic.com": {"record_type": "A", "resolved_at": "2023-05-06T14:35:31.397147978Z"}, "gymnasie-portal.dk": {"record_type": "A", "resolved_at": "2023-05-08T17:28:07.281800383Z"}, "kmit17.com": {"record_type": "A", "resolved_at": "2023-01-29T13:41:58.275178074Z"}, "www.usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-11T16:20:14.776067678Z"}, "alfalahjamsolat.com": {"record_type": "A", "resolved_at": "2023-04-29T13:16:47.848315334Z"}, "www.homezing.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T14:45:35.498801514Z"}, "diegobruno.com.br": {"record_type": "A", "resolved_at": "2023-05-11T12:30:51.038051198Z"}, "tavernolaincanto.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-04-10T21:37:30.505399325Z"}, "crabcamkanawi.ml": {"record_type": "A", "resolved_at": "2023-04-29T18:29:51.293879545Z"}, "api.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-26T16:20:22.956402279Z"}, "mail.vertexhc.com": {"record_type": "A", "resolved_at": "2023-04-28T16:53:40.093346661Z"}, "www.typearound.com": {"record_type": "A", "resolved_at": "2023-05-03T15:59:44.822944002Z"}, "ketitarechesjunc.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:13.362328225Z"}, "longchampcolombia.com": {"record_type": "A", "resolved_at": "2023-04-25T15:13:12.725728600Z"}, "totnewsgativime.ml": {"record_type": "A", "resolved_at": "2023-05-11T18:38:46.532739958Z"}, "credegtetandbeasump.tk": {"record_type": "A", "resolved_at": "2023-04-13T20:24:22.673256350Z"}, "tgtetv.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.785914421Z"}, "astrut-app.space": {"record_type": "A", "resolved_at": "2023-05-11T21:36:14.981867495Z"}, "cdg-sex-game.com": {"record_type": "A", "resolved_at": "2023-04-30T14:10:46.256225534Z"}, "www.jollygoodgames.com": {"record_type": "A", "resolved_at": "2023-05-07T14:57:18.867430647Z"}, "jagotekno.com": {"record_type": "A", "resolved_at": "2023-04-22T14:38:01.151568998Z"}, "ftp.jogjacontemporary.net": {"record_type": "A", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "A", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "account.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-17T13:39:14.401013523Z"}, "hakertidircordbils.tk": {"record_type": "A", "resolved_at": "2023-04-24T22:20:31.002106199Z"}, "shop.geminibio.com": {"record_type": "A", "resolved_at": "2023-05-10T14:29:06.617280204Z"}, "esipdages.tk": {"record_type": "A", "resolved_at": "2022-12-24T16:43:56.993137478Z"}, "sibasi.co.ke": {"record_type": "A", "resolved_at": "2023-04-27T19:41:18.506582178Z"}, "mardederlohafi.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:48.592242511Z"}, "seminare-steinbergerhof.com": {"record_type": "A", "resolved_at": "2022-11-11T13:47:58.476008549Z"}, "tufazy.com": {"record_type": "A", "resolved_at": "2023-04-26T16:50:54.989745065Z"}, "vpnexpert.nl": {"record_type": "A", "resolved_at": "2023-05-01T19:57:49.698948942Z"}, "cpanel.vertexhc.com": {"record_type": "A", "resolved_at": "2023-05-03T16:02:17.928893946Z"}, "ok-medicalbilling-ok.live": {"record_type": "A", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "video.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:43.709528638Z"}, "webdisk.healthcaringz.com": {"record_type": "A", "resolved_at": "2022-10-18T13:30:47.039752864Z"}, "tiomaichocannu.tk": {"record_type": "A", "resolved_at": "2022-12-08T16:58:01.532109086Z"}, "account-dev.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T18:30:39.855141477Z"}, "tgtetv.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-11T19:57:47.589434167Z"}, "ghappsherkverve.xyz": {"record_type": "A", "resolved_at": "2022-10-01T16:00:32.859129543Z"}, "kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-09T20:45:29.883376868Z"}, "trinityartistseries.org": {"record_type": "A", "resolved_at": "2022-12-29T16:31:11.663002382Z"}, "fastago.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-26T19:56:32.748547371Z"}, "login.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "typearound.com": {"record_type": "A", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "vippulsar.com": {"record_type": "A", "resolved_at": "2022-11-29T14:13:25.682203427Z"}, "cpanel.jogjacontemporary.net": {"record_type": "A", "resolved_at": "2023-05-07T19:46:39.285928826Z"}, "4wdinfo.com": {"record_type": "A", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "mail.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-28T23:19:06.736816476Z"}, "therpsequavillicomp.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:55.402091890Z"}, "profmarpdust.gq": {"record_type": "A", "resolved_at": "2023-04-19T19:40:52.408802267Z"}, "mycleanersrock.com": {"record_type": "A", "resolved_at": "2022-11-23T16:19:42.997763435Z"}, "www.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-20T00:02:14.977582110Z"}, "prairducts.com": {"record_type": "A", "resolved_at": "2023-04-28T16:08:44.541097454Z"}, "kerzcoobamabasvio.cf": {"record_type": "A", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "emnotantfitmanas.ml": {"record_type": "A", "resolved_at": "2023-04-30T23:59:01.980378964Z"}, "latabke.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:55:59.693650651Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-18T18:24:43.138880401Z"}, "octagonplastering.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-19T13:48:18.916628263Z"}, "account.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:40.329778906Z"}, "edericgakos.ml": {"record_type": "A", "resolved_at": "2023-02-27T16:49:01.824929419Z"}, "datenschlauch.de": {"record_type": "A", "resolved_at": "2023-05-02T23:34:28.039399648Z"}}, "names": ["webmail.dynimighti.com", "vpnexpert.nl", "cpanel.jogjacontemporary.net", "mardederlohafi.cf", "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net", "mail.vertexhc.com", "apps.codiotic.com", "datenschl172.67.135.9
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneOmni (Net ID: 00:02:2D:17:C6:E0)33.6170672,-111.90564645297056
2023-05-12 02:44:21Physical LocationNoipstack0020NoneUnited States185.199.110.153
2023-05-12 02:54:19HTTP Status CodeNoWeb Spider0040None200https://fluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 03:08:38Affiliate - IP AddressNoDNS Look-aside1020None185.199.108.154185.199.108.153
2023-05-12 03:23:44Open TCP PortNoPulsedive0030None188.114.96.17:8443188.114.96.0/24
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0020Nonehttp://pics.battleb0t.xyzpics.battleb0t.xyz
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneOmni (Net ID: 00:02:2D:17:C6:E0)33.617190550339146,-111.90827887019054
2023-05-12 02:55:08SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 17:04:53 2023 GMT Not After : Jun 25 17:04:52 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24: 59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb: 24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c: 2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52: 95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06: 2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20: e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa: a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6: 91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20: 37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a: 50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e: 0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe: a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56: 10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77: c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4: 5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a: 4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50: 36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c: 84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e: 0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a: 98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06: 5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45: 85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81: f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b: 6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c: 69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea: b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59: 65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a: 5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50: 4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2: bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad: d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d: d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34: 1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c: 5d:09:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 27 18:04:53.353 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:C2:49:4E:83:B3:46:DC:0B:F2:4C:E0: 2C:BD:3A:21:A9:D3:87:F4:AC:B5:4F:45:81:1D:09:75: FB:9B:D3:9E:A5:02:20:54:1A:EC:0B:6C:62:AB:8A:0B: 14:2D:42:2F:00:E8:AD:FF:98:7D:A9:48:C3:5C:9D:C9: A1:63:83:E1:17:D2:4C Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 27 18:04:53.360 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:8C:E5:2C:49:4A:30:97:4C:B4:E6:F3: 86:6A:09:B6:EF:84:21:66:BD:9C:17:9A:88:7C:B9:2A: 4D:1D:CC:99:A2:02:20:13:E4:A1:38:F5:80:6B:55:F9: DB:4D:54:23:A0:D3:2F:61:E4:B8:03:26:A2:87:C1:4D: B4:9F:8A:D7:F3:2F:04 Signature Algorithm: sha256WithRSAEncryption 3d:8b:b7:2f:1c:19:9b:ce:8a:9f:49:6d:8e:1c:b1:06:ce:80: 4b:f8:df:50:39:97:3e:fb:8f:2c:ca:50:c1:5c:f8:46:84:02: f2:57:a0:5c:d2:47:ea:75:b7:5b:8e:d7:bb:b6:ac:23:17:33: df:77:0a:d0:66:44:16:5a:cd:a4:73:04:82:9c:6e:c5:c2:96: 07:18:e4:ea:f3:48:89:72:cc:2c:e6:89:4a:c1:18:8b:b6:a9: 9e:48:30:26:9c:5a:b4:6d:2c:74:dd:50:cc:be:12:4c:8d:38: 29:5e:de:cf:04:54:ae:14:ed:ec:f9:b8:a0:90:94:ff:e1:0c: 9e:34:2b:1c:68:fd:56:79:13:27:78:22:6f:18:f3:9e:26:b0: 3c:46:ba:7f:dd:d6:fc:c7:27:bd:b5:77:38:03:ba:7b:08:e5: f1:08:df:bb:f5:ea:f4:e1:c8:be:e6:b7:32:bc:2d:9d:1a:68: d8:d8:3b:7d:a5:0b:bf:d3:08:d9:73:26:67:23:22:51:a7:9a: 35:1e:3d:5b:8d:37:8d:5a:13:a6:11:a6:6e:3f:57:92:c4:df: b9:a6:2d:3e:a3:ac:33:74:bf:a3:4d:bc:55:ad:8d:cf:76:66: f9:f9:8f:df:06:4b:e6:21:7f:06:3d:9b:6e:9c:3f:93:fd:2b: 41:f7:2c:66 battleb0t.xyz
2023-05-12 02:44:22Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.108.153
2023-05-12 03:03:19Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-0-256.github.io
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None1200 (Net ID: 00:01:03:7C:0A:E5)41.8781, -87.6298
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneInternet Archive Account (Category: misc) https://archive.org/details/@ayhuayhu
2023-05-12 03:23:19Open TCP PortNoPulsedive0030None188.114.96.5:8080188.114.96.0/24
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NonePinterest (Category: social) https://www.pinterest.com/ayhu/ayhu
2023-05-12 02:54:44Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_330_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_330_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "IsoScope_330_IE_EarlyTabStart_0x690_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_330_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarBB6A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarBA30.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "TarBB6A.tmp" has type "data"- Location: [%TEMP%\\TarBB6A.tmp]- [targetUID: 00000000-00002892]\n "_9E69994D-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002892]\n "~DF41FFD31729A203FF.TMP" has type "data"- Location: [%TEMP%\\~DF41FFD31729A203FF.TMP]- [targetUID: 00000000-00000816]\n "RecoveryStore._9E69994B-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "6JGINI9K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JGINI9K.txt]- [targetUID: 00000000-00000816]\n "J0N78Y0C.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0N78Y0C.txt]- [targetUID: 00000000-00000816]\n "CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBA1F.tmp]- [targetUID: 00000000-00002892]\n "S35ZJMPU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S35ZJMPU.txt]- [targetUID: 00000000-00000816]\n "MYW52O1X.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\MYW52O1X.htm]- [targetUID: 00000000-00002892]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBB69.tmp]- [targetUID: 00000000-00002892]\n "_A7F3014A-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF51E1B1269B03A86.TMP" has type "data"- Location: [%TEMP%\\~DFF51E1B1269B03A86.TMP]- [targetUID: 00000000-00000816]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "MUID1C5CECAFE62F66650020FE60E76367DFmsn.com/1025229670643231098083270159623031019620*"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.comAccept-Language"\n Heuristic match: "hctp_://rabet_anatkoo_ha.com"\n Pattern match: "https://llink.toaccess-control-allow-credentials"\n Pattern match: "https://llink.to"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025319012595231055838270143998031019620*"\n Pattern match: "MUIDB0843E9110DDB6B4E0942FBDE0C5F6A01ieonline.microsoft.com/9216229670643231098083269878373031019620*"\n Heuristic match: "rabetsanatkoosha.com"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*_EDGE_V1microsoft.com/9216229670643231098083269878373031019620*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "www.msn.com/"\n Pattern match: "https://rabetsanatkoosha.com/SNS/allianzgi.com/aBC@allianzgi.com"\n Pattern match: "llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "ianzgi.com"\n Heuristic match: "link.to"\n Heuristic match: "u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuris185.199.109.153
2023-05-12 02:46:30Netblock MembershipNoRIPE1030None104.21.64.0/20104.21.71.14
2023-05-12 02:54:10Open TCP PortNoCensys0020None2606:4700:3031::6815:6a6:4432606:4700:3031::6815:6a6
2023-05-12 03:31:31Affiliate - Email AddressNoE-Mail Address Extractor0070Nonefd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Domain Name: NETCRAFT.COM Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-12-07T10:43:50Z Creation Date: 1994-10-18T04:00:00Z Registry Expiry Date: 2026-10-17T04:00:00Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: AUTHNS1.NETCRAFT.COM Name Server: AUTHNS2.NETCRAFT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: netcraft.com Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2020-09-21T12:40:37.88Z Creation Date: 1994-10-18T04:00:00.00Z Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Name Server: authns1.netcraft.com Name Server: authns2.netcraft.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:55:28Raw Data from RIRsNoHybrid Analysis0020None{u'count': 3, u'search_terms': [{u'id': u'host', u'value': u'104.21.6.166'}], u'result': [{u'environment_id': 100, u'job_id': u'640a87ec5deba64bf90bd5e3', u'analysis_start_time': u'2023-03-10 01:29:16', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'15de03b9f1a0096ab0b30f52b553b469c70dbccd4417995d4b7fdc4cee25557a', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 160, u'job_id': u'63fc26ad86a713231f0ec51d', u'analysis_start_time': u'2023-02-27 03:42:37', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 1, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'69980d4c29a4a5407bb25c94430a4932ebe493bfead4f5a2fabc21dbc30aebda', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 160, u'job_id': u'63a00a6524ef340fae30348a', u'analysis_start_time': u'2022-12-19 06:53:25', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 23, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'15de03b9f1a0096ab0b30f52b553b469c70dbccd4417995d4b7fdc4cee25557a', u'type': None, u'type_short': u'url', u'size': 67}]}104.21.6.166
2023-05-12 02:44:12SSL Certificate Host MismatchYesSSL Certificate Analyzer0020None*.cloudwaysapps.com, cloudwaysapps.comkekw.battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Noneoverkant (Net ID: 00:01:36:07:DC:22)52.3759, 4.8975
2023-05-12 02:51:36Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://webcamoid.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_c64_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3172"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_c64_IE_EarlyTabStart_0xa8c_Mutex"\n "IsoScope_c64_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_c64_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c64_ConnHashTable<3172>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c64_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "webcamoid.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"webcamoid_1_.png" has type "PNG image data 64 x 64 8-bit/color RGBA non-interlaced" and extension "png"\n "favicon_1_.png" has type "PNG image data 16 x 15 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b04a5edd-ee0f-11ed-acb1-080027098343}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df196c020f5a094e9f.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df196c020f5a094e9f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b04a5edd-ee0f-11ed-acb1-080027098343}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfb061f576187ef20c.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{b04a5edf-ee0f-11ed-acb1-080027098343}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ClearSans-Light_1_.ttf" has type "TrueType Font data 20 tables 1st "GPOS" 24 names Macintosh Font software Copyright \\251 2012 Intel Corporation. Licensed under the Apache License Version"- [targetUID: N/A]\n "DesktopCapture_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "VirtualCamera_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "Main_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "Recording_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "Effects_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003172]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFB061F576187EF20C.TMP" has type "data"- Location: [%TEMP%\\~DFB061F576187EF20C.TMP]- [targetUID: 00000000-00003172]\n "~DF196C020F5A094E9F.TMP" has type "data"- Location: [%TEMP%\\~DF196C020F5A094E9F.TMP]- [targetUID: 00000000-00003172]\n "~DF3999E32F2D2A875E.TMP" has type "data"- Location: [%TEMP%\\~DF3999E32F2D2A875E.TMP]- [targetUID: 00000000-00003172]\n "~DFF70C03EBA959F549.TMP" has type "data"- Location: [%TEMP%\\~DFF70C03EBA959F549.TMP]- [targetUID: 00000000-00003172]\n "desktop_1_.css" has type "ASCII text"- [targetUID: N/A]\n "EBSTL18C.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\EBSTL18C.htm]- [targetUID: 00000000-00002944]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003172]\n "RecoveryStore._B04A5EDD-EE0F-11ED-ACB1-080027098343_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "webcamoid_1_.png" has type "PNG image data 64 x 64 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_B04A5EDF-EE0F-11ED-ACB1-080027098343_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B797E09C-EE0F-11ED-ACB1-080027098343_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "main_1_.js" has type "C source ASCII text"- [targetUID: N/A]\n "mobile_1_.css" has type "ASCII text"- [targetUID: N/A]\n "reset_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.png" has type "PNG image data 16 x 15 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "PTUKRQUT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PTUKRQUT.txt]- [targetUID: 00000000-00003172]\n "51SURLHL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\51SURLHL.txt]- [targetUID: 00000000-00003172]\n "VKBTY5T4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VKBTY5T4.txt]- [targetUID: 00000000-00003172]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "FG7SB3TD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FG7SB3TD.txt]- [targetUID: 00000000-00003172]\n "main_1_.css" has type "ASCII text"- [targetUID: N/A]\n "3F4OTZE6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3F4OTZE6.txt]- [targetUID: 00000000-00003172]\n "JBZG5CV8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JBZG5CV8.txt]- [targetUID: 00000000-00003172]\n "IW96THVI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IW96THVI.txt]- [targetUID: 00000000-00003172]\n "urlref_httpswebcamoid.github.io" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://webcamoid.github.io/"\n Pattern match: "https://webcamoid.github.io"\n Pattern match: "lY.UMDe/;+d*4IsQUA8[9D"\n Pattern match: "http://meyerweb.com/eric/185.199.108.153
2023-05-12 02:50:45Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://khushishikhu.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2868"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_IE_EarlyTabStart_0x87c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_ConnHashTable<2868>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b34_IESQMMUTEX_0_519"\n "IsoScope_b34_IESQMMUTEX_0_331"\n "IsoScope_b34_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.133.15:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"khushishikhu.github.io"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com" (Indicator: "dir "; File: "Netflix-clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced" and extension "png"\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced" and extension "png"\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced" and extension "png"\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced" and extension "png"\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002868]\n "~DFEB8DE64FDEFEAC09.TMP" has type "data"- Location: [%TEMP%\\~DFEB8DE64FDEFEAC09.TMP]- [targetUID: 00000000-00002868]\n "~DF9B5BE8AAD9348E43.TMP" has type "data"- Location: [%TEMP%\\~DF9B5BE8AAD9348E43.TMP]- [targetUID: 00000000-00002868]\n "~DFA2CF22B23815D257.TMP" has type "data"- Location: [%TEMP%\\~DFA2CF22B23815D257.TMP]- [targetUID: 00000000-00002868]\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced"- [targetUID: N/A]\n "urlref_httpskhushishikhu.github.ioNetflix-clone" has type "HTML document ASCII text"- [targetUID: N/A]\n "RecoveryStore._B445AEB7-EF99-11ED-83C4-080027461EB8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "_BBCECB40-EF99-11ED-83C4-080027461EB8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B445AEB9-EF99-11ED-83C4-080027461EB8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "JS_1_.js" has type "ASCII text"- [targetUID: N/A]\n "ZIV20U3Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZIV20U3Z.txt]- [targetUID: 00000000-00002868]\n "2M1391EE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2M1391EE.txt]- [targetUID: 00000000-00002868]\n "1DIL5KRI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1DIL5KRI.txt]- [targetUID: 00000000-00002868]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "0LGY9LCX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0LGY9LCX.txt]- [targetUID: 00000000-00002868]\n "ORG2CQ19.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ORG2CQ19.txt]- [targetUID: 00000000-00002868]\n "NL66CHKW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NL66CHKW.txt]- [targetUID: 00000000-00002868]\n "UB265V1X.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UB265V1X.txt]- [targetUID: 00000000-00002868]\n "Netflix-clone_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://khushishikhu.github.io/Netflix-clone/"\n Pattern match: "https://khushishikhu.github.io"\n Pattern match: "https://khushishikhu.github.io/Netflix-clone"\n Pattern match: "Bj.UUVP/0E{@mX+"\n Pattern match: "Wc.TJ/-tB@W;wsq}jP1"\n Pattern match: "https://fontawesome.comFont"\n Pattern match: "https://use.fontawesome.com/releases/v5.8.2/css/all.css"\n Pattern match: "SUIDmicrosoft.com/9216415687628831032347305882992031032230MUID3CFF7A16C8AC651E350B6918C9286478microsoft.com/1025428936550431110701305882992031032230_EDGE_Vmicrosoft.com/9216428936550431110701305898617031032230SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216415687628831032347305882992031032230MUID3CFF7A16C8AC651E350B6918C9286478microsoft.com/1025428936550431110701305882992031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/9216415687628831032347305882992031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mi"\n Pattern match: "9216428936550431110701306257992031032230MUID34F5E2D5D7CC61EA0749F1DBD68060C6msn.com/1025428936550431110701306257992031032230"\n Pattern match: "MUIDB3CFF7A16C8AC651E350B6918C9286478185.199.108.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneLF-X1U.00014A10EF0C (Net ID: 00:01:4A:10:EF:0C)37.780462,-122.390564
2023-05-12 02:54:23BGP AS MembershipNoCensys0040None146182600:1f18:2489:8201::c8
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneWordPress (Category: blog) https://profiles.wordpress.org/login/login
2023-05-12 03:09:36Affiliate - Internet NameNoDNS Resolver0040None219.30.196.104.bc.googleusercontent.com104.196.30.219
2023-05-12 03:41:52Open TCP PortNoCensys0030None45.131.109.53:598545.131.109.53
2023-05-12 02:44:28Affiliate - Internet NameNoDNS Resolver22020Nonebattleb0t.github.iowww.battleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneUFUKDEN (Net ID: 00:02:CF:9F:96:D2)40.2024, 29.0398
2023-05-12 02:44:31Internet Name - UnresolvedNoDNS Resolver0020Noneteamcity.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:23:19Open TCP PortNoPulsedive0030None188.114.96.5:443188.114.96.0/24
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01039402468.github.io] https://www.openphish.com/feed.txt01039402468.github.io
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereferrer-policy: same-origin{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"}
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneTelegram (Category: social) https://t.me/ayshooayshoo
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneFurAffinity (Category: images) https://www.furaffinity.net/user/loginlogin
2023-05-12 03:19:24Open TCP PortNoPulsedive0030None185.199.109.154:443185.199.109.0/24
2023-05-12 02:56:25BGP AS MembershipNoRIPE0040None14061207.154.224.0/20
2023-05-12 02:53:52Open TCP PortNoCensys0020None2606:50c0:8003::153:4432606:50c0:8003::153
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None010pixel.github.io185.199.111.153
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:06URL (Form)NoPage Information0030Nonehttp://www.ayhu.xyz<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '12933', cRay: '7c5f60715ea2423d', cHash: '4c530bdfb62a335', cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx', t: 'MTY4Mzg2MDA2Mi45MzcwMDA=', m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=', i1: 'zy3+9oq0kQS8g0MofYLvVQ==', i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:00:55Co-Hosted SiteNoHackerTarget2020None00ihsan.github.io185.199.111.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:79:25:FC)39.0469, -77.4903
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-4C62 (Net ID: 00:1D:D5:6D:4C:60)32.8608, -79.9746
2023-05-12 02:45:43Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680547171807-xds.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697389173-1680697389172.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697434044-1680697434044.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1677698083219-brnaded+logo.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1678225583765-dohler.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697496429-1680697496429.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1677247635626-opal+bpm.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1676063538457-wise.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882735829-sp-_0000_fair+trade.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1682640165836-c%26s.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697503545-1680697503545.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1677247758835-jpg.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697381119-1680697381118.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697479996-1680697479996.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681215695937-meijer+logo.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680701520460-_0005_united+dairy+farmers.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697487654-1680697487654.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882417313-sp-_0005_mbd.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1678225507390-daymon.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697462819-1680697462818.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882659094-sp-_0002_supply+pilot.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1679240654452-_0010_cvs.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680988101878-fmi-logo-2019.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681773687460-southeastern+grocers.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697422023-1680697422023.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681239531331-day+1.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882703373-sp-_0001_voccii.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681239550042-day+two.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/37678%2f1567194570417-down.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1679679993005-_0031_target.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697403560-1680697403560.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680987900223-equatorlogo.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1679689212198-new+quad+2023.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681239570587-day+three.jpg', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 30, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://velocityinstitute.us16.list-manage.com/track/click?u=28a49397252972a9e77d3ec77&id=7e8847aed8&e=5332e81415', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:3572:304:WilStaging_02"\n "Local\\SM0:3572:120:WilError_01"\n "SM0:3572:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:3572:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.64.155.76:443"\n "142.250.189.234:443"\n "104.18.11.207:443"\n "151.101.2.123:443"\n "142.250.189.163:443"\n "54.231.170.48:443"\n "65.8.158.103:443"\n "54.244.116.26:443"\n "185.199.111.153:443"\n "23.39.1.127:443"\n "65.8.158.85:443"\n "192.229.163.25:443"\n "192.225.158.103:443"\n "74.125.137.155:443"\n "3.233.152.253:443"\n "104.244.42.72:443"\n "192.225.158.1:443"\n "192.225.158.3:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aa.online-metrix.net"\n "bouncer.webconnex.com"\n "browser-http-intake.logs.datadoghq.com"\n "cdn.uploads.webconnex.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "h.online-metrix.net"\n "images.webconnex.com"\n "ncwzrc4khcpkdl5627ygaagnzyyzeavjwr3ydmpbab8d5fa5a572c602sac.d.aa.online-metrix.net"\n "netdna.bootstrapcdn.com"\n "platform.twitter.com"\n "purecatamphetamine.github.io"\n "s3.amazonaws.com"\n "static.wepay.com"\n "stats.g.doubleclick.net"\n "syndication.twitter.com"\n "t.wepay.com"\n "velocityinstitute.regfox.com"\n "z.moatads.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "platform.twitter.com" (Indicator: "dir "; File: "PCAP")\n Found string "syndication.twitter.com" (Indicator: "dir "; File: "PCAP")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "js.src = "https://platform.twitter.com/widgets.js"" (Indicator: "dir "; File: "urlref_httpsvelocityinstitute.us16.list-manage.comtrackclicku_28a49397252972a9e77d3ec77_id_7e8847aed8_e_5332e81415")\n Found string "})(document, "script", "twitter-wjs")" (Indicator: "dir "; File: "urlref_httpsvelocityinstitute.us16.list-manage.comtrackclicku_28a49397252972a9e77d3ec77_id_7e8847aed8_e_5332e81415")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""bellagracehealth185.199.111.153
2023-05-12 02:44:09SSL Certificate - Issued byNoSSL Certificate Analyzer0010NoneC=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1battleb0t.xyz
2023-05-12 02:58:02Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.borisfx.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_b44_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b44_IESQMMUTEX_0_303"\n "IsoScope_b44_IE_EarlyTabStart_0xd3c_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b44_ConnHashTable<2884>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b44_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2884"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b44_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b44_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"159.203.154.119:80"\n "159.203.154.119:443"\n "192.124.249.24:80"\n "52.203.36.44:443"\n "104.18.22.52:443"\n "65.8.55.208:443"\n "104.17.24.14:443"\n "104.17.210.204:443"\n "34.148.97.127:443"\n "104.16.86.20:443"\n "151.101.1.137:443"\n "142.251.211.238:443"\n "104.16.255.71:443"\n "143.244.60.109:443"\n "142.251.33.104:443"\n "13.249.139.119:80"\n "142.251.211.227:80"\n "192.124.249.36:80"\n "65.8.55.48:80"\n "172.64.202.28:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpwww.borisfx.com" as clean (type is "HTML document ASCII text with CRLF line terminators")\n Antivirus vendors marked dropped file "TarCB08.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCB78.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"backend.borisfx.com"\n "borisfx-com-res.cloudinary.com"\n "js-na1.hs-scripts.com"\n "js.gleam.io"\n "js.hs-banner.com"\n "js.hscollectedforms.net"\n "js.hubspot.com"\n "ka-f.fontawesome.com"\n "nexus-websocket-a.intercom.io"\n "o.ss2.us"\n "ocsp.godaddy.com"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "ocsp.sectigo.com"\n "ocsp.starfieldtech.com"\n "pi.pardot.com"\n "sdks.shopifycdn.com"\n "www.borisfx.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.borisfx.com"\n "ocsp.starfieldtech.com"\n "ocsp.pki.goog"\n "o.ss2.us"\n "ocsp.godaddy.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sectigo.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "NJUG3KIC.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NJUG3KIC.txt]- [targetUID: 00000000-00002924]\n Dropped file: "8VT2SPF4.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8VT2SPF4.txt]- [targetUID: 00000000-00002924]\n Dropped file: "P98EPUFF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P98EPUFF.txt]- [targetUID: 00000000-00002924]\n Dropped file: "Y04LLF3T.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y04LLF3T.txt]- [targetUID: 00000000-00002924]\n Dropped file: "P3D2J0NU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P3D2J0NU.txt]- [targetUID: 00000000-00002924]\n Dropped file: "60VUP2GP.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\60VUP2GP.txt]- [targetUID: 00000000-00002924]\n Dropped file: "HH6MLV23.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HH6MLV23.txt]- [targetUID: 00000000-00002924]\n Dropped file: "BJCZPFNA.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BJCZPFNA.txt]- [targetUID: 00000000-00002924]\n Dropped file: "ZU42XX7W.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZU42XX7W.txt]- [targetUID: 00000000-00002924]\n Dropped file: "5RXK9MEV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5RXK9MEV.txt]- [targetUID: 00000000-00002924]\n Dropped file: "S1T0H2ZW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S1T0H2ZW.txt]- [targetUID: 00000000-00002924]\n Dropped file: "JH132F07.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JH132F07.txt]- [targetUID: 00000000-00002924]\n Dropped file: "KVO1BIM2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KVO1BIM2.txt]- [targetUID: 00000000-00002924]\n Dropped file: "3FN51MI9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3FN51MI9.txt]- [targetUID: 00000000-00002924]\n Dropped file: "WHAC3UI2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WHAC3UI2.txt]- [targetUID: 00000000-00002924]\n Dropped file: "T526XV91.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T526XV91.txt]- [targetUID: 00000000-00002924]\n Dropped file: "ISTMQ8W0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ISTMQ8W0.txt]- [targetUID: 00000000-00002924]\n Dropped file: "ZUL2DS60.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZUL2DS60.txt]- [targetUID: 00000000-00002924]\n Dropped file: "J5MVWDAV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J5MVWDAV.txt]- [targetUID: 00000000-00002924]\n Dropped file: "1NYW8Z2Y.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NYW8Z2Y.txt]- [targetUID: 00000000-00002924]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpwww.borisfx.com" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002924]\n "quote-bg_1_.png" has type "PNG image data 1190 x 188 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "TarCB08.tmp" has type "data"- Location: [%TEMP%\\TarCB08.tmp]- [targetUID: 00000000-00002924]\n "9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43]- [targetUID: 00000000-00002924]\n "~DF798C5B654290816F.TMP" has type "data"- Location: [%TEMP%\\~DF798C5B654290816F.TMP]- [targetUID: 00000000-00002884]\n "E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8]- [targetUID: 00000000-00002924]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "9FF67FB3141440EED32363089565AE60_397A1C578ED0C3E6ED55E7764B7296D0" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_397A1C578ED0C3E6ED55E7764B7296D0]- [targetUID: 00000000-00002924]\n "1c8618b326fd558f25ae2e551a4b5a932479c918_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002924]\n "analytics_1_.htm" has type "UTF-8 Unicode text with no line terminators"- [targetUID: N/A]\n "fb_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_1E795B05019FA2C73B95BDB66E6081E5" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_1E795B05019FA2C73B95BDB66E6081E5]- [targetUID: 00000000-00002924]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002924]\n "api_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "CustomerLogos_weta_1_.png" has type "PNG image data 240034.148.97.127
2023-05-12 02:44:03Human NameNoSpiderFoot UI2000NoneDawid Sulej"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 02:44:13Co-Hosted SiteNoSSL Certificate Analyzer0120Nonegithub.comwww.battleb0t.xyz
2023-05-12 03:19:22Open TCP PortNoPulsedive0030None185.199.109.153:443185.199.109.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonesteg (Net ID: 00:01:36:06:3F:F8)52.3759, 4.8975
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01.github.io] https://www.openphish.com/feed.txt01.github.io
2023-05-12 02:49:55Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'kamiblue-2.04.21-3c581c22b.jar', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-159', u'name': u'Writes log files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"javaw.exe" writes a file "C:\\hs_err_pid4552.log"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"hs_err_pid4552.log" has type "ASCII text with CRLF line terminators"- Location: [C:\\hs_err_pid4552.log]- [targetUID: 00000000-00004552]\n "cce3fe3b0d8d80bc.timestamp" has type "ASCII text with CRLF line terminators"- Location: [%ALLUSERSPROFILE%\\Oracle\\Java\\.oracle_jre_usage\\cce3fe3b0d8d80bc.timestamp]- [targetUID: 00000000-00004552]'}, {u'category': u'Environment Awareness', u'origin': u'Hybrid Analysis Technology', u'identifier': u'stream-3', u'name': u'Contains ability to query the machine version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1082', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-312', u'attck_id': u'T1082', u'relevance': 1, u'threat_level': 0, u'type': 1, u'description': u'INSTANCE.getVersionsFolder@FolderUtils at cb617139dd424aa668b0102de6fd5feb-20db3'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"assets/minecraft/kamiblue/kamimap.png" [Source: 76315e9082d7feae78e5a979537cb15491e33364ab9be90c74a65e132066521f.bin]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 185.199.110.153 on port 443"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "#rHehV=Bm.nO"\n Heuristic match: "null cannot be cast to non-null type kotlin.Int"\n Heuristic match: "int, kotlin.Int"\n Heuristic match: "java.lang.Integer, kotlin.Int"\n Pattern match: "https://api.mojang.com/user/profiles/"\n Pattern match: "https://api.mojang.com/users/profiles/minecraft/"\n Pattern match: "https://github.com/cabaletta/baritone/blob/master/USAGE.md"\n Pattern match: "https://www.youtube.com/channel/UCJGCNPEjvsCn0FKw3zso0TA"\n Pattern match: "discord.com/invite"\n Heuristic match: "player.name"\n Pattern match: "https://kamiblue.org/download"\n Pattern match: "https://kamiblue.org/api/v1/downloads.json"\n Heuristic match: "entity.name"\n Pattern match: "https://2bqueue.info/queue"\n Heuristic match: "Cannot connect to 2bqueue.info"\n Heuristic match: "file.name"\n Pattern match: "https://raw.githubusercontent.com/kami-blue/cape-api/capes/capes.json"\n Heuristic match: "it.name"\n Pattern match: "https://github.com/kami-blue"\n Pattern match: "https://kamiblue.org"\n Heuristic match: "kamiblue/modules.md"\n Pattern match: "https://api.github.com/repos/kami-blue/client/contributors"\n Pattern match: "github.com/kami-blue/client/graphs/contributors"\n Pattern match: "https://youtu.be/yPYZpwSpKmA"\n Pattern match: "https://kamiblue.org/backdoored"\n Pattern match: "kamiblue.org/license"\n Heuristic match: "waypoint.name"\n Pattern match: "https://kamiblue.org/discord"\n Pattern match: "https://.*discord(app|)\\\\.com/api/webhooks/\\\\d+/.{68}$"\n Heuristic match: "schematicArg.value.name"\n Heuristic match: "it.id"\n Pattern match: "https://raw.githubusercontent.com/2b2t-Utilities/emojis/master/version.json"\n Pattern match: "https://github.com/2b2t-Utilities/emojis/archive/master.zip"\n Heuristic match: "entry.name"\n Pattern match: "http://bugreport.java.com/bugreport/crash.jsp"\n Pattern match: "www.http.HttpClient.openServer(Ljava/lang/String;I)V+4"\n Pattern match: "www.http.HttpClient.openServer()V+114"\n Pattern match: "www.protocol.https.HttpsClient"\n Pattern match: "www.protocol.https.HttpsClient.New(Ljavax/net/ssl/SSLSocketFactory;Ljava/net/URL;Ljavax/net/ssl/HostnameVerifier;Ljava/net/Proxy;ZILsun/net/www/protocol/http/HttpURLConnection;)Lsun/net/www/http/HttpClient;+355"\n Pattern match: "www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Ljava/net/URL;Ljava/net/Proxy;I)Lsun/net/www/http/HttpClient;+13"\n Pattern match: "www.protocol.http.HttpURLConnection.plainConnect0()V+357"\n Pattern match: "www.protocol.http.HttpURLConnection.plainConnect()V+71"\n Pattern match: "www.protocol.https.AbstractDelegateHttpsURLConnection.connect()V+9"\n Pattern match: "www.protocol.http.HttpURLConnection.getInputStream0()Ljava/io/InputStream;+195"\n Pattern match: "www.protocol.http.HttpURLConnection.getInputStream()Ljava/io/InputStream;+52"\n Pattern match: "www.protocol.https.HttpsURLConnectionImpl.getInputStream()Ljava/io/InputStream;+4"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-98', u'name': u'Possibly tries to communicate over SSL connection (HTTPS)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"https://api.mojang.com/user/profiles/" + UUIDUtils.INSTANCE.removeDashes(uuid) + "/names" (Indicator: "https://")\n "https://api.mojang.com/users/profiles/minecraft/" (Indicator: "https://")\n "Invalid Command! Please view possible commands at https://github.com/cabaletta/baritone/blob/master/USAGE.md" (Indicator: "https://")\n ".+ Download WWE utility mod, Its free!"\n ".+ 4b4t is da best mintscreft serber"\n ".+ dont abouse"\n ".+ you cuck"\n ".+ https://www.youtube.com/channel/UCJGCNPEjvsCn0FKw3zso0TA"\n ".+ is my step dad"\n ".+ again daddy!"\n "dont worry .+ it happens to every one"\n ".+ dont buy future it\'s crap, compared to WWE!"\n "What are you, fucking gay, .+?"\n "Did you know? .+ hates you, .+"\n "You are literally 10, .+"\n ".+ finally lost their virginity, sadly they lost it to .+... yeah, that\'s unfortunate."\n ".+, don\'t be upset, it\'s not like anyone cares about you, fag."\n ".+, see that rubbish bin over there? Get your ass in it, or I\'ll get .+ to whoop your ass."\n ".+, may I borrow that dirt block? that guy named .+ needs it..."\n "Yo, .+, btfo you virgin"\n "Hey .+ want to play some High School RP with me and .+?"\n ".+ is an Archon player. Why is he on here? Fucking factions player."\n "Did you know? .+ just joined The Vortex Coalition!"\n ".+ has successfully conducted the cactus dupe and duped a itemhand!"\n ".+, are you even human? You act like my dog, holy shit."\n ".+, you were never loved by your family."\n "Come on .+, you hurt .+\'s feelings. You meany."\n "Stop trying to meme .+, you can\'t do that. kek"\n ".+, .+ is gay. Don\'t go near him."\n "Whoa .+ didn\'t mean to offend you, .+."\n ".+ im not pvping .+, im WWE\'ing .+."\n "Did you know? .+ just joined The Vortex Coalition!"\n ".+, are you even human? You act like my dog, holy shit." (Indicator: "https://")\n "https://kamiblue.org/download" (Indicator: "https://")\n "https://kamiblue.org/api/v1/downloads.json" (Indicator: "https://")\n "https://2bqueue.info/queue" (Indicator: "https://")\n "https://kamiblue.org/api/v1/downloads.json")\n "\\n"\n "" (Indicator: "https://")\n "https://raw.githubusercontent.com/kami-blue/cape-api/capes/capes.json" (Indicator: "https://")\n "https://github.com/kami-blue" (Indicator: "https://")\n "https://kamiblue.org" (Indicator: "https://")\n "https://api.github.com/repos/kami-blue/client/contributors" (Indicator: "https://")\n "Failed to retrieve contributors from Github API.\\nCheckout the page manually: &9https://github.com/kami-blue/client/graphs/contributors" (Indicator: "https://")\n "https://youtu.be/yPYZpwSpKmA" (Indicator: "https://")\n "https://kamiblue.org/backdoored" (Indicator: "https://")\n "You can view KAMI Blue\'s &7client&f License (LGPLv3) at &9https://kamiblue.org/license" (Indicator: "https://")\n "General FAQ:\\nHow do I see all commands? - " + TextFormattingKt.formatValue(HelpCommand.access$getCompanion$p$s-2125338400().getPrefix() + INSTANCE.getName() + " commands") + "\\nHow do I use Baritone? - " + TextFormattingKt.formatVal185.199.110.153
2023-05-12 02:50:31SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:50:47 2023 GMT Not After : Jun 11 12:50:46 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a: 3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a: 0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64: 46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17: 93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe: 36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc: 48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59: 03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74: fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53: 3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70: ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59: b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42: ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79: b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b: 32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54: 41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd: 32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4: 25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10: 3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7: 49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62: f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6: 4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5: 97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c: 11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48: bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a: 86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb: 35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5: f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1: 59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee: ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97: a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7: 5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c: 9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f: a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92: a6:63:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 13 13:50:48.097 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:CF:17:8C:E7:5C:85:D2:35:C0:73:1C: DD:DC:CB:6A:69:22:6C:11:CA:4A:7A:70:E6:41:98:64: C2:D6:EB:16:05:02:21:00:BB:55:01:DF:9D:AA:0D:1D: 85:02:D9:76:FB:4F:6B:D6:D8:8F:94:82:00:A7:D0:65: 5A:13:BE:6C:BF:BD:5B:9D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Mar 13 13:50:48.131 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AF:43:46:DF:38:C8:21:CA:47:16:D3: 84:F0:B4:A9:1B:09:0F:BB:55:58:89:44:1F:3A:9E:8A: 3C:22:70:0D:03:02:21:00:8B:39:10:8E:8A:36:DF:3F: E7:32:3D:76:7C:AB:60:E8:18:70:D5:6D:0E:33:7A:97: F4:0A:88:2E:3A:2E:C4:71 Signature Algorithm: sha256WithRSAEncryption 7c:6a:76:1d:db:1c:de:c2:19:6d:98:57:99:25:b4:5e:0f:bf: 95:8c:45:a2:25:ed:32:95:f2:0a:78:4e:ff:62:f4:67:48:31: 90:2b:e2:3c:d5:1d:db:e1:60:6a:0f:17:23:34:71:35:8b:95: 4d:73:cd:e3:a3:52:97:93:84:37:a2:ed:c5:7c:91:2b:0a:f9: 83:c1:eb:81:7e:88:34:cd:f0:88:f8:df:18:16:ef:ca:7e:49: f2:a7:b7:0e:a3:4b:4e:4f:92:f3:51:0f:2b:4e:c0:52:1c:18: 2a:c7:b7:9d:09:65:0e:50:64:7a:7d:02:f3:86:ed:28:2c:cd: 4a:55:5f:32:f3:f6:3f:13:34:34:14:d8:2b:1d:6d:73:a0:41: 90:ec:31:52:17:e6:2f:8b:58:c6:fb:86:38:bb:08:6b:2a:fc: 64:0a:2b:2e:0f:f6:06:a5:76:85:8b:81:7c:0b:e7:7d:41:98: 29:67:65:9c:a3:5e:54:d7:42:a2:ca:57:e3:ed:40:b5:6b:e7: 20:ae:3b:11:70:76:c2:da:cf:31:f0:ab:ca:10:28:73:4e:36: 4a:79:71:99:ba:fe:41:29:e0:de:27:f3:42:87:08:d7:24:fe: 2c:3e:d4:01:c9:17:cd:e7:bc:a6:c4:72:63:d4:a6:ab:14:ea: 33:96:20:50 battleb0t.xyz
2023-05-12 03:01:08Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.118): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAv.AliBerksun (Net ID: 00:18:4D:47:67:DA)40.2024, 29.0398
2023-05-12 02:44:31SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:49:55 2023 GMT Not After : Apr 27 17:49:54 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49: 0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3: 37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce: 46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85: 32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc: 8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87: 4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a: b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43: aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15: 3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00: db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c: e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83: 3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5: 60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd: 14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9: ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6: e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9: 68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f: 22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3: 52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9: af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b: 37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c: 9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66: 5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66: 18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae: 0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3: 9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26: 3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96: 24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb: 90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5: 3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d: e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71: 2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7: b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f: 87:9a:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 27 18:49:55.813 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:86:06:13:D6:59:74:98:67:AB:1E:5E: 35:81:72:04:C0:6A:1F:FC:7B:00:6F:B8:03:F1:BE:1B: 95:AB:B8:28:27:02:21:00:BC:93:E5:D5:C0:AB:C3:D9: F0:70:98:2F:0B:66:FF:CE:EB:B1:93:B5:AF:E3:EC:E5: 24:C0:E0:01:07:FE:3F:C0 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Jan 27 18:49:55.791 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:EE:AA:37:8F:C9:30:00:92:D7:56:A4: B6:CE:F3:F5:CF:29:81:16:83:11:DE:9E:A3:05:67:53: 91:6D:18:E7:A8:02:21:00:D8:7E:2B:BA:15:47:72:19: DF:D8:EF:24:B0:25:79:A1:48:F8:3A:2F:C8:FB:0A:50: 3F:7F:81:1E:4F:CF:9B:26 Signature Algorithm: sha256WithRSAEncryption 54:17:5d:50:fa:47:51:89:f1:3d:5a:36:e8:d7:6e:d8:ae:85: fe:d5:2e:dc:14:36:b2:f3:63:e0:57:da:ee:7f:c4:31:c7:24: a6:e1:02:c4:6d:d7:20:80:18:28:5b:5e:4a:05:31:14:72:9e: 66:88:fd:41:57:c0:d0:ff:22:13:fd:7e:a3:d9:75:17:b4:67: 19:9a:e9:16:5e:44:4f:78:33:3a:4e:54:5f:6f:68:3b:1c:af: d6:db:9b:bd:2a:b2:ea:76:7b:55:8a:a5:42:70:bd:16:d6:9e: 36:d7:56:22:2c:f3:d5:18:19:3e:f8:18:e5:da:a9:4e:03:a9: 13:d9:fb:8a:01:6e:70:f3:d9:fb:a9:8f:9a:38:b9:d7:89:2c: 9a:59:0a:bf:e9:71:d6:1c:2b:eb:93:fd:5b:0d:32:8d:ce:21: 6b:4e:a0:7b:68:bb:1b:49:02:64:07:cd:71:b7:fa:23:e8:c5: 12:86:a7:7c:6b:b8:cf:88:07:9a:b1:b0:e7:e8:80:0a:54:1c: 15:61:1e:50:90:fa:7e:93:82:0d:40:bf:16:d5:1e:1e:93:9f: 58:6f:56:5d:6c:49:c2:36:9e:81:7f:0e:32:d4:68:dd:6c:03: 64:48:28:01:66:a7:85:1f:9a:be:92:2f:5f:75:fe:d1:ff:94: e2:b4:07:7b battleb0t.xyz
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=kekw.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-5263 (Net ID: 2C:99:24:25:52:61)37.751, -97.822
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-F3A2 (Net ID: 00:1D:D2:43:F3:A0)32.8608, -79.9746
2023-05-12 02:55:18Software UsedYesCensys0030NoneUbuntu Linux46.101.229.70
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5ddd7eab1d10af-ORD 188.114.97.1
2023-05-12 03:24:29Company NameNoCompany Name Extractor0030NoneCloudflare\, Inc.C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneTrackmaniaLadder (Category: gaming) https://en.tm-ladder.com/login_rech.phplogin
2023-05-12 03:00:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.56): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:0C:41:AC:F5:99)39.0469, -77.4903
2023-05-12 03:11:15Raw Data from RIRsNoAbstractAPI0020None{u'city': u'London', u'security': {u'is_vpn': False}, u'city_geoname_id': 2643743, u'region_geoname_id': 6269131, u'country': u'United States', u'region': u'England', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'CloudFLARENET-EU', u'organization_name': None, u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'W1B', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'22:11:14'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2a06:98c1:3121::1', u'continent': u'North America', u'region_iso_code': u'ENG'}2a06:98c1:3121::1
2023-05-12 02:50:26Raw Data from RIRsNoGLEIF0030None[{u'relationships': {u'lei-records': {u'data': {u'type': u'lei-records', u'id': u'5493007DY18BGNLDWU14'}, u'links': {u'related': u'https://api.gleif.org/api/v1/lei-records/5493007DY18BGNLDWU14'}}}, u'attributes': {u'highlighting': u'<b>CLOUDFLARE</b>, <b>INC</b>.', u'value': u'CLOUDFLARE, INC.'}, u'type': u'autocompletions'}]Cloudflare\, Inc.
2023-05-12 02:44:15Software UsedYesTool - Wappalyzer0020NoneNode.jsnwapi2.battleb0t.xyz
2023-05-12 02:56:50Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Nov 17 08:07:50 2022 GMT Not After : Feb 15 08:07:49 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29: bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f: 19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f: 68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b: 8d:5a:d8:02:5e ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA384 30:64:02:30:30:65:da:98:dc:09:a7:4c:e4:33:3c:8a:ff:b4: b6:a4:7c:dd:85:ba:d7:a9:30:8d:0e:63:cf:13:17:15:57:f9: 3b:12:68:dc:4b:97:91:0c:68:5e:6b:01:4b:4a:0f:a7:02:30: 78:5a:55:48:6e:2f:4f:60:b1:ea:bf:ab:1e:2c:b1:95:69:ea: 9d:d3:dc:5e:73:96:b4:1e:5a:b2:fd:e0:bd:42:cc:83:a6:42: 5c:5a:f3:1b:e0:65:96:82:07:eb:9c:bc
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.74): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonex-cache: HIT{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 02:54:13Web ContentNoWeb Spider2010None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60363a5a178c')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="49Idt7TVQjX1pBvRrI.6aeE3rlIvevuAC7b5vTR0YGE-1683860053-0-AY2CmFGtsZtnLcnB3KaVSnayJydAFpMBwiHerGE4rgR3JSYE2THMUlIcqEG1Ue8w91NqXc1_LHx6GFVlXiEAESIr_nGQ5go_qchKEn3Zd9LGEn7sjdr5MGswrCl99ImQfUgu6KdI_WivVs4bd90GT85W3eqgKUj3u0FUHAfgMsZls8XQdBKgHld4LM0wMOiwkj4Zv_skkfuoeKho_dzt4CkE8TkBrPt00M8eIbThaadGvVY0ZXacJCnFJrMWgEfguZYQYUBYVuQPCo4vsaoC9FJto9c6wa1TZj17T__0EGfb7iIg-Fe40vQL0GKl1g68OrtJF7bhLP5OSmmfJD-JBdOEbpA042KC5D5FyslCSfE7VL_rZtwmaMGkKhFs9rNjkGtzvRpQkvZRYfyEeWln9xUv2AoyKgo_1wsNTA_ve-XNzmkKtYDqJDpKDva2W3pJ_3486t1fxBPGklTfmIx9NlGkUpFz141VY7sqmJxOdPADiSQrKzSt-fovaHrioNcpkC_a9kgYIR8XX9ZtGjpkxl_IolwlzL--CdPxkW0zMtKJ-ob6rp2YNV1BUrgbluir9hqadqgAXGwt_gZWou60RMf3UaSZgv32iteEpLg55lWyX9LlrUvEr69WGY_mW2VC6sS9celjhcxiPOQLUkE6KOI9dyhMsK_hvZhX7dDzQsZTH4jAvHUf9CQD2LuSWPV3IPZysl2v0-TSOr10-QdcM27ziun4ot0DvTudFu8lZubQ6YgSwrTQ0wlCjvSq6gwpTOqihrt99F-QaEJWo9sY1ul0FhgMesYynTr4n3snoOM31ZGsLMXWKlkFnwUy1gZdrnW6lGoCkCZNGJjETZCrO0I1-blCIjRzIo6n3EQP7MT5qxAPdJn4-285kyLwMrAm9nW0Fi-T32j1LOogUb6WyPmjQkstsoGMIPyZHJWu0K53P0Hp3SPyKBDSdN4PFWJ5HhYglCXZ4frWkFfTdPf1mz5N5hMALh4FLKDLHit2KyOqpzy4LGkpslmmSQV9AzBKoRj1GEO_-FcLHTt9Y_hlt3lZHsDBr1qsBzb2CCXFE8o-Cu7OAduNH_CAS2sCSdUmt1KpWrCRaId6zphb5lrgZKo6-UG1p8eW6scfDanDgxE_uwAeJyjUHxAEdnSiE1KEwJ9jCVqAgp9dVVHeTI4rz44dE3vG-URKonk4rAmwzUrgRitO_d4uGYtEZ4E7qxVnEHPqSPPlSj7XCukbKVCLBJxrlSwrndqrFnPWXTVbd4VDbjuKYax1pPS7eYUGT_UeCCeppPOHUje3Psa1ejipoF94FUlnfTdlsYbhNQHOKrCLTleuO-lGh4FkydbCaYMbMeAAZyBt0xtAetQyd7ldNHUNuC2Nofi66SO1NL6dsaVskjPRRnE6ZvIpqMSXLJLgGQGDosioOi4TetnoLMpoodURiB_nIbRVwEcdjLeqlr_heAlhB9DjGpMi7U2THwVCr2WtE0eC7jgUi7EvjeNq152r1Qqg397yfToV5_wu059jWgynPgNUwC4lcn5G-MBIXveyQXm1Kc3wCLL9zpH8MAPvrg7a-sB2jNRF-Z6W26XqIgEKRCWc-Pxvv_Wf4vRraOQIcroiI7Bz-VZanQ8qRRCNJq9kL7QMtAUM-80bmDBTJgrVoo5PdyUEhsNJHqX9OXSul2XByOb4cFHCten8oYXlq-xQqbPW5cLy025uWQytdBIECEqK0e5vKcu_KE0Uj51a0tZyH3JcwbPPE_fH4pbZorm5Kg1q7pYpinkOp5o93d4llyQL17ps--AQEqRvOWDfy9ih2KJc_BE5lNLHq-v1h4WyL3qch3dFUNrf6TKv44d5E5ZODSf9MR91_YJ1LP3HF-0gnEEbwwFvu5w7kqPMreWbivd9zybQFoONhHZIvue3MsgjfZ1vLvfzi0_pLzPV9XnL3aZnuVWNQ5m-tjTF6DVwD4heQQWtO8aBzn7YpoO7pmb5XcFPRZknXUl9vyibdHsym3ALRgx4Xf0sXY0Egq8vPrGtUmUt_qhEJTk5P3R0wsoRFa49pkuv79cmFbVV6UYUcsY_Ht1FZEPOAMMuij1BfHolOncuoa8HH91s4MToLK5e4ZXLCuwnrhU1Iz07g8_F8FiO-szvC0BSEfX52p_c3LsFOQ8KHGFOOtlIbkgQfFx7vErT1y0UZSuoR1HN5mwxz005itrk8qw-cU_4QXYVr0nnwhQQexYkVxHYLRxlHlGu9xonuO_9eyVCe8GyN79j4Enif4_dFDplAW77cjHRHWhMTCE5n_dU-96YMnkyFZr2m1KSUUWqQndQzduR6sMHEDQuErbPvLqIaJ3xphVgcTAzrMD12jvSU-bukvEL-wHHmzTDiCAItW9qw0XBzVZ7Ll736rJi4i9XorZ16wxKlOhw9SC6r707lQ43XMPgmmt8I71p5Y7NNqy-niBv8MJGeGRjObImH8n6JVBEQ7vEkMfTCD53zst2b-4V3RTMfSwntBlaoqZZYZdNBZBlFTqFK5PeKUk6cNexkn95wQmcJcuYO0vxq3IUpP6X"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '94216', cRay: '7c5f60363a5a178c', cHash: 'a8c2f7f784ba63b', cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'TetCTvIHDoj9yN1Q4CtSp4oIXaz0U+HIhBy4s5iV5musPrd3qRRyHc90BWI/jzQYM3TsRZmdrYIIHsGBQ3rbPW3lOoqcfi5CawfhzjAeMsvCOqeqTs713ExQ08oz+vVkhRriZ7KOQkOV4gBocW2cG02BuWOMw473YNbayiyCJXNB9iidY4XwtRQU/oWv27be04lXHovk9dndBeKEBgbit5s9pMfaIl2tziG8KWxKRTXRRw94m0HSrFr22Qs7or0V3+F4nT0oqiT9CcwY4AtGAb1j1UI+nGhI1ep4c+HVRPQEv5JYmnedW8parB9/FBeu/+bgHoTPsvVjRcT+Zj3bh9L0pk5dvmAuwrAT2+Y12w3HYJ8EUaGW5hUxEwUm3qO45VrjFOfVZH1XXhpCDpIgdaMP38+Gmi8gCSX1fmRmElBR13XOvdIqlcHPrE3eBXTlLOzhqpjHznAyvR3aMgy5C0JAffwSrtelgLWCQTUkAhSVivNH0wfno5PZypoOVrpGZ9n0kycNgQnfvHpFI9kAmKT2MlQ1LuH6zqEPZLkiqKrLJjogiPERqj0XyjcrK42c', t: 'MTY4Mzg2MDA1My40NzkwMDA=', m: 'X3NUo99x/4mGPFmrz69qVs5k5pJtmgeVcyYRkA87vXs=', i1: 'Sn1NO9u6sfSr5lno+YjwEg==', i2: 'LxAqQZecIh4w4zR/ETAJ7g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60363a5a178c'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60363a5a178c'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> ayhu.xyz
2023-05-12 02:56:21Netblock MembershipNoRIPE0020None87.248.157.0/2487.248.157.102
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider29020Nonehttps://funny.battleb0t.xyz/funny.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:5D:96:FD)33.336199,-111.89446440830702
2023-05-12 03:09:00Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.9487.248.157.102
2023-05-12 02:48:34Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://sweetushivi17.github.io/Microsoft-login-page/', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://sweetushivi17.github.io/microsoft-login-page/', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://sweetushivi17.github.io/microsoft-login-page', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://sweetushivi17.github.io/Microsoft-login-page/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b84_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b84_ConnHashTable<2948>_HashTable_Mutex"\n "IsoScope_b84_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2948"\n "IsoScope_b84_IESQMMUTEX_0_303"\n "IsoScope_b84_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b84_IE_EarlyTabStart_0xc60_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "185.199.110.153:443"\n "104.16.86.20:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sweetushivi17.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "sweetushivi17.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".bi-twitter::before { content: "\\f5ef"; }" (Indicator: "twitter")\n ".bi-youtube::before { content: "\\f62b"; }" (Indicator: "youtube")\n ".bi-paypal::before { content: "\\f662"; }" (Indicator: "paypal")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "gradient_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 3000x2000 components 3"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bootstrap-icons_1_.woff" has type "Web Open Font Format TrueType length 164360 version 1.0"- [targetUID: N/A]\n "bootstrap-icons_1_.css" has type "ASCII text"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002948]\n "~DF53903A5E404B1FCB.TMP" has type "data"- Location: [%TEMP%\\~DF53903A5E404B1FCB.TMP]- [targetUID: 00000000-00002948]\n "~DF05E154F480DFB66A.TMP" has type "data"- Location: [%TEMP%\\~DF05E154F480DFB66A.TMP]- [targetUID: 00000000-00002948]\n "~DFA5701C5187025040.TMP" has type "data"- Location: [%TEMP%\\~DFA5701C5187025040.TMP]- [targetUID: 00000000-00002948]\n "RecoveryStore._A6C704DF-DD69-11ED-A7BD-080027F574BD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_A6C704E1-DD69-11ED-A7BD-080027F574BD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AF26B50C-DD69-11ED-A7BD-080027F574BD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "Microsoft-login-page_2_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "3P2T1AIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3P2T1AIT.txt]- [targetUID: 00000000-00003404]\n "84GBFS1L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\84GBFS1L.txt]- [targetUID: 00000000-00002948]\n "BI76777G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BI76777G.txt]- [targetUID: 00000000-00002948]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /Microsoft-login-page/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://sweetushivi17.github.io/Microsoft-login-page/"\n Pattern match: "http://sweetushivi17.github.io"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "SUIDMmicrosoft.com/9216393460646431027691283476884631027574*MUID137D942D0AA16C820DDA86DB0B256DBFmicrosoft.com/1025406709568031106045283492509631027574*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "https://icons.getbootstrap.com/"\n Pattern match: "https://github.com/twbs/icons/blob/main/LICENSE.md"\n Pattern match: "SUIDMmicrosoft.com/9216393460646431027691283476884631027574*MUID137D942D0AA16C820DDA86DB0B256DBFmicrosoft.com/1025406709568031106045283492509631027574*_EDGE_V1microsoft.com/9216406709568031106045283508134631027574*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/bootstrap.min.css"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.4/font/bootstrap-icons.css"\n Pattern match: "isdomainmigratedtruewww.msn.com/102566554790431063801283883134631027574*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUID2B12DF6F2BEE647803B1CD992AA265D9msn.com/1025406709568031106045283883134631027574*"\n Pattern match: "SUIDMmicrosoft.com/9216393460646431027691283476884631027574*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUIDB137D942D0AA16C820DDA86DB0B256DBFieonline.microsoft.com/9216406709568031106045283492509631027574*"\n Heuristic match: "sweetushivi17.github.io"\n Heuristic match: "cdn.jsdelivr.net"\n Heuristic match: "GET /Microsoft-login-page/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: sweetushivi17.git"\n Pattern match: "https://sweetushivi17.github.io/Microsoft-login-page/Accept-Language"\n Heuristic match: "weetushivi17.github.io"\n Pattern match: "sweetushivi17.github.io/Microsoft-login-page/"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.micros185.199.110.153
2023-05-12 03:42:55Affiliate - Email AddressNoE-Mail Address Extractor0070Noneabuse@world4you.com Domain Name: INFLANY.COM Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: http://www.world4you.com Updated Date: 2023-04-13T07:19:32Z Creation Date: 2022-04-12T14:21:11Z Registry Expiry Date: 2024-04-12T14:21:11Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.WORLD4YOU.AT Name Server: NS2.WORLD4YOU.AT DNSSEC: signedDelegation DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:42:43Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: inflany.com Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: https://www.world4you.com Updated Date: 2023-04-13T21:36:05Z Creation Date: 2022-04-12T14:21:11Z Registrar Registration Expiration Date: 2024-04-12T14:21:12Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: abuse@world4you.com Registrar Abuse Contact Phone: +43.73293035 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: AT Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AT Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: https://whoispro.domain-robot.org/whois/inflany.com Name Server: ns1.world4you.at Name Server: ns2.world4you.at DNSSEC: signedDelegation URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp # World4You Internet Services GmbH WHOIS service. # # The data in the World4You WHOIS database is provided to you by # World4You Internet Services GmbH for informational purposes only and # may be used to assist persons in obtaining information about or # related to a domain name registration record. # Except for agreed Internet operational purposes (such as register or # modify existing registrations), no part of this information may be # stored, reproduced or transmitted by any means. # World4You does not guarantee its accuracy. # # By submitting a WHOIS query, you agree that you will use this data # only for lawful purposes and that, under no circumstances, you will # use this data to # (1) allow, enable, or otherwise support the transmission of mass # unsolicited, commercial advertising or solicitations via E-mail # (spam); or # (2) enable high volume, automated, electronic processes that apply # to World4You (or its computer systems). # World4You reserves the right to modify these terms at any time. # By submitting this query, you agree to abide by this policy. # www.world4you.com - Your hostingprovider.at
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneNH-NEW (Net ID: 00:01:21:31:EF:1C)37.7642, -122.3993
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneTurkeyBursa, Bursa Province, 16250, Turkey, Asia
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonemike1 (Net ID: 00:01:71:0A:05:C5)52.3759, 4.8975
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Noneredwood (Net ID: 00:01:38:85:C1:F8)37.7813933,-122.3918002
2023-05-12 02:55:21Netblock MembershipNoCensys6030None207.154.224.0/20207.154.228.169
2023-05-12 03:03:16Internet Name - UnresolvedNoDNS Resolver0020Nonecpanel.ayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 25 01:39:25 2023 GMT Not After : May 26 01:39:24 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 25 02:39:25.268 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:87:F6:3C:B2:E0:C2:7B:F4:59:32:49: FF:84:EE:E1:AC:5D:A1:7E:84:DE:B8:AC:92:3B:97:98: 6D:C7:11:07:D0:02:21:00:8E:A1:79:1C:1F:BD:8E:15: DE:AB:97:FE:40:E1:D9:C2:1C:3E:55:3D:39:DF:88:B8: 3E:30:32:EA:CF:51:A0:F3 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Feb 25 02:39:25.238 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C0:CA:4A:3A:01:79:C5:F7:4D:18:6C: 70:E8:74:A4:FC:31:5E:46:FF:DB:BC:55:79:1C:6B:D3: 2A:77:33:92:7D:02:21:00:B3:6C:B3:CD:94:6E:40:07: 54:43:CE:33:E0:3F:C2:49:48:DC:19:23:44:E4:9D:8B: 7E:E1:7F:46:CE:18:EF:B6 Signature Algorithm: sha256WithRSAEncryption b2:e3:a8:2c:e5:ba:7b:3e:8e:fb:de:05:c9:db:df:10:e1:3a: 4a:d4:c8:e9:16:76:31:31:b8:1d:87:e3:42:15:5c:d9:01:d1: e3:21:14:96:0d:03:d6:ab:2a:bb:6e:da:97:10:fe:b1:03:48: ab:7e:6d:7b:96:6d:e0:3a:5a:e9:94:2e:83:ae:3f:a8:a5:8c: 25:3a:a9:c5:1d:63:8a:0d:55:4d:54:c8:3a:17:d4:72:72:76: 78:9d:29:2a:3b:de:f5:0a:4c:d8:44:82:1f:1a:29:cc:5c:2c: bf:7e:db:71:7c:50:e3:91:fe:95:3f:d3:87:5f:30:37:48:ec: 63:b6:a1:ac:33:ac:63:05:b2:8f:6d:ee:9e:2e:ac:50:59:e9: 41:46:d2:71:65:05:17:42:d9:3e:21:9d:d7:90:39:a6:8f:2d: e8:4a:d4:ff:6d:9e:32:c6:82:05:8f:a4:b5:74:b4:70:df:28: 4b:50:c8:1b:36:1a:ae:cf:7b:ab:92:23:e6:77:97:f2:47:a4: b0:52:f2:9d:cf:be:68:a2:8a:f2:2f:f0:66:0b:d3:34:2a:c7: 8a:35:c4:1c:33:2d:e5:90:de:56:a7:97:86:7c:97:c9:45:8f: 99:61:22:00:3d:aa:b2:87:0d:35:bb:4c:f3:f8:1c:f8:99:c1: e8:d1:30:c6 battleb0t.xyz
2023-05-12 02:56:52Internet NameNoDNS Resolver0030Nonenuke.battleb0t.xyz[{"url": "https://nuke.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nuke.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 03:11:15Physical CoordinatesNoAbstractAPI0020None37.751, -97.8222a06:98c1:3121::1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneHackerOne (Category: tech) https://hackerone.com/loginlogin
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.230): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:58787.248.157.102
2023-05-12 02:54:41Physical LocationNoCensys1030NoneNorth Charleston, South Carolina, 29418, United States, North America104.196.30.220
2023-05-12 02:44:30Software UsedYesTool - Wappalyzer0020NoneBootstrappics.battleb0t.xyz
2023-05-12 02:44:30Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 02:58:25Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://theuselessweb.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "142.251.33.66:443"\n "142.251.215.232:443"\n "13.227.44.89:443"\n "142.251.33.98:443"\n "151.101.24.157:443"\n "142.251.211.234:443"\n "104.22.28.80:443"\n "142.250.217.99:443"\n "142.251.211.226:443"\n "142.251.215.226:443"\n "142.250.217.65:443"\n "157.240.22.35:443"\n "216.239.32.178:443"\n "31.13.70.7:443"\n "142.251.215.227:443"\n "104.244.42.136:443"\n "192.30.252.153:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "Local\\SM0:7884:304:WilStaging_02"\n "Local\\SM0:7884:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7524:304:WilStaging_02"\n "Local\\SM0:7524:120:WilError_01"\n "Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7524:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7524:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"corndog.io"\n "ko-fi.com"\n "syndication.twitter.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"corndog.io"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007524]\n "urlref_httpstheuselessweb.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00007524]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007524]\n "f_00023e" has type "gzip compressed data from Unix original size modulo 2^32 327190"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00007604]\n "5f8b2db9-2edb-4814-8b96-b77d0a37937f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5f8b2db9-2edb-4814-8b96-b77d0a37937f.tmp]- [targetUID: 00000000-00007524]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007524]\n "841720b3488bb430_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "gzip compressed data max compression original size modulo 2^32 156532"- [targetUID: N/A]\n "f_00023d" has type "data"- [targetUID: N/A]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7524_1677671563\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007524]\n "82f670ef-d283-42d5-9dd3-9994f8b6bb17.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\82f670ef-d283-42d5-9dd3-9994f8b6bb17.tmp]- [targetUID: 00000000-00007524]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007524]\n "Last Browser" has type "data"- [targetUID: N/A]\n "42cc4980-2299-45cd-bbba-1cbd6f9855b4.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "b5d97750-b492-4a8b-8f50-3e1d821b7085.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b5d97750-b492-4a8b-8f50-3e1d821b7085.tmp]- [targetUID: 00000000-00007524]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007524]\n "0c66e245-2f42-4c20-9b7a-29bfc70402bc.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 37080"- [targetUID: N/A]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00007524]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.fingerprint]- [targetUID: 00000000-00007524]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"syndication.twitter.com" (Indicator: "twitter")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://theuselessweb.com/"\n Pattern match: "https://theuselessweb.com"\n Heuristic match: "corndog.io"\n Pattern match: "http://corndog.io/"\n Heuristic match: "ko-fi.com"\n Heuristic match: "syndication.twitter.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007524]'}], u'threat_level': 0, u'size': None, u'job_id': u'63977e9dae1f9c003b5ce605', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 1}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.74.170.74', u'142.251.33.66', u'142.251.215.232', u'13.227.44.89', u'142.251.33.98', u'151.101.24.157', u'142.251.211.234', u'104.22.28.80', u'142.250.217.99', u'142.251.211.226', u'142.251.215.226', u'142.250.217.65', u'157.240.22.35', u'216.239.32.178', u'31.13.70.7', u'142.251.215.227', u'104.244.42.136', u'192.30.252.153'], u'sha256': u'cc115afccd6fc96e7e94198d40bec095c6c34.74.170.74
2023-05-12 02:54:44Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H04J1V5ZEHVH006E5VV5HBN1 Date: <REDACTED> Content-Length: 0 35.229.48.116
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonedefault (Net ID: 00:0D:88:94:94:59)32.8608, -79.9746
2023-05-12 02:45:01Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.109.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.109.153/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7642, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94107', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.3993, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}185.199.109.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D0:D0)32.8608, -79.9746
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.11): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneMy Passport (2.4 GHz) - 0772ED (Net ID: 00:00:C0:07:72:ED)37.7813933,-122.3918002
2023-05-12 02:53:42HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["1626:5CFD:236BDF0:36406A6:645D3ABC"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683831485.544725,VS0,VE28"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["b61afadfbad522ceb47c8a79f54a7ce4c88966b0"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100102-CHI"], "Accept_Ranges": ["bytes"]}185.199.109.153
2023-05-12 03:11:07Physical CoordinatesNoOpenStreetMap90040None37.7813933,-122.3918002101 Townsend Street, San Francisco, US-CA, US, 94107
2023-05-12 03:32:15Open TCP PortNoPulsedive0030None188.114.97.8:8080188.114.97.0/24
2023-05-12 02:53:10Raw Data from RIRsNoTool - WAFW00F1030None[{"url": "https://vscode.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://vscode.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]vscode.battleb0t.xyz
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [001328.github.io] https://www.openphish.com/feed.txt001328.github.io
2023-05-12 02:54:54Netblock IPv6 MembershipNoCensys0020None2a06:98c1:3121::/482a06:98c1:3121::1
2023-05-12 02:47:27Open TCP PortNoPulsedive0020None185.199.109.153:443185.199.109.153
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f8c5e7988238a-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:21Web Content TypeNoWeb Spider0050Nonetext/csshttp://vscode.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 02:58:51Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://docs.semeris.com/-/transactions/lib9681ar/private/creativeteton?#doc-creativeteton-doc%3Fauto%3Dtrue', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_4b8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_4b8_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_4b8_IESQMMUTEX_0_519"\n "IsoScope_4b8_ConnHashTable<1208>_HashTable_Mutex"\n "IsoScope_4b8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1208"\n "IsoScope_4b8_IE_EarlyTabStart_0xcdc_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_16DA73C7-3990-11ED-AD5E-080027028D54_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001208]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001208]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002448]\n "~DF3EF417CE002B5E1E.TMP" has type "data"- Location: [%TEMP%\\~DF3EF417CE002B5E1E.TMP]- [targetUID: 00000000-00001208]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00001208]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00002448]\n "~DF2B8D68DAE78C0FF5.TMP" has type "data"- Location: [%TEMP%\\~DF2B8D68DAE78C0FF5.TMP]- [targetUID: 00000000-00001208]\n "~DFA907A56EE39E2179.TMP" has type "data"- Location: [%TEMP%\\~DFA907A56EE39E2179.TMP]- [targetUID: 00000000-00001208]\n "1XFY5LX8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1XFY5LX8.txt]- [targetUID: 00000000-00001208]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001208]\n "RecoveryStore._16DA73C5-3990-11ED-AD5E-080027028D54_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://docs.semeris.com/-/transactions/lib9681ar/private/creativeteton?#doc-creativeteton-doc%3Fauto%3Dtrue"\n Pattern match: "https://docs.semeris.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: https://www.wildbeard.app/ (AV positives: 1/88 scanned on 09/21/2022 11:28:28)\n URL: https://zoommeetingbackgrounds.com/ (AV positives: 1/88 scanned on 09/21/2022 11:06:42)\n URL: https://rad-malabi-562f5e.netlify.app/?naps (AV positives: 1/89 scanned on 09/21/2022 10:39:51)\n URL: https://ts3.app/ (AV positives: 1/88 scanned on 09/21/2022 10:05:55)\n URL: https://gleeful-tapioca-4e76b0.netlify.app/ (AV positives: 2/88 scanned on 09/21/2022 09:27:54)\n File SHA256: e6b8324a67ce0c8fcce1f50ff15981bfa2197cd7b32f97cf0734ecd53d415352 (AV positives: 4/75 scanned on 09/15/2022 10:50:57)\n File SHA256: 1026177be3921f58bc03d5818a94a864520f14f76d183f25aa7c4d336cb1e5c9 (AV positives: 3/74 scanned on 09/13/2022 23:26:25)\n File SHA256: 0c9d72af2ea2e3934f99c4659037afa2b80f730b0df269b091ab073eb1b3392c (AV positives: 24/75 scanned on 09/12/2022 23:24:30)\n File SHA256: 0616ae44e3accaf9af529e16093b1b1f6d7954aa93056766bfd2eb4926560ee2 (AV positives: 24/75 scanned on 09/12/2022 18:53:06)\n File SHA256: 659266e6d4ff1538972b6f39af1dab6ca217fadafe0dfd96a403d10c5b97a521 (AV positives: 9/75 scanned on 09/11/2022 22:57:22)\n File SHA256: faa32adb3d32d68cd8bc667b146e874a96cb4469d8e5dbbe4122216b9771bd2e (Date: 11/17/2019 03:18:46)'}], u'threat_level': 0, u'size': None, u'job_id': u'632af55f008c332beb442bb4', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'8542bd5b44a22c5a1605485c1ad44055090c9b024aee2513be530a18da580c4a', u'sha512': u'9ae3d19c8ebe44cd7b07416ccf2b632216a73ad72d62e0a59452f4da2231ab6132942ab6ef56a328060f6962cbfdca6869224c57c2dce533812597b39ac4579b', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://docs.semeris.com/-/transactions/lib9681ar/private/creativeteton?#doc-creativeteton-doc%3Fauto%3Dtrue', u'submission_id': u'632af560008c332beb442bb5', u'created_at': u'2022-09-21T11:28:32+00:00', u'filename': None}], u'analysis_start_time': u'2022-09-21T11:28:32+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 6, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'75ddf83f80276bc7273fb058a3a32b7b', u'network_mode': u'default', u'processes': [], u'sha1': u'e5d4489c92656003234158f7fa1d115343dd3dfc', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]34.74.170.74
2023-05-12 03:41:52Operating SystemNoCensys0030NoneMicrosoft Windows45.131.109.53
2023-05-12 02:53:15IP AddressNoMnemonic PassiveDNS0010None172.67.168.252battleb0t.xyz
2023-05-12 02:46:38BGP AS MembershipNoRIPE0030None36459185.199.108.0/24
2023-05-12 02:46:32Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://k8slens.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:5528:304:WilStaging_02"\n "Local\\SM0:5528:120:WilError_01"\n "SM0:5528:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:3984:304:WilStaging_02"\n "SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3984:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.191.74:443"\n "142.251.214.131:443"\n "172.217.12.104:443"\n "34.248.78.39:443"\n "192.30.255.117:443"\n "142.251.46.174:443"\n "104.254.151.69:443"\n "142.250.141.157:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.k8slens.dev"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003984]\n "f_00024d" has type "Web Open Font Format (Version 2) TrueType length 25036 version 1.0"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006748]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003984]\n "f_00023e" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "Session_13324055852125015" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "PNG image data 500 x 500 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006748]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003984]\n "Last Browser" has type "data"- [targetUID: N/A]\n "6d3ef7fa-ecc8-4cf2-87b4-e82371405c12.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "temp-index" has type "data"- [targetUID: N/A]\n "627c3a7f-c957-4f31-952c-cbc35428ddc2.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "data_1" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006748]\n "f4af993c-e56b-444e-bf40-1281122cb7b5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "data_0" has type "FoxPro FPT blocks size 512 next free block index 3284796609 field type 0 dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006748]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\LOG]- [targetUID: 00000000-00003984]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://k8slens.dev/"\n Pattern match: "https://k8slens.dev"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"\n Pattern match: "https://fonts.googleapis.com,supports_spdy:true},{anonymization:[],server:https://edge.microsoft.com,supports_spdy:true},{alternative_service:[{advertised_alpns:[h3],expiration:13326647883143133,port:443,protocol_str:quic}],anon"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.251.214.131"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.243.25"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="&#x2a;",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}], u'threat_level': 0, u'size': None, u'job_id': u'641c62f03e70d209d706b9d4', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent'185.199.111.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:02:2D:03:10:83)37.7813933,-122.3918002
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+14806242599Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13734.148.97.127
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneAWildAndAnUntamedThing (Net ID: A0:8E:78:0F:4D:DE)37.751, -97.822
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/fredo.PNGhttps://funny.battleb0t.xyz/
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.103): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:50Affiliate - Internet NameNoDNS Resolver0040None83.170.74.34.bc.googleusercontent.com34.74.170.83
2023-05-12 02:59:11Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74', u'96.6.31.32'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.mailhardener.com/kb/email-address-types-explained', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "184.31.135.120:80"\n "96.6.31.32:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001948)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFDEF.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00001948) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001948)'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2936"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_IE_EarlyTabStart_0x580_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_ConnHashTable<2936>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "DBWinMutex"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b78_IESQMMUTEX_0_331"\n "IsoScope_b78_IESQMMUTEX_0_519"\n "IsoScope_b78_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabFDC0.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002576]\n "~DF3E880A0438641726.TMP" has type "data"- Location: [%TEMP%\\~DF3E880A0438641726.TMP]- [targetUID: 00000000-00002936]\n "TarFDEF.tmp" has type "data"- Location: [%TEMP%\\TarFDEF.tmp]- [targetUID: 00000000-00002576]\n "~DF1BC890B88EE71D3E.TMP" has type "data"- Location: [%TEMP%\\~DF1BC890B88EE71D3E.TMP]- [targetUID: 00000000-00002936]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002936]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002936]\n "~DFA7CC1D957708F1CF.TMP" has type "data"- Location: [%TEMP%\\~DFA7CC1D957708F1CF.TMP]- [targetUID: 00000000-00002936]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002936]\n "CabFDC0.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabFDC0.tmp]- [targetUID: 00000000-00002576]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002936]\n "QOCAT697.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QOCAT697.txt]- [targetUID: 00000000-00002936]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002936]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002576]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00002576]\n "M5GPFNCR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\M5GPFNCR.txt]- [targetUID: 00000000-00002936]\n "441474DA509340201AE7BB4EF094648C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\441474DA509340201AE7BB4EF094648C]- [targetUID: 00000000-00002576]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002936]\n "~DF9E4F20B7A536AEA1.TMP" has type "data"- Location: [%TEMP%\\~DF9E4F20B7A536AEA1.TMP]- [targetUID: 00000000-00002936]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /kb/email-address-types-explained HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.mailhardener.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974\nX-Response-Cache-Status: True\nExpires: Thu, 28 Jul 2022 00:27:42 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Thu, 28 Jul 2022 00:27:42 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"- [Source: SSL_96.6.31.32]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.mailhardener.com/kb/email-address-types-explained"- [Source: Input]\n Pattern match: "https://www.mailhardener.com"- [Source: Input]\n Heuristic match: "x1.c.lencr.org"34.74.170.74
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneTexasTech94 (Net ID: 8C:3B:AD:4D:21:5C)37.751, -97.822
2023-05-12 03:23:44Open TCP PortNoPulsedive0030None188.114.96.17:80188.114.96.0/24
2023-05-12 02:46:50Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app34.74.170.74
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Nonescoop.sh185.199.108.153
2023-05-12 02:54:18Web ContentNoWeb Spider0040Nonebody{ padding-top:70px; } .jumbotron{ color: #2c3e50; background-color: #ecf0f1; } .navbar-inverse{ color: #2c3e50; } .navbar-inverse .navbar-nav>li>a { color: white; } .navbar-inverse .navbar-brand{ color: white; }https://pics.battleb0t.xyz/gallery.css
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_phone-2 (Net ID: 00:0C:E6:8A:9F:66)50.8897, 6.0563
2023-05-12 02:56:55Internet NameNoDNS Resolver0020Nonepanel.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:26 2022 GMT Not After : Feb 15 17:26:25 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8: 0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6: 87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77: 89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51: 03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57: 77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6: 6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c: bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4: 7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3: 39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01: 8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3: f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0: ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63: dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40: ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92: 92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9: 16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87: cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef: 92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce: 9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3: 75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa: f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93: ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d: 65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20: 31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5: 33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee: da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed: 36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e: 49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af: 27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11: cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f: 12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35: 9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e: dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13: f8:ae:73 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 18:26:26.989 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:1A:E4:CF:4C:AD:D9:EC:E6:4D:52:65:1B: 53:65:93:D9:DC:39:99:A6:D5:5A:C5:E1:DA:D9:DC:69: 36:3C:98:86:02:21:00:E0:F7:55:18:14:DF:74:E8:00: 3D:35:13:2B:3F:8A:22:AD:87:C6:66:15:7C:5F:B8:54: 95:49:86:D0:08:0C:1B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 18:26:27.535 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:10:EE:87:AF:95:13:B6:C6:D8:9A:F6:9C: 22:3D:17:76:A6:CE:D0:EB:19:02:D0:A5:1A:1A:C9:0A: 31:65:BA:ED:02:21:00:BF:DA:3B:7E:F3:78:A8:0B:93: 1F:B2:E6:E1:12:B5:BD:BA:22:84:17:45:4A:B3:61:A0: 29:F4:AF:0F:35:96:20 Signature Algorithm: sha256WithRSAEncryption b5:83:07:c9:de:56:9d:a9:96:e7:9d:33:0e:6f:ac:fa:87:16: 78:39:67:66:6c:ed:a2:8a:03:1a:72:05:18:f6:0f:96:45:6f: 8b:7f:87:4a:7e:42:aa:5b:99:9b:ac:a1:20:ef:8a:3a:25:64: 1c:a0:d1:77:e9:b8:80:07:f6:06:a3:d2:6d:a5:d1:dd:94:0d: f9:e5:86:a9:a6:b8:76:39:cd:1d:fb:3e:ff:83:72:04:4c:2a: 14:fb:7f:65:eb:20:3e:c2:84:49:b5:05:7e:d8:32:30:2d:ef: 38:80:5a:18:e3:cd:59:d6:9f:ac:ee:c8:4b:1a:74:fc:f4:50: 49:af:e3:8f:99:a7:48:63:80:91:24:9e:c4:3b:1d:5f:e7:b4: 1a:3b:17:c3:a0:96:88:b3:17:31:2b:42:d2:5c:02:ce:26:2d: 05:3d:b5:62:e2:53:7c:d1:bc:6c:3b:50:e7:fe:06:7f:f3:8c: c1:45:7a:6f:01:d6:e5:6b:4c:b1:72:55:a1:cc:c8:79:92:38: 80:4e:bb:ab:bb:48:59:61:91:04:3d:4f:6a:29:7c:c3:ea:6b: 3b:30:22:90:a8:7e:7e:06:d7:9e:99:8b:4b:c9:e9:df:59:76: 1a:71:60:d4:87:0d:e1:27:92:03:31:f8:a9:32:a1:14:b5:ce: 97:e4:9e:4f
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan47 (Net ID: 00:02:6F:08:21:E6)37.7642, -122.3993
2023-05-12 02:55:21Software UsedYesCensys0030NoneOpenBSD OpenSSH 8.9p1207.154.228.169
2023-05-12 02:44:30Internet NameNoDNS Resolver0020Nonenwapi2.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Noneakashpmani.github.io185.199.108.153
2023-05-12 02:54:07Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5445d12f8c1040-ORD Content-Encoding: gzip 2606:4700:3031::ac43:8709
2023-05-12 02:44:49Company NameNoCompany Name Extractor4020NoneGo Daddy, LLCDomain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:31:32Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@resellercamp.comDomain Name: AIHU.XYZ Registry Domain ID: D351663834-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: https://idwebhost.com Updated Date: 2023-03-07T15:29:15.0Z Creation Date: 2023-03-02T11:39:51.0Z Registry Expiry Date: 2024-03-02T23:59:59.0Z Registrar: CV Jogjacamp Registrar IANA ID: 1478 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: FENG SHENG FEI XING Registrant State/Province: Jiangsu Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.DAN.COM Name Server: NS2.DAN.COM Name Server: VERIFICATION-EE5FF475.NS3.DAN.HOSTING DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:32.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: AIHU.XYZ Registry Domain ID: D351663834-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: http://resellercamp.com/ Updated Date: 2023-03-02T11:40:08Z Creation Date: 2023-03-02T11:39:51Z Registrar Registration Expiration Date: 2024-03-02T23:59:59Z Registrar: CV. Jogjacamp Registrar IANA ID: 1478 Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited) Registrant Organization: FENG SHENG FEI XING Registrant State/Province: Jiangsu Registrant Country: CN Name Server: ns1.dan.com Name Server: ns2.dan.com Name Server: verification-ee5ff475.ns3.dan.hosting DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:02:33Z<<< For more information on Whois status codes, please visit https://icann.org/epp Registration Service Provided By: PREMIUMDOMAINSELLER The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is", and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The Registrar of record is CV. Jogjacamp. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms.
2023-05-12 02:53:52Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-11T23:53:52.386Z", "ip": "2606:50c0:8003::153", "location_updated_at": "2023-05-08T14:21:40.589738Z", "autonomous_system_updated_at": "2023-05-08T14:21:40.589787Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.willbishop.dev": {"record_type": "CNAME", "resolved_at": "2023-03-06T20:23:13.520153960Z"}, "www.bwalshy.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T14:00:22.144392997Z"}, "www.torstengoerke.de": {"record_type": "CNAME", "resolved_at": "2023-04-27T17:43:29.486037892Z"}, "www.rohanseth.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T00:00:27.264834898Z"}, "www.asiavalentine.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:52:15.471978167Z"}, "catclicker.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:42:34.665120760Z"}, "www.omkardhande.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:55:27.721595395Z"}, "www.montferret.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:26.803641174Z"}, "www.mopboygame.com": {"record_type": "CNAME", "resolved_at": "2023-04-26T15:40:46.290988158Z"}, "hkatz.dev": {"record_type": "AAAA", "resolved_at": "2023-03-22T11:14:05.854477536Z"}, "www.davidzlchen.com": {"record_type": "CNAME", "resolved_at": "2023-01-02T13:08:47.912274315Z"}, "msk.im": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:24:25.369430576Z"}, "web-dev.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:36.047967881Z"}, "svelte.calories.claas.dev": {"record_type": "CNAME", "resolved_at": "2023-04-04T16:51:51.844422366Z"}, "namco.dev": {"record_type": "AAAA", "resolved_at": "2023-01-19T14:14:45.143590011Z"}, "www.shaneporter.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:20:35.708785655Z"}, "thaecohvah.syntactic-sugar.design": {"record_type": "CNAME", "resolved_at": "2023-04-23T09:37:19.694810939Z"}, "bbs.codecrh.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:22:29.106820702Z"}, "kbau.dev": {"record_type": "AAAA", "resolved_at": "2023-02-27T15:42:55.285099290Z"}, "www.kazusato.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:18.300056949Z"}, "cuillere.dev": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:59:59.805050461Z"}, "www.srinivasreddy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:53.148982927Z"}, "www.cliu.dev": {"record_type": "CNAME", "resolved_at": "2023-03-24T23:25:10.893500128Z"}, "www.brothersistershow.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T14:08:02.708910195Z"}, "www.notsostandardmodel.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:47:59.242829135Z"}, "kaiseki.coderfin.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T16:02:42.934790176Z"}, "www.robisonweb.dev": {"record_type": "CNAME", "resolved_at": "2023-02-28T15:51:22.213479983Z"}, "www.yshemesh.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T14:55:03.301623541Z"}, "trubbylove.laury.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:26.457996047Z"}, "blog.hiluohao.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:57:36.831718722Z"}, "www.yusry.de": {"record_type": "CNAME", "resolved_at": "2023-04-23T16:48:40.403075909Z"}, "www.bboey.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:00:09.830879590Z"}, "xn--nschtos-n2a.de": {"record_type": "AAAA", "resolved_at": "2023-04-16T16:34:59.210581178Z"}, "treader.calbertts.com": {"record_type": "CNAME", "resolved_at": "2023-05-05T14:10:44.551458266Z"}, "data-observability-tag.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:12.630016737Z"}, "www.ttlresearch.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T20:20:06.761328463Z"}, "siuts.proekspert.ee": {"record_type": "CNAME", "resolved_at": "2023-02-08T17:06:34.527975069Z"}, "www.dannytran.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:34.941987381Z"}, "yanshouwang.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:54.271513621Z"}, "www.hiennguyen.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:59:42.443779889Z"}, "www.kiernanro.ch": {"record_type": "CNAME", "resolved_at": "2023-03-23T13:12:26.767995363Z"}, "database.jiny.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:19:55.315272389Z"}, "www.tcamba.dev": {"record_type": "CNAME", "resolved_at": "2023-03-23T17:56:56.616082497Z"}, "blog.brandonmathis.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T21:08:33.485121539Z"}, "blog.limeira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:35.974650849Z"}, "www.nstech.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:46.912831706Z"}, "capital-commerce.com": {"record_type": "AAAA", "resolved_at": "2023-01-20T13:04:55.684473451Z"}, "www.maxnoll.eu": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:43:19.504818787Z"}, "reacticz.t0m.fr": {"record_type": "CNAME", "resolved_at": "2023-04-02T17:20:42.618600257Z"}, "help.programm-chest.dev": {"record_type": "CNAME", "resolved_at": "2022-11-30T14:37:46.643013242Z"}, "www.craftandtechnology.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T01:10:11.324465510Z"}, "opalab.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-16T04:35:35.248516488Z"}, "flagicons.lipis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:16.844777559Z"}, "www.danieljulio.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T14:08:52.867040001Z"}, "www.cnlei.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T13:43:40.358046729Z"}, "www.aashish.dev": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:07:09.565393850Z"}, "www.titanstudios.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:47.515393867Z"}, "www.functionbetter.fit": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:32:53.588221818Z"}, "rtlien.coleprice.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T14:54:52.339226041Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "docs.telestion.wuespace.de": {"record_type": "CNAME", "resolved_at": "2023-05-01T16:17:39.668319874Z"}, "shop4data-ui.docs.collibra.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:31.647476511Z"}, "resume.chann.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:16:20.658403265Z"}, "www.wazted.fr": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:32:27.312675959Z"}, "www.mtconnectcore.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:59:11.184709249Z"}, "www.aloha.org.cn": {"record_type": "CNAME", "resolved_at": "2022-12-14T12:40:48.602824216Z"}, "www.mangato.es": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:31:05.591550189Z"}, "www.williamjang.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:39.271340346Z"}, "www.saiko-no-chimu.fr": {"record_type": "CNAME", "resolved_at": "2023-04-13T02:41:03.551470009Z"}, "reitti.vanhala.fi": {"record_type": "CNAME", "resolved_at": "2023-05-05T16:50:09.151032357Z"}, "myreads.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-02-26T21:11:31.059545269Z"}, "www.deltaprowashllc.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:11:27.189924094Z"}, "www.stevesarmiento.com": {"record_type": "CNAME", "resolved_at": "2022-11-11T13:54:37.912711550Z"}, "stevenbone.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T02:37:36.462044411Z"}, "www.dwivedula.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T15:37:48.541873098Z"}, "sidecycle.com": {"record_type": "AAAA", "resolved_at": "2022-11-20T14:02:08.191705875Z"}, "playbook.truss.works": {"record_type": "CNAME", "resolved_at": "2023-04-30T04:35:55.131404897Z"}, "www.ousmane.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:03:29.723057364Z"}, "www.shira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:45:59.585738764Z"}, "www.charliegillespie.com": {"record_type": "CNAME", "resolved_at": "2023-04-08T14:40:51.472581029Z"}, "www.thyagajan.in": {"record_type": "CNAME", "resolved_at": "2023-02-04T15:11:06.016790048Z"}, "www.lawrencedunbar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:50:22.533060749Z"}, "www.coltonfalkner.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:40.169282211Z"}, "andressa.dev": {"record_type": "CNAME", "resolved_at": "2023-04-13T16:15:01.948884742Z"}, "www.dangillis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:20.930987816Z"}, "www.jasonscotto.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:01:31.543104004Z"}, "cedarpark.com": {"record_type": "AAAA", "resolved_at": "2023-03-22T15:00:17.822135807Z"}, "www.tacxtv.fr": {"record_type": "CNAME", "resolved_at": "2023-03-28T17:40:47.840300196Z"}, "www.ologn.dev": {"record_type": "CNAME", "resolved_at": "2023-02-14T15:37:29.279040979Z"}, "www.sreehari.dev": {"record_type": "CNAME", "resolved_at": "2023-03-14T15:27:59.231327405Z"}, "www.jenniferyaya.ca": {"record_type": "CNAME", "resolved_at": "2023-05-11T12:50:41.791793242Z"}, "www.grantanna.dev": {"record_type": "CNAME", "resolved_at": "2023-02-27T15:42:47.651834600Z"}, "web.thecatcloud.de": {"record_type": "CNAME", "resolved_at": "2023-04-30T22:07:01.094811475Z"}, "www.framy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:45.611656444Z"}, "www.oscarablinger.dev": {"record_type": "CNAME", "resolved_at": "2023-05-01T09:06:38.146245867Z"}, "abeziou.dev": {"record_type": "AAAA", "resolved_at": "2023-03-27T23:40:41.232028838Z"}, "www.valtech.engineering": {"record_type": "CNAME", "resolved_at": "2023-05-09T17:01:27.306622794Z"}, "www.lobber.se": {"record_type": "CNAME", "resolved_at": "2023-04-05T21:01:06.815879177Z"}, "www.codar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:54:18.450070838Z"}, "www.ky1vstar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:22.392376650Z"}}, "names": ["opalab.github.io", "www.yusry.de", "www.willbishop.dev", "datab2606:50c0:8003::153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:CF:BB:35)39.0469, -77.4903
2023-05-12 02:46:54Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://github.com/facebook/regenerator/blob/main/license', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 30, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3740:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3740:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3740:120:WilError_01"\n "Local\\SM0:7244:304:WilStaging_02"\n "SM0:7244:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:7244:120:WilError_01"\n "Local\\SM0:3740:304:WilStaging_02"\n "SM0:3740:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3740:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.40.106:443"\n "172.67.212.13:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.46.228:443"\n "142.251.32.35:443"\n "142.250.191.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "dev.protektnet.com"\n "llink.to"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""linkedin.com"," (Indicator: "linkedin.com")\n ""netflix.com"," (Indicator: "netflix.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""basbleu.com"," (Source: wallet-tokenization-config.json, Indicator: "leu.com")\n ""firehousesubs.com"," (Source: wallet-tokenization-config.json, Indicator: "ubs.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003740]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_1784626035\\shopping_fre.html]- [targetUID: 00000000-00003740]\n "a8ce5196df51c32c_0" has type "data"- [targetUID: N/A]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00003740]\n "1ac9cebe-dd88-4786-8bde-557b7c339a54.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 411849"- Location: [%TEMP%\\1ac9cebe-dd88-4786-8bde-557b7c339a54.tmp]- [targetUID: 00000000-00003740]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\index]- [targetUID: 00000000-00003740]\n "wallet-crypto.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00004772]\n "README.md" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\json\\wallet\\README.md]- [targetUID: 00000000-00003740]\n "8aee08c3-0a5f-4923-9dc4-59aaf03dd9af.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8aee08c3-0a5f-4923-9dc4-59aaf03dd9af.tmp]- [targetUID: 00000000-00003740]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003740]\n "edge_driver.js.LICENSE.txt" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00003740]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\json\\i18n-shared-components\\zh-Hant\\strings.json]- [targetUID: 00000000-00003740]\n "e155a2a9-b073-47a6-9624-313434670886.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e155a2a9-b073-47a6-9624-313434670886.tmp]- [targetUID: 00000000-00003740]\n "0d3f4a25-1508-478e-a9de-4edb5637407d.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\0d3f4a25-1508-478e-a9de-4edb5637407d.tmp]- [targetUID: 00000000-00004772]\n "wallet-tokenization-config.json" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\json\\wallet\\wallet-tokenization-config.json]- [targetUID: 00000000-00003740]\n "runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\runtime.bundle.js]- [targetUID: 00000000-00003740]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:""colourpop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]\n Observed email domain:""shop.lovepop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.gap.com"\n Pattern match: "www.gapfactory.com"\n Pattern match: "http://www.w3.org/2000/svg,className:r"\n Pattern match: "https://github.com/jsstyles/css-vendor"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com"\n Pattern match: "https://github.com/facebook/regenerator/blob/main/LICENSE"\n Pattern match: "https://track.salesflare.com/flare.js"\n Heuristic match: "api.salesflare.com"\n Heuristic match: "dev.protektnet.com"\n Pattern match: "https://dev.protektnet.com/MNU/site.php"\n Pattern match: "https://llink.to"\n Heuristic match: "llink.to"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "track.salesflare.com"\n Pattern match: "https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/css/main.64d85253.css,static_js_url:https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/js/main.f389f055.js,st185.199.111.153
2023-05-12 03:18:49Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Rotated 180 @ 18}https://pics.battleb0t.xyz/images/reveloder.jpg
2023-05-12 03:35:46Malicious Co-Hosted SiteYesOpenDNS0030NoneBlocked by OpenDNS [000.lt]000.lt
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}172.67.168.252
2023-05-12 03:25:19Internet NameNoDNS Brute-forcer0020Nonenwapi2.battleb0t.xyznwapi.battleb0t.xyz
2023-05-12 03:09:44Affiliate - Internet NameNoDNS Resolver0040None130.97.148.34.bc.googleusercontent.com34.148.97.130
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonezoom (Net ID: 00:01:38:A4:44:3A)37.7813933,-122.3918002
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.189): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:27Open TCP Port BannerNoCensys0040NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H04XFP518R0GMRXREDYN35MZ Date: <REDACTED> Content-Length: 0 2600:1f18:2489:8202::c8
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneTOMTSSID (Net ID: 00:02:2D:39:9A:88)50.1188, 8.6843
2023-05-12 03:32:19Open TCP PortNoPulsedive0030None188.114.97.10:80188.114.97.0/24
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter0010NoneCN=nwapi.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:15:36Physical LocationNoipstack0020NoneColombia188.114.96.1
2023-05-12 03:09:44Affiliate - Internet NameNoDNS Resolver0040None128.97.148.34.bc.googleusercontent.com34.148.97.128
2023-05-12 03:09:13Affiliate - IP AddressNoDNS Look-aside2030None207.154.228.167207.154.228.169
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Noneiz-wpa (Net ID: 00:01:8E:1A:64:A6)37.7813933,-122.3918002
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.225): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None0101dd.github.io185.199.111.153
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c529effee343669-FRA Content-Encoding: gzip 172.67.168.252
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor5020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.170): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSLK-Routers_091850 (Net ID: 00:02:2A:09:18:50)37.7642, -122.3993
2023-05-12 02:53:12Web TechnologyNoTool - WAFW00F0030NoneNone Nonepanel.battleb0t.xyz
2023-05-12 02:54:21Linked URL - InternalNoWeb Spider2030Nonehttp://vscode.battleb0t.xyz/vscode.battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneCatwoman (Net ID: 00:14:5C:89:45:BC)50.8897, 6.0563
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Connection": ["close"], "Server": ["cPanel"], "Host": ["87.248.157.102:2078"], "Www_Authenticate": ["Basic realm=\"Restricted Area\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 03:10:18Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0040NoneVOIPBL Publicly Accessible PBX List [34.74.160.0/20] http://www.voipbl.org/update34.74.160.0/20
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [002evapey.github.io] https://www.openphish.com/feed.txt002evapey.github.io
2023-05-12 02:45:48Physical CoordinatesNoAbstractAPI91020None41.8781, -87.6298104.21.6.166
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneRock Chalk (Net ID: 00:01:95:08:D8:04)37.7813933,-122.3918002
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneFlickr (Category: images) https://www.flickr.com/photos/Altpapier/Altpapier
2023-05-12 03:10:10Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0030NoneVOIPBL Publicly Accessible PBX List [185.199.109.0/24] http://www.voipbl.org/update185.199.109.0/24
2023-05-12 02:45:10Internet NameNoHybrid Analysis0010Nonekekw.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:44:26Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 17:04:53 2023 GMT Not After : Jun 25 17:04:52 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24: 59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb: 24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c: 2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52: 95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06: 2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20: e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa: a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6: 91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20: 37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a: 50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e: 0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe: a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56: 10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77: c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4: 5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a: 4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50: 36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c: 84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e: 0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a: 98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06: 5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45: 85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81: f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b: 6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c: 69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea: b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59: 65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a: 5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50: 4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2: bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad: d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d: d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34: 1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c: 5d:09:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 27 18:04:53.353 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:C2:49:4E:83:B3:46:DC:0B:F2:4C:E0: 2C:BD:3A:21:A9:D3:87:F4:AC:B5:4F:45:81:1D:09:75: FB:9B:D3:9E:A5:02:20:54:1A:EC:0B:6C:62:AB:8A:0B: 14:2D:42:2F:00:E8:AD:FF:98:7D:A9:48:C3:5C:9D:C9: A1:63:83:E1:17:D2:4C Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 27 18:04:53.360 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:8C:E5:2C:49:4A:30:97:4C:B4:E6:F3: 86:6A:09:B6:EF:84:21:66:BD:9C:17:9A:88:7C:B9:2A: 4D:1D:CC:99:A2:02:20:13:E4:A1:38:F5:80:6B:55:F9: DB:4D:54:23:A0:D3:2F:61:E4:B8:03:26:A2:87:C1:4D: B4:9F:8A:D7:F3:2F:04 Signature Algorithm: sha256WithRSAEncryption 3d:8b:b7:2f:1c:19:9b:ce:8a:9f:49:6d:8e:1c:b1:06:ce:80: 4b:f8:df:50:39:97:3e:fb:8f:2c:ca:50:c1:5c:f8:46:84:02: f2:57:a0:5c:d2:47:ea:75:b7:5b:8e:d7:bb:b6:ac:23:17:33: df:77:0a:d0:66:44:16:5a:cd:a4:73:04:82:9c:6e:c5:c2:96: 07:18:e4:ea:f3:48:89:72:cc:2c:e6:89:4a:c1:18:8b:b6:a9: 9e:48:30:26:9c:5a:b4:6d:2c:74:dd:50:cc:be:12:4c:8d:38: 29:5e:de:cf:04:54:ae:14:ed:ec:f9:b8:a0:90:94:ff:e1:0c: 9e:34:2b:1c:68:fd:56:79:13:27:78:22:6f:18:f3:9e:26:b0: 3c:46:ba:7f:dd:d6:fc:c7:27:bd:b5:77:38:03:ba:7b:08:e5: f1:08:df:bb:f5:ea:f4:e1:c8:be:e6:b7:32:bc:2d:9d:1a:68: d8:d8:3b:7d:a5:0b:bf:d3:08:d9:73:26:67:23:22:51:a7:9a: 35:1e:3d:5b:8d:37:8d:5a:13:a6:11:a6:6e:3f:57:92:c4:df: b9:a6:2d:3e:a3:ac:33:74:bf:a3:4d:bc:55:ad:8d:cf:76:66: f9:f9:8f:df:06:4b:e6:21:7f:06:3d:9b:6e:9c:3f:93:fd:2b: 41:f7:2c:66
2023-05-12 03:09:27Co-Hosted SiteNoSSL Certificate Analyzer0020Nonecdnjs.cloudflare.com188.114.96.1
2023-05-12 02:45:45Physical CoordinatesNoAbstractAPI0020None37.751, -97.8222606:50c0:8000::153
2023-05-12 02:44:37SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:ad:f5:1d:5c:40:76:9e:09:db:d3:8c:1d:cb:38:82:95:b4 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:21:02 2022 GMT Not After : Feb 15 13:21:01 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bc:0d:c6:52:1a:f4:41:b3:8f:ff:6e:ef:29:1e: 5b:5e:ca:a6:5c:44:9d:e5:c6:70:3f:08:6f:f9:38: 10:f5:13:d0:66:5a:b9:71:6f:6a:3d:98:fe:a1:c9: 1e:e2:68:0e:39:c7:1b:2b:06:db:0a:26:9f:13:60: 02:61:87:19:4f:2a:83:60:2c:9d:3b:02:d4:aa:1f: 36:2f:37:ac:04:c9:86:6f:43:d0:c7:1c:6c:82:4d: f1:37:48:aa:50:02:96:76:0d:53:29:d2:5c:3f:af: a2:60:d4:f3:8a:1b:8f:c3:29:e4:aa:b9:15:bc:f5: 13:3c:fa:a3:6f:f3:90:0d:db:77:82:7f:8b:47:c1: c7:ab:3a:65:3f:88:24:29:07:f6:a7:60:c1:5d:dd: 64:65:e4:be:2e:01:26:41:49:42:9a:af:bf:7c:9b: 36:a7:e6:53:1a:e9:dc:a1:0c:ba:75:86:a2:9a:cb: fb:20:88:31:d6:f5:a7:6b:73:a2:9f:48:70:9a:bb: ba:f4:c9:19:8d:fc:c0:c9:c1:1c:33:82:c5:d2:40: f0:43:19:a9:2c:f2:ba:04:9c:6d:d4:7e:95:da:55: f6:9b:84:6a:41:02:aa:4e:26:83:84:f7:f7:a4:d6: 90:49:77:5f:2e:18:7d:3a:04:cf:e4:b9:d3:cf:63: 76:ff Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 7C:D7:88:7D:40:F1:30:F4:3D:4A:35:FE:C7:60:54:0A:C7:C3:45:D3 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 14:21:02.487 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:4A:29:32:04:7E:83:C8:E3:CA:74:E8:65: A8:E7:72:FB:F7:EC:02:C4:CA:2A:00:42:62:DC:2B:A5: 49:62:AC:5D:02:20:10:34:10:85:04:06:9A:37:DD:34: 8B:EB:6D:37:23:C6:6B:D5:CE:AC:51:45:5A:73:93:8F: E1:AA:4D:ED:57:A9 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 14:21:02.999 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:65:45:CF:91:32:77:B6:CC:FC:56:40:F0: C0:A4:EA:C0:CF:8D:AF:0B:05:0C:43:9F:C4:BB:E5:7D: 01:CF:BE:A8:02:20:62:18:A7:AF:95:11:1F:30:73:1D: 57:10:72:3C:2E:86:BA:01:30:1D:25:DD:00:C1:C4:9C: B7:3E:04:4F:A2:B5 Signature Algorithm: sha256WithRSAEncryption 23:33:8d:4c:78:8e:f3:64:0c:c1:c4:2c:94:6c:9d:82:7c:de: 6f:e2:ee:4f:7a:2d:40:54:e5:f9:69:ae:7d:22:b7:13:59:a5: d4:dd:fc:4d:91:43:65:92:69:a3:72:da:60:ac:55:6a:86:b7: ec:77:91:b8:58:17:5c:3a:cc:d1:f5:2f:28:73:bc:a2:43:45: b7:8a:2b:69:da:38:13:8e:fd:7b:24:e7:cc:7c:c2:bc:4e:f2: 6f:e6:88:27:b7:de:a2:ee:ca:0b:e3:dd:e7:2c:85:1d:bb:81: 98:4e:02:52:1e:17:49:80:64:a2:cd:8e:d5:3d:0c:46:03:05: fa:58:92:22:3a:de:b2:08:5d:65:c8:59:d8:4e:65:bb:6f:63: 07:55:a7:76:b0:4e:c1:14:15:89:0f:93:f1:ef:eb:cd:3a:62: 2b:2b:55:83:0f:1d:f4:a4:41:fe:3a:7c:e1:0a:1e:53:53:1b: 93:f8:6f:4b:04:ed:ba:ef:f3:95:46:5f:f7:b9:6a:07:fb:cb: 1a:f7:60:bb:02:6c:9a:01:23:d3:1a:76:2a:82:dd:76:3c:9b: 51:d0:24:53:a2:9e:2a:94:99:8d:98:e2:f1:17:14:2e:e8:46: 87:3d:e0:95:8e:01:d9:71:9e:86:f5:5d:a4:dc:8b:2d:37:c1: fa:3f:95:26 battleb0t.xyz
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.132): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:45:46Physical LocationNoAbstractAPI0020NoneChantilly, Virginia, 20151, United States, North America2606:50c0:8003::153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneRTL8186-GW (Net ID: 00:0E:E8:DC:15:E1)40.2024, 29.0398
2023-05-12 02:54:21Web ContentNoWeb Spider3030None<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>vscode.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:21 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">vscode.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html> vscode.battleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: strict-origin-when-cross-origin{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"}
2023-05-12 02:53:32Open TCP PortNoCensys0020None185.199.111.153:80185.199.111.153
2023-05-12 02:46:00Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://bold.bridge.ufsc.br/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_eb4_ConnHashTable<3764>_HashTable_Mutex"\n "IsoScope_eb4_IESQMMUTEX_0_331"\n "IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3764"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_eb4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_eb4_IE_EarlyTabStart_0x8d4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "142.250.191.42:443"\n "151.101.1.229:443"\n "104.17.25.14:443"\n "142.250.141.156:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bold.bridge.ufsc.br"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bold.bridge.ufsc.br"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "stats.g.doubleclick.net"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB657.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003336]\n "CabB656.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB656.tmp]- [targetUID: 00000000-00003336]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"dark-logo-ufsc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-ufsc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-logo-bridge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-instagram_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-github_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-instagram_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-bridge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-github_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "app-b11c332b38a6dbf0641f_1_.js" has type "UTF-8 Unicode text with very long lines with LF NEL line terminators"- [targetUID: N/A]\n "framework-e01db8c6b4b812fd4a95_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarB657.tmp" has type "data"- Location: [%TEMP%\\TarB657.tmp]- [targetUID: 00000000-00003336]\n "commons-5a43ee094dc33438cd19_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "polyfill-4d422db2fe04f10e5523_1_.js" has type "UTF-8 Unicode text with very long lines with LF NEL line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003336]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"bold.bridge.ufsc_1_.xml" has type "Unknown"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"bold.bridge.ufsc.br" seems to be random\n "cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://bold.bridge.ufsc.br/"\n Pattern match: "http://bold.bridge.ufsc.br"\n Heuristic match: "/*! For license information please see commons-5a43ee094dc33438cd19.js.LICENSE.txt */(window.webpackJsonp=window.webpackJsonp||[]).push([[0],{+Ewk:function(e,t,n){use strict;Object.defineProperty(t,__esModule,{value:!0}),t.default=2.6.3},+RWU:fun"\n Pattern match: "fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i"\n Pattern match: "https://www.google-analytics.com/analytics.js\',\'ga"\n Pattern match: "https://fb.me/react-polyfills"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "www.google-analytics.com},Ge=function(a){switch(a){default:case"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://tagassistant.google.com/"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "www.google-analytics.com==a.host&&(a.port||b)==b&&D(a.path,/plugins/)?!0:!1},ne=function(a){var"\n Pattern match: "https://npmjs.org},npm"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://www.google-analytics.com/"\n Pattern match: "https://www.figma.com/file/TE9FUDtlgVQ4FWlAPtTagxQU/Bold-Design-System,fontSize:1,target:_blank,onClick:function(){Object(r.a)(send,event,{eventCategory:Download,eventAction:Figma})}},e.formatMessage({id:resources-figma-download})"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i,rel:stylesheet"\n Heuristic match: "bold.bridge.ufsc.br"\n Pattern match: "https://www.carbondesignsystem.com/},Ca185.199.111.153
2023-05-12 02:55:11Open TCP Port BannerNoCensys0120None5.5.5-10.5.19-MariaDB87.248.157.102
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:03:2F:06:53:C3)33.336199,-111.89446440830702
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.227): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:28:06Open TCP PortNoPulsedive0030None188.114.96.144:443188.114.96.0/24
2023-05-12 02:50:40Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://priyank-singhal.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a3c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a3c_IESQMMUTEX_0_303"\n "IsoScope_a3c_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_a3c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_a3c_IE_EarlyTabStart_0x9cc_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2620"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_a3c_ConnHashTable<2620>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2620"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.133.15:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"priyank-singhal.github.io"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com" (Indicator: "dir "; File: "Netflix-clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced" and extension "png"\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced" and extension "png"\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced" and extension "png"\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced" and extension "png"\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002620]\n "~DF1AAE1D1A0DC811EA.TMP" has type "data"- Location: [%TEMP%\\~DF1AAE1D1A0DC811EA.TMP]- [targetUID: 00000000-00002620]\n "~DFB75A13F7CAD935C7.TMP" has type "data"- Location: [%TEMP%\\~DFB75A13F7CAD935C7.TMP]- [targetUID: 00000000-00002620]\n "~DF28A2E35052AED525.TMP" has type "data"- Location: [%TEMP%\\~DF28A2E35052AED525.TMP]- [targetUID: 00000000-00002620]\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced"- [targetUID: N/A]\n "urlref_httpspriyank-singhal.github.ioNetflix-clone" has type "HTML document ASCII text"- [targetUID: N/A]\n "RecoveryStore._D7576B7F-EF99-11ED-90A3-0800270B262D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "_DEBA6268-EF99-11ED-90A3-0800270B262D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D7576B81-EF99-11ED-90A3-0800270B262D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "JS_1_.js" has type "ASCII text"- [targetUID: N/A]\n "XO3IF052.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XO3IF052.txt]- [targetUID: 00000000-00002620]\n "NB24CLUV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NB24CLUV.txt]- [targetUID: 00000000-00002620]\n "0ER7JP6Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0ER7JP6Q.txt]- [targetUID: 00000000-00002620]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "LHDBHEE9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LHDBHEE9.txt]- [targetUID: 00000000-00002620]\n "LNPTPR4U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LNPTPR4U.txt]- [targetUID: 00000000-00002620]\n "JZLNT6U0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JZLNT6U0.txt]- [targetUID: 00000000-00002620]\n "RI3W3NIN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI3W3NIN.txt]- [targetUID: 00000000-00002620]\n "Netflix-clone_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://priyank-singhal.github.io/Netflix-clone/"\n Pattern match: "https://priyank-singhal.github.io"\n Pattern match: "https://priyank-singhal.github.io/Netflix-clone"\n Pattern match: "Bj.UUVP/0E{@mX+"\n Pattern match: "Wc.TJ/-tB@W;wsq}jP1"\n Pattern match: "https://fontawesome.comFont"\n Pattern match: "https://use.fontawesome.com/releases/v5.8.2/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921644190899231032348364219492031032230MUID24B45D11D74E669036514E1FD6026757microsoft.com/102557439820831110702364235117031032230_EDGE_Vmicrosoft.com/921657439820831110702364235117031032230SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921644190899231032348364219492031032230MUID24B45D11D74E669036514E1FD6026757microsoft.com/102557439820831110702364235117031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921644190899231032348364219492031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921658439820831110702364594492031032230MUID2F3BF18BE4636E1031FDE285E5E76F26msn.com/102558439820831110702364610117031032230"\n Pattern match: "MUIDB24B45D11D74E669036514E1FD6026757ieonline.microsoft.com/921657439820831110702364235117031032230"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025147781772831068457364594492031032230"\n Pattern match: "SUIDMmicrosoft.com/921644190899231032348364219492031032230*SRCHDAF=NOFORMmicrosoft.com/102433237894403185.199.108.153
2023-05-12 02:51:04Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://rehmatullah86.github.io/netflix_clone/', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://rehmatullah86.github.io/netflix_clone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://rehmatullah86.github.io/netflix_clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d10_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d10_IESQMMUTEX_0_331"\n "IsoScope_d10_ConnHashTable<3344>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d10_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3344"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_d10_IE_EarlyTabStart_0xa3c_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rehmatullah86.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rehmatullah86.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "2_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=12 height=638 bps=0 PhotometricIntepretation=RGB orientation=upper-left width=851] baseline precision 8 640x480 components 3" and extension "jpg"\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "2_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=12 height=638 bps=0 PhotometricIntepretation=RGB orientation=upper-left width=851] baseline precision 8 640x480 components 3"- [targetUID: N/A]\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003344]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF44244AA0D7A8F1A8.TMP" has type "data"- Location: [%TEMP%\\~DF44244AA0D7A8F1A8.TMP]- [targetUID: 00000000-00003344]\n "~DF6B5AD45135BC9286.TMP" has type "data"- Location: [%TEMP%\\~DF6B5AD45135BC9286.TMP]- [targetUID: 00000000-00003344]\n "~DF53F25271FCD48569.TMP" has type "data"- Location: [%TEMP%\\~DF53F25271FCD48569.TMP]- [targetUID: 00000000-00003344]\n "~DF67619BE54EA421A3.TMP" has type "data"- Location: [%TEMP%\\~DF67619BE54EA421A3.TMP]- [targetUID: 00000000-00003344]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._5DE8AAB1-EF98-11ED-949B-0800270A776F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_5DE8AAB3-EF98-11ED-949B-0800270A776F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_65F9F98F-EF98-11ED-949B-0800270A776F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "urlref_httprehmatullah86.github.ionetflix_clone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "QPQVPPEG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QPQVPPEG.txt]- [targetUID: 00000000-00001340]\n "COJ230SP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\COJ230SP.txt]- [targetUID: 00000000-00003344]\n "RI2WUD6Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI2WUD6Q.txt]- [targetUID: 00000000-00003344]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "netflix_clone_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "ZFBJLHCG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZFBJLHCG.txt]- [targetUID: 00000000-00001340]\n "4E2LE2BZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4E2LE2BZ.txt]- [targetUID: 00000000-00003344]\n "1CLL0762.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1CLL0762.txt]- [targetUID: 00000000-00003344]\n "P6EAY24L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P6EAY24L.txt]- [targetUID: 00000000-00003344]\n "netflix_clone_2_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /netflix_clone/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://rehmatullah86.github.io/netflix_clone/"\n Pattern match: "http://rehmatullah86.github.io"\n Pattern match: "http://rehmatullah86.github.io/netflix_clone"\n Pattern match: "OqC.jAG/4W^Ah\'AtW5"\n Pattern match: "ns.adobe.com/xap/1.0/"\n Pattern match: "SUIDmicrosoft.com/9216272184358431032346201961026331032229MUID17351C7AD92F609239520F74D8636172microsoft.com/1025285433280031110700201978604431032229_EDGE_Vmicrosoft.com/9216285433280031110700202016690431032229SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216272184358431032346201961026331032229MUID17351C7AD92F609239520F74D8636172microsoft.com/1025285433280031110700201978604431032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/921185.199.108.153
2023-05-12 02:46:40Physical LocationNoFraudguard0020NoneUnited States, California, San Francisco185.199.109.153
2023-05-12 03:19:17Web FrameworkNoWeb Framework Identifier0030NonejQuery<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.229): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:50:56Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://kuldeepsuthar007.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://kuldeepsuthar007.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://kuldeepsuthar007.github.io/netflixclone/', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://kuldeepsuthar007.github.io/netflixclone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c44_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_c44_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c44_IESQMMUTEX_0_331"\n "IsoScope_c44_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c44_IE_EarlyTabStart_0xdb4_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_c44_ConnHashTable<3140>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3140"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c44_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c44_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "45.57.90.1:443"\n "162.55.233.23:443"\n "142.250.191.42:443"\n "104.18.23.52:443"\n "203.192.208.115:443"\n "142.250.191.67:443"\n "172.67.75.130:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kuldeepsuthar007.github.io"\n "pngimg.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kuldeepsuthar007.github.io"\n "occ-0-4023-2164.1.nflxso.net"\n "pngimg.com"\n "pro.fontawesome.com"\n "www.freepnglogos.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "netflix.com from your personal computer or on any" (Indicator: "dir "; File: "urlref_httpkuldeepsuthar007.github.ionetflixclone")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "netflix_PNG15_1_.png" has type "PNG image data 110 x 200 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm21llEw_1_.woff" has type "Web Open Font Format TrueType length 76672 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrJJLedA_1_.woff" has type "Web Open Font Format TrueType length 76604 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmv1plEw_1_.woff" has type "Web Open Font Format TrueType length 76404 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmr19lEw_1_.woff" has type "Web Open Font Format TrueType length 76076 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmy15lEw_1_.woff" has type "Web Open Font Format TrueType length 75364 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmg1hlEw_1_.woff" has type "Web Open Font Format TrueType length 75268 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm111lEw_1_.woff" has type "Web Open Font Format TrueType length 74932 version 1.1"- [targetUID: N/A]\n "pxiAyp8kv8JHgFVrJJLmE3tG_1_.woff" has type "Web Open Font Format TrueType length 72432 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm81xlEw_1_.woff" has type "Web Open Font Format TrueType length 71652 version 1.1"- [targetUID: N/A]\n "pxiEyp8kv8JHgFVrFJM_1_.woff" has type "Web Open Font Format TrueType length 66572 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDz8V1g_1_.woff" has type "Web Open Font Format TrueType length 66448 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLFj_V1g_1_.woff" has type "Web Open Font Format TrueType length 66376 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLEj6V1g_1_.woff" has type "Web Open Font Format TrueType length 66232 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLGT9V1g_1_.woff" has type "Web Open Font Format TrueType length 65760 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLCz7V1g_1_.woff" has type "Web Open Font Format TrueType length 65616 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLBT5V1g_1_.woff" has type "Web Open Font Format TrueType length 63856 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrLPTedA_1_.woff" has type "Web Open Font Format TrueType length 62300 version 1.1"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003140]\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003140]\n "~DFB2644CCC9D5F3046.TMP" has type "data"- Location: [%TEMP%\\~DFB2644CCC9D5F3046.TMP]- [targetUID: 00000000-00003140]\n "~DF5184AB3A29D52D81.TMP" has type "data"- Location: [%TEMP%\\~DF5184AB185.199.108.153
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.212): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None00089.github.io185.199.111.153
2023-05-12 02:52:26Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://mudit-sharma-02.github.io/Netflix-page1-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_db4_IESQMMUTEX_0_303"\n "IsoScope_db4_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_db4_ConnHashTable<3508>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_db4_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_db4_IE_EarlyTabStart_0xca4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.96.161.50:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "mudit-sharma-02.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "urlref_httpsmudit-sharma-02.github.ioNetflix-page1-clone")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c2cba84b-ebb2-11ed-ab1e-080027e80c23}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd884a346d789fa2a.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd884a346d789fa2a.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c2cba84b-ebb2-11ed-ab1e-080027e80c23}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c2cba84d-ebb2-11ed-ab1e-080027e80c23}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df17b89474d30cf762.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab16BC.tmp" has type "data"- Location: [%TEMP%\\Cab16BC.tmp]- [targetUID: 00000000-00003320]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003508]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF17B89474D30CF762.TMP" has type "data"- [targetUID: 00000000-00003508]\n "~DF1833837FA777F3D3.TMP" has type "data"- Location: [%TEMP%\\~DF1833837FA777F3D3.TMP]- [targetUID: 00000000-00003508]\n "~DFD90E4BDAC01BA053.TMP" has type "data"- Location: [%TEMP%\\~DFD90E4BDAC01BA053.TMP]- [targetUID: 00000000-00003508]\n "~DFD884A346D789FA2A.TMP" has type "data"- Location: [%TEMP%\\~DFD884A346D789FA2A.TMP]- [targetUID: 00000000-00003508]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Netflix-page1-clone_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "RecoveryStore._C2CBA84B-EBB2-11ED-AB1E-080027E80C23_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_CCB71ED4-EBB2-11ED-AB1E-080027E80C23_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C2CBA84D-EBB2-11ED-AB1E-080027E80C23_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text"- [targetUID: N/A]\n "CUDEXGN3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CUDEXGN3.txt]- [targetUID: 00000000-00003508]\n "XRDVDHDV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XRDVDHDV.txt]- [targetUID: 00000000-00003508]\n "BPBU9WUV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BPBU9WUV.txt]- [targetUID: 00000000-00003508]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003320]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "1QS25WA0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1QS25WA0.txt]- [targetUID: 00000000-00003508]\n "YNW852G6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YNW852G6.txt]- [targetUID: 00000000-00003508]\n "3FCYEBS5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3FCYEBS5.txt]- [targetUID: 00000000-00003508]\n "W80A5L5S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W80A5L5S.txt]- [targetUID: 00000000-00003508]\n "Cab1893.tmp" has type "data"- Location: [%TEMP%\\Cab1893.tmp]- [targetUID: 00000000-00003320]\n "Cab1522.tmp" has type "data"- Location: [%TEMP%\\Cab1522.tmp]- [targetUID: 00000000-00003320]\n "Cab14A3.tmp" has type "data"- Location: [%TEMP%\\Cab14A3.tmp]- [targetUID: 00000000-00003320]\n "Cab1553.tmp" has type "data"- Location: [%TEMP%\\Cab1553.tmp]- [targetUID: 00000000-00003320]\n "Cab1ECF.tmp" has type "data"- Location: [%TEMP%\\Cab1ECF.tmp]- [targetUID: 00000000-00003320]\n "77EC63BDA74BD0D0E0426DC8F8008506" ha185.199.108.153
2023-05-12 02:45:57Physical LocationNoAbstractAPI0040NoneAshburn, Virginia, 20149, United States, North America2600:1f18:2489:8202::c8
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00ty.github.io185.199.111.153
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.135): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18}https://funny.battleb0t.xyz/images/withat_2.jpg
2023-05-12 02:52:59Web TechnologyNoTool - WAFW00F0020NoneNone Nonenwapi2.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneToddNet (Net ID: 00:01:24:F2:5E:43)37.780462,-122.390564
2023-05-12 02:54:19HTTP Status CodeNoWeb Spider0020None200fluid.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneVthokies (Net ID: 00:0C:41:8A:86:76)39.0469, -77.4903
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:F0:AC:63:DA)41.8781, -87.6298
2023-05-12 02:59:52Affiliate - Email AddressNoE-Mail Address Extractor0030Nonefondon@fondon.org[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-890240065.html', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\IMM32.DLL" at base 1c030000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 1a0f0000\n "msedge.exe" loaded module "KERNEL32" at base 1c130000\n "msedge.exe" loaded module "C:\\WINDOWS\\TEMP\\VXOLE64.DLL" at base 130d0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 1c130000\n "msedge.exe" loaded module "COMBASE.DLL" at base cc30000\n "msedge.exe" loaded module "OLE32.DLL" at base 1b8a0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base 183e0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base c60000\n "msedge.exe" loaded module "NTDLL.DLL" at base 1da50000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base 1afc0000\n "msedge.exe" loaded module "SHELL32.DLL" at base 1c3e0000\n "msedge.exe" loaded module "USER32.DLL" at base 1b070000'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3108:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:3108:304:WilStaging_02"\n "Local\\SM0:3108:120:WilError_01"\n "SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3108:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.22.58.100:443"\n "65.8.158.45:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Local Storage\\leveldb\\000003.log]- [targetUID: 00000000-00003108]\n "dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp]- [targetUID: 00000000-00003108]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003108]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003108]\n "recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\\3108_988682905\\recovery-component-inner.crx]- [targetUID: 00000000-00003108]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\3108_1946692508\\_metadata\\verified_contents.json]- [targetUID: 00000000-00003108]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42\\Ruleset Data]- [targetUID: 00000000-00003108]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\3108_1946692508\\safety_tips.pb]- [targetUID: 00000000-00003108]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\3108_1321371211\\LICENSE]- [targetUID: 00000000-00003108]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00003108]\n "Tabs_13322050400392718" has type "data"- [targetUID: 00000000-00003108]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\3108_1321371211\\Filtering Rules-AA]- [targetUID: 00000000-00003108]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003108]\n "crl-set" has type "data"- Location: [%TEMP%\\3108_2078777495\\crl-set]- [targetUID: 00000000-00003108]\n "542bbdf5-e20d-490f-b532-dad17c51b430.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\542bbdf5-e20d-490f-b532-dad17c51b430.tmp]- [targetUID: 00000000-00003108]\n "edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp]- [targetUID: 00000000-00003108]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003108]\n "53d044ee-9693-456b-888f-a32a00e16b55.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\53d044ee-9693-456b-888f-a32a00e16b55.tmp]- [targetUID: 00000000-00003108]\n "79c56db7-bc22-4724-af43-440425afe543.tmp" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\79c56db7-bc22-4724-af43-440425afe543.tmp]- [targetUID: 00000000-00003108]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 185.199.111.153 on port 443"\n "HTTPS traffic to 104.22.58.100 on port 443"\n "HTTPS traffic to 65.8.158.45 on port 443"\n "HTTPS traffic to 149.154.167.220 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'HTwmL\',\'FMZIW\',\'YxdVX\',\'UUudk\',\'osUws\',\'\\x22\\x20alt\',\'Vk_o8\',\'bmlnN\',\'JcovJ\',\'MJRMC\',\'bnPFS\',\'t\\x20:\\x20\',\'ZiAVF\',\'gUJej\',\'ABXSa\',\'Count\',\'sendM\',\'UeqSP\',\'LYCIA\',\'ine_a\',\'cETfn\',\'\\x20View\',\'bMiuV\',\'bot59\',\'ZhDfd\',\'nGSWQ\',\'UZgVS\',\'yzTJX\',\'btzqT\',\'#Date\',"\n Heuristic match: "api.telegram.org"\n Heuristic match: "fondon@fondon.org"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Gener
2023-05-12 02:59:47Affiliate - Domain WhoisNoWhois4030None Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2017-05-24T17:44:01Z Creation Date: 2009-02-17T22:07:54Z Registry Expiry Date: 2024-02-17T22:07:54Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS3.CLOUDFLARE.COM Name Server: NS4.CLOUDFLARE.COM Name Server: NS5.CLOUDFLARE.COM Name Server: NS6.CLOUDFLARE.COM Name Server: NS7.CLOUDFLARE.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2021-09-27T15:18:45Z Creation Date: 2009-02-17T22:07:54Z Registrar Registration Expiration Date: 2024-02-17T22:07:54Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Name Server: ns3.cloudflare.com Name Server: ns4.cloudflare.com Name Server: ns5.cloudflare.com Name Server: ns6.cloudflare.com Name Server: ns7.cloudflare.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/ cloudflare.com
2023-05-12 02:56:53Internet NameNoDNS Resolver0040Nonepanel.battleb0t.xyz[{"url": "https://panel.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://panel.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 02:50:15Internet NameNoDNS Resolver0020Nonefunny.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 15 23:40:10 2023 GMT Not After : Jun 13 23:40:09 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90: 49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84: 18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef: 4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34: 46:4c:ee:fd:f2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3c:23:1a:4a:59:35:02:c1:c6:ee:ce:b0:90:2b:32:ff:c3:73: 00:60:2e:9e:f9:30:da:4e:15:e2:5a:99:e8:dc:18:9e:39:ed: 69:f1:83:a4:0a:04:28:db:64:81:bf:64:61:e9:65:9c:4b:bf: 43:b4:21:89:ab:e2:5c:b4:ea:8e:55:b3:f4:e4:d9:42:3e:20: e0:83:2a:75:f9:b5:2c:98:6f:90:e7:e4:4a:86:e5:ab:f3:97: c8:a9:85:ff:6a:e9:35:8d:3d:30:f6:db:5e:e0:f1:27:f3:d3: e7:f7:29:be:31:75:49:43:f6:99:93:6d:06:65:d1:3e:4c:29: 66:fd:2f:93:e9:c6:ec:30:8a:f2:58:08:03:45:02:a0:57:b1: 3b:0b:b4:a9:ed:aa:8b:9f:ac:43:5a:55:10:bb:1e:31:d5:e4: c1:37:cd:22:a3:bd:26:b6:f1:01:e1:68:e2:c6:50:80:44:4b: cd:a0:4a:80:cc:93:e4:1b:7e:d7:af:21:2c:ce:f2:c1:d0:70: 17:ad:3a:29:15:d4:b9:ee:11:c8:aa:7f:fa:b4:9a:33:05:ef: 47:de:10:55:c2:f1:9f:19:e4:ad:0a:83:ff:a1:86:3d:18:bd: 73:d4:39:8b:bb:51:02:17:cb:89:c6:27:d9:b8:f2:7c:d7:bd: a5:b5:9a:11
2023-05-12 02:55:11Operating SystemNoCensys0020Nonelinux87.248.157.102
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.189): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:28:03Malicious IP AddressYesVirusTotal0030NoneVirusTotal [185.199.111.133] https://www.virustotal.com/en/ip-address/185.199.111.133/information/185.199.111.0/24
2023-05-12 03:43:21Open TCP PortNoPulsedive0030None87.248.157.79:8087.248.157.0/24
2023-05-12 02:55:44SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:47 2022 GMT Not After : Mar 27 01:46:46 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73: ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3: 24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1: 1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c: 7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75: bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64: 25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35: 82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30: 5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5: 3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91: 70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3: 52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92: e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56: a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64: aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98: 02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b: 8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa: b6:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3e:fe:f9:21:a8:b9:ff:5b:d7:4e:56:e9:01:36:22:e4:80:7b: 32:28:4f:35:ce:d9:fe:79:61:21:91:08:a4:5a:99:cb:49:8d: 59:33:d8:1c:63:9a:1f:c2:49:d5:16:41:55:df:2b:23:f2:e9: b3:cc:0e:45:14:b2:fe:94:7d:98:ee:51:3e:fe:8e:d3:e9:26: e4:d9:13:e1:5b:9d:72:18:78:d0:8e:68:17:2a:3e:77:ec:ab: 7d:44:bc:01:fc:dc:0f:8f:d3:cb:10:ee:22:15:6e:05:13:f7: e6:22:b4:eb:f4:fb:8e:2b:69:d7:32:d7:d5:70:69:43:51:d5: 4b:6b:0b:f8:e5:1a:2e:d7:2d:1d:78:46:8f:ca:f0:7d:23:fd: 88:d0:03:3c:9a:6c:c7:d3:59:0a:bf:a1:53:93:a9:52:44:05: 4e:9a:e7:34:e3:cf:4e:d3:8f:b2:a4:32:fc:7a:56:50:19:02: 1d:b0:d0:f6:ba:1e:0f:f4:0e:1e:fe:53:40:02:f1:88:3c:f3: 9b:b6:f5:bd:4d:b4:cd:f4:5c:5c:d1:5e:1f:d8:bc:e4:0a:75: d6:3d:a2:7f:13:a1:4d:66:3a:7b:eb:4a:cf:7e:00:5d:ee:3b: c3:4d:5a:49:d1:0b:e5:67:dc:0a:d3:3c:d7:f1:60:9d:30:79: 0a:39:a4:60 battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:03:67:CB)52.3759, 4.8975
2023-05-12 02:53:42Open TCP PortNoCensys0020None185.199.109.153:80185.199.109.153
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.66): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelcgteach (Net ID: 00:0B:86:22:0F:30)33.617190550339146,-111.90827887019054
2023-05-12 03:01:32Web ServerNoTool - WhatWeb0030Nonecloudflarepanel.battleb0t.xyz
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: close Content-Type: text/html; charset="utf-8" Date: <REDACTED> Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: webmailsession=%3ai7RZ7smCZHbrrA3k%2cc6f59b16b1db3e998a7645b6e2984b9e; HttpOnly; path=/; port=2095 Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2095 Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095 Set-Cookie: roundcube_cookies=enabled; HttpOnly; expires=Fri, 10-May-2024 13:43:03 GMT; path=/; port=2095 Cache-Control: no-cache, no-store, must-revalidate, private X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Encoding: gzip Content-Length: 12499 87.248.157.102
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/carti_1.jpghttps://funny.battleb0t.xyz/
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonehoenes1 (Net ID: 00:0C:F6:59:F5:B4)50.8897, 6.0563
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATTY5cg8s2 (Net ID: 88:96:4E:7F:0D:00)37.751, -97.822
2023-05-12 03:00:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.39): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonefotoosman (Net ID: 00:02:CF:D7:57:CF)40.2024, 29.0398
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:FD:64:31)33.6170672,-111.90564645297056
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonecurealty (Net ID: 00:0C:41:49:32:21)33.617190550339146,-111.90827887019054
2023-05-12 02:56:23Netblock MembershipNoRIPE0030None46.101.128.0/1746.101.229.70
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.178): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:57Co-Hosted SiteNoHackerTarget2020None00xkhaled.github.io185.199.111.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NonePanPanLePanda (Net ID: 00:00:00:00:27:69)52.3759, 4.8975
2023-05-12 02:49:57Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 11, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-65119321.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.110.153:443"\n "13.227.74.65:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6900:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6900:120:WilError_01"\n "Local\\SM0:6900:120:WilError_01"\n "Local\\SM0:6900:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6436:304:WilStaging_02"\n "Local\\SM0:6436:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7504:304:WilStaging_02"\n "Local\\SM0:7504:304:WilStaging_02"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006900]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006900]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006900]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ZxcvbnData\\3.0.0.0\\manifest.json]- [targetUID: 00000000-00006900]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006900]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006900]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\LOG]- [targetUID: 00000000-00006900]\n "473aeb8b-5a6c-41f3-8963-14113874f676.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\473aeb8b-5a6c-41f3-8963-14113874f676.tmp]- [targetUID: 00000000-00006900]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ZxcvbnData\\3.0.0.0\\manifest.fingerprint]- [targetUID: 00000000-00006900]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00006900]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\crl-set]- [targetUID: 00000000-00006900]\n "be201c28-8966-423a-a934-6abe0eafb4e2.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 92181"- Location: [%TEMP%\\be201c28-8966-423a-a934-6abe0eafb4e2.tmp]- [targetUID: 00000000-00006900]\n "e843645f-3bd1-42de-964b-e44c1b3d4c5b.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e843645f-3bd1-42de-964b-e44c1b3d4c5b.tmp]- [targetUID: 00000000-00006900]\n "f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\TokenBroker\\Cache\\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00006900]\n "9284637b-d0b5-41c3-b074-3e6b43678760.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\9284637b-d0b5-41c3-b074-3e6b43678760.tmp]- [targetUID: 00000000-00006900]\n "dcbb5e88-4a52-456a-b7b5-cd4372e7b57e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\dcbb5e88-4a52-456a-b7b5-cd4372e7b57e.tmp]- [targetUID: 00000000-00006900]\n "History-journal" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00006900]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 104.22.59.100 on port 443"\n "HTTPS traffic to 185.199.110.153 on port 443"\n "HTTPS traffic to 13.227.74.65 on port 443"\n "HTTPS traffic to 149.154.167.220 on port 443"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "XqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'serve\',\'oLeTO\',\'"\n Heuristic match: "api.telegram.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'11/60 Antivirus vendors marked sample as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-3', u'name': u'Sample was identified as malicious by a large number of Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'11/60 Antivirus vendors marked sample as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': 102435, u'job_id': u'63ee0a00ee7f7e33101b746d', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 2, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_ident185.199.110.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None7722 4671 (Net ID: 00:00:C5:FD:29:7C)41.8781, -87.6298
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneF3 (Category: social) https://f3.cool/ayhuayhu
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneHubski (Category: social) https://hubski.com/user/loginlogin
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.128): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:47:51Raw Data from RIRsNoHybrid Analysis0020None{u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.110.153'}], u'result': [{u'environment_id': 160, u'job_id': u'645bd5b4c91b05fb4e09d1bc', u'analysis_start_time': u'2023-05-10 17:34:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'1eb54c8f8f093a5ed9d95a558ef3fba4478e0871baaaf09ed172f5a7e87a5b10', u'type': None, u'type_short': u'url', u'size': 43}, {u'environment_id': 160, u'job_id': u'645b7f631bddd658890d6f1f', u'analysis_start_time': u'2023-05-10 11:26:28', u'vx_family': None, u'av_detect': u'50', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'51c964dcceaa18cc88e308f2cdc2406b1d03555f03ddf2c95d28291be51ffade', u'type': None, u'type_short': u'url', u'size': 111}, {u'environment_id': 110, u'job_id': u'6455d656527d443ed60aa508', u'analysis_start_time': u'2023-05-06 04:23:51', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'b3c4f32bf311d95e65bd4f2f6ce93af614d560856d9425d0d4a555d75c3e9579', u'type': None, u'type_short': u'url', u'size': 59}, {u'environment_id': 160, u'job_id': u'64555682531d0684ae04bdd2', u'analysis_start_time': u'2023-05-05 19:18:27', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'bd60f020d50337e4d722a114e201e48bc6525e5b2e9c2b98216b38b585d8d843', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 160, u'job_id': u'64536cad0d5627815a06f833', u'analysis_start_time': u'2023-05-04 08:28:30', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f6b87534e4ad728b3efdf794897f8badfaa12c074108bc1dc415c6a8c05a5221', u'type': None, u'type_short': u'url', u'size': 95}, {u'environment_id': 100, u'job_id': u'64515b3668c0c3e0390a7e86', u'analysis_start_time': u'2023-05-02 18:49:26', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'2f982f44961fc1f13e578da0cabe68a008733609fa9f04594128957a099ceed5', u'type': None, u'type_short': u'url', u'size': 97}, {u'environment_id': 110, u'job_id': u'64503df63e303ab74b0b9546', u'analysis_start_time': u'2023-05-01 22:32:22', u'vx_family': u'Win/grayware_confidence_60%', u'av_detect': u'21', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'Yuzu Updater.exe', u'sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'type': None, u'type_short': u'.NET exe', u'size': 102912}, {u'environment_id': 110, u'job_id': u'6449b9efc9475afa460684b1', u'analysis_start_time': u'2023-04-26 23:55:27', u'vx_family': u'Phishing site', u'av_detect': u'75', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'd4ecb5317b76cb50a2b081868ed27de654816aac4a50cf4f4b2ff50f3c12e98c', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 160, u'job_id': u'64490622595e26aaf70214c8', u'analysis_start_time': u'2023-04-26 11:08:19', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0a8afa66a1f5a82193119c2336e31a594ba3098af7be2e4047d2e04beb5850d0', u'type': None, u'type_short': u'url', u'size': 444}, {u'environment_id': 110, u'job_id': u'6442db2eed6efbd2240f3754', u'analysis_start_time': u'2023-04-21 18:51:26', u'vx_family': u'Phishing site', u'av_detect': u'10', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'c476745cfb34866457803744a7898a71b4ea6fc620fac85ffed040d7012cb4b7', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 110, u'job_id': u'643ddc4b41506c15bd0f0380', u'analysis_start_time': u'2023-04-17 23:54:52', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'cdea7744dbe76157c42918ca828871e1a1bc1e70b6cf161b54d04d946a300ca1', u'type': None, u'type_short': u'url', u'size': 64}, {u'environment_id': 110, u'job_id': u'643dda626eb15b91290fc514', u'analysis_start_time': u'2023-04-17 23:46:43', u'vx_family': None, u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'757fbd83c6b388685a77cdc9ebef01ecd96b3f02ad51cce5b704ff32e567de84', u'type': None, u'type_short': u'url', u'size': 60}, {u'environment_id': 110, u'job_id': u'643dda57f1d6c20c6901299f', u'analysis_start_time': u'2023-04-17 23:46:32', u'vx_family': None, u'av_detect': u'57', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0636e0ae6696317893450396f0e7cc0c18fa85bf9428fcb5e30532541214906a', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 160, u'job_id': u'64324ea527cf82106202bff7', u'analysis_start_time': u'2023-04-09 05:35:33', u'vx_family': u'Malicious site', u'av_detect': u'22', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'300e105cc83e64e1de3d1f59c835690b2605f445eaea4ac7eb06fa649d3cba32', u'type': None, u'type_short': u'url', u'size': 43}, {u'environment_id': 160, u'job_id': u'64303fbfcea4bd4a8f06a8f8', u'analysis_start_time': u'2023-04-07 16:07:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c31707db3b8ad0e4c22e4c74983a89fc94d4cf95bcfafd48023deca7764128f0', u'type': None, u'type_short': u'url', u'size': 130}, {u'environment_id': 160, u'job_id': u'642f06b5743086351900d2a6', u'analysis_start_time': u'2023-04-06 17:51:49', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c0cfc842ccbaa88ea6b6ae6bb9c24b87ca2e271b77c5350b7ee575b465019227', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'642ea6c82e1849181405e516', u'analysis_start_time': u'2023-04-06 11:02:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'171a6a53761331f106ebd53de3264163d02ef248497d89bdaa19f070dadf82a8', u'type': None, u'type_short': u'url', u'size': 715}, {u'environment_id': 100, u'job_id': u'642c5f7e039e817b2b0749ab', u'analysis_start_time': u'2023-04-04 17:33:51', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 39, u'verdict': u'suspicious', u'submit_name': u'scale.com', u'sha256': u'bff47563d9a757224cda0a4c90c7cc681d80107efa48891bdc347b062c44c0f5', u'type': None, u'type_short': u'html', u'size': 141092}, {u'environment_id': 100, u'job_id': u'6427fd961f3f69ddbc0f9850', u'analysis_start_time': u'2023-04-01 09:47:03', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'877994c44f4f4b595fa650e1283efc786926c41b3a6af7fab62341b06a505a8e', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 100, u'job_id': u'64246f1544fc23cd26095e6d', u'analysis_start_time': u'2023-03-29 17:02:14', u'vx_family': None, u'av_detect': u'33', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3a72dd9862ff6d683301cce0cc36e72efb438d09893b8d9841a45a255e5f03c8', u'type': None, u'type_short': u'url', u'size': 50}, {u'environment_id': 100, u'job_id': u'64234220a560e4f7280e8a00', u'analysis_start_time': u'2023-03-28 19:38:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f84ebc72ffe159736478a6aedbe614098803356f6b69d19905bfc8de69549128', u'type': None, u'type_short': u'url', u'size': 55}, {u'environment_id': 160, u'job_id': u'642262aa36c72290dd02ee4c', u'analysis_start_time': u'2023-03-28 03:44:43', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'14983e1667a00bda888756ec7ecf76fd29bb61ffb73d1ec8cf5669c6ee1258a4', u'type': None, u'type_short': u'url', u'size': 46}, {u'environment_id': 160, u'job_id': u'64200f6b03a47f3dff0fc492', u'analysis_start_time': u'2023-03-26 09:25:00', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'bbbceecc03231c0a6894d0366668ac0e4a0c84e8a2c04c6c0e01b3aa07d45ee7', u'type': None, u'type_short': u'url', u'size': 188}, {u'environment_id': 160, u'job_id': u'641d3af9995a9d9f980a0bd1', u'analysis_start_time': u'2023-03-24 05:54:02', u'vx_family': u'suspicious.low.ml', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspi185.199.110.153
2023-05-12 02:45:32Raw Data from RIRsNoPhishStats0020None[{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.108.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2237961, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Site not found \xb7 GitHub Pages', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'6f8f0cfa616f90e680c4136030ab5e5904d3331895ffcc4f8c615128545a0da4', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'swary.github.io', u'date': u'2018-05-25T15:15:02.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'https://swary.github.io/wservvpro/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}]185.199.108.153
2023-05-12 03:17:44Account on External SiteNoAccount Finder0010NoneTrello (Category: social) https://trello.com/_BattleB0t__BattleB0t_
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:2D:BB:B4)34.0544, -118.244
2023-05-12 03:01:30Web TechnologyNoTool - WhatWeb0020NoneHTML5nuke.battleb0t.xyz
2023-05-12 02:50:44SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Nov 17 08:07:50 2022 GMT Not After : Feb 15 08:07:49 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29: bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f: 19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f: 68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b: 8d:5a:d8:02:5e ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA384 30:64:02:30:30:65:da:98:dc:09:a7:4c:e4:33:3c:8a:ff:b4: b6:a4:7c:dd:85:ba:d7:a9:30:8d:0e:63:cf:13:17:15:57:f9: 3b:12:68:dc:4b:97:91:0c:68:5e:6b:01:4b:4a:0f:a7:02:30: 78:5a:55:48:6e:2f:4f:60:b1:ea:bf:ab:1e:2c:b1:95:69:ea: 9d:d3:dc:5e:73:96:b4:1e:5a:b2:fd:e0:bd:42:cc:83:a6:42: 5c:5a:f3:1b:e0:65:96:82:07:eb:9c:bc battleb0t.xyz
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None0036labs.github.io185.199.111.153
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneGitHub (Category: coding) https://github.com/Battleb0tBattleb0t
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMaingau (Net ID: 00:02:2D:64:E2:6A)50.1188, 8.6843
2023-05-12 02:44:05Web TechnologyNoTool - WAFW00F0010NoneNone Noneayhu.xyz
2023-05-12 02:53:32Open TCP PortNoCensys0020None185.199.111.153:443185.199.111.153
2023-05-12 03:12:58Malicious Co-Hosted SiteYesOpenPhish0020NoneOpenPhish [github.io] https://www.openphish.com/feed.txtgithub.io
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneDPRWirelessScottsdale (Net ID: 00:02:6F:FD:3F:B2)33.617190550339146,-111.90827887019054
2023-05-12 02:44:07Software UsedYesTool - Wappalyzer0010NoneFastlybattleb0t.xyz
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:209587.248.157.102
2023-05-12 03:16:26Raw Data from RIRsNoipapi.co0020None{u'region_code': u'16', u'country_tld': u'.tr', u'ip': u'87.248.157.102', u'currency_name': u'Lira', u'currency': u'TRY', u'country_population': 82319724, u'country_code': u'TR', u'timezone': u'Europe/Istanbul', u'city': u'Bursa', u'network': u'87.248.157.0/24', u'languages': u'tr-TR,ku,diq,az,av', u'version': u'IPv4', u'latitude': 40.2024, u'in_eu': False, u'utc_offset': u'+0300', u'continent_code': u'AS', u'country_name': u'Turkey', u'country_capital': u'Ankara', u'org': u'Dgn Teknoloji A.s.', u'postal': u'16350', u'asn': u'AS43260', u'country': u'TR', u'region': u'Bursa', u'longitude': 29.0398, u'country_calling_code': u'+90', u'country_area': 780580.0, u'country_code_iso3': u'TUR'}87.248.157.102
2023-05-12 02:44:18SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io185.199.110.153
2023-05-12 03:01:08Open TCP PortNoPulsedive0030None185.199.110.133:443185.199.110.0/24
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01-scripts.github.io] https://www.openphish.com/feed.txt01-scripts.github.io
2023-05-12 02:45:04Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8000::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}2606:50c0:8000::153
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneF3 (Category: social) https://f3.cool/ayshooayshoo
2023-05-12 02:44:23Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.109.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-fastly-request-id: 88b13ec8ddf02c1379830d22f861ddb1826456ec{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:00:46Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.62): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.58): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneApple Network 2159fc (Net ID: 00:02:2D:21:59:FC)34.0544, -118.244
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0020NoneCloudflare Inc: https://www.cloudflare.com/172.67.135.9
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonebowman's base (Net ID: 00:02:2D:21:D5:B7)34.0544, -118.244
2023-05-12 02:59:59Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemadler@alumni.caltech.edu[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/random_2.jpeghttps://funny.battleb0t.xyz/
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneHouse (Net ID: 00:02:2D:09:FC:0D)37.780462,-122.390564
2023-05-12 03:00:59Malicious AffiliateYesVXVault.net0130NoneVXVault Malicious URL List [cdn-185-199-109-153.github.com] http://vxvault.net/URL_List.phpcdn-185-199-109-153.github.com
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0030NoneCloudflare Inc: https://www.cloudflare.com/172.67.168.252
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.45): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:01:24:F2:E2:35)37.7813933,-122.3918002
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.246): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:25Internet NameNoDNS Resolver1020Nonepics.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 15 23:40:10 2023 GMT Not After : Jun 13 23:40:09 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90: 49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84: 18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef: 4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34: 46:4c:ee:fd:f2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 16 00:40:11.019 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27: 6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89: 64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31: 95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D: 6E:F8:5C:00:34:71:DB Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 16 00:40:11.009 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60: 05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21: 8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A: 31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4: 4B:2C:3E:84:83:8A:4F Signature Algorithm: sha256WithRSAEncryption 78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0: 19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77: d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d: be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b: 01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5: 3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13: 67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f: fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4: c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18: 9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4: 36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03: b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a: 86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61: 74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9: a0:e1:79:05
2023-05-12 02:55:01Netblock MembershipNoCensys347020None188.114.96.0/24188.114.96.1
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NonePeriscope (Category: video) https://www.periscope.tv/ayhuayhu
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneCLKDevices (Net ID: 00:01:B2:39:20:00)37.7642, -122.3993
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonedinamo (Net ID: 00:02:CF:8C:8A:82)40.2024, 29.0398
2023-05-12 02:59:51Affiliate - Email AddressNoE-Mail Address Extractor0030Nonecontact@ikerguerrero.dev[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://ikerguerrero.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3036"\n "IsoScope_bdc_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bdc_IE_EarlyTabStart_0xf40_Mutex"\n "IsoScope_bdc_ConnHashTable<3036>_HashTable_Mutex"\n "IsoScope_bdc_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "142.250.191.74:443"\n "172.64.132.15:443"\n "151.101.1.229:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/iguerrerog/" target="_blank"><img class="intro-logo" src="assets/img/logoLinkedin.png"></a>" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FFE.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FFD.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003220]\n "RXSS1QAB.htm" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\RXSS1QAB.htm]- [targetUID: 00000000-00003220]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVtaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25724 version 1.1"- [targetUID: N/A]\n "isokoban_1_.png" has type "PNG image data 1320 x 791 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "9F12WOLK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9F12WOLK.txt]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvao7CIPrc_1_.woff" has type "Web Open Font Format TrueType length 24716 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25428 version 1.1"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25916 version 1.1"- [targetUID: N/A]\n "~DFE3DB26A7977220AD.TMP" has type "data"- Location: [%TEMP%\\~DFE3DB26A7977220AD.TMP]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25360 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25996 version 1.1"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF5B01A6D2E18F9376.TMP" has type "data"- Location: [%TEMP%\\~DF5B01A6D2E18F9376.TMP]- [targetUID: 00000000-00003036]\n "P04A7CBK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P04A7CBK.txt]- [targetUID: 00000000-00003036]\n "cubam_1_.png" has type "PNG image data 1920 x 1080 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "styles_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "GBYF66MA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GBYF66MA.txt]- [targetUID: 00000000-00003220]\n "bandera_mexico_1_.png" has type "PNG image data 2203 x 1240 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_1D3EFA78-C97D-11ED-A555-08002718A46F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/StartBootstrap/startbootstrap-business-casual/blob/master/LICENSE"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "https://startbootstrap.com/theme/business-casual"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://use.fontawesome.com/releases/v6.1.0/js/all.js"\n Pattern match: "https://www.linkedin.com/in/iguerrerog/"\n Pattern match: "https://play.google.com/store/apps/details?id=com.StickyGames.PLCEmulatorProject"\n Pattern match: "https://fonts.googleapis.com/css?family=Lora:400,400i,700,700i"\n Pattern match: "https://fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFoq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg.woff"\n Pattern match: "MUID06AC37517CFB670117FF258C7DB766BBmsn.com/1025424501094431100936425263449231022473*"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://ikerguerrero.dev/Accept-Language"\n Pattern match: "https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy"\n Pattern match: "http://ikerguerrero.dev"\n Pattern match: "http://ikerguerrero.dev/"\n Pattern match: "isdomainmigratedtruewww.msn.com/102584346316831058692425247824231022473*"\n Pattern match: "MUIDB1EE4D163B6736F882F96C3BEB73F6EBEieonline.microsoft.com/9216424501094431100936424779074231022473*"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787z5vBJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Coq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4bbLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4ejLDrMf
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-served-by: cache-lga21982-LGA{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 03:11:20Raw Data from RIRsNoAbstractAPI0030None{u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean, LLC', u'organization_name': u'DigitalOcean, LLC', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'05:11:19'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'165.232.113.85', u'continent': u'Europe', u'region_iso_code': u'HE'}165.232.113.85
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneCalendy (Category: misc) https://calendly.com/ayhuayhu
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneSurfandSip (Net ID: 00:02:2D:03:87:91)37.7813933,-122.3918002
2023-05-12 03:17:34Similar Domain - WhoisNoWhois1020NoneDomain Name: AYSHU.XYZ Registry Domain ID: D346635612-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: https://idwebhost.com Updated Date: 2023-02-06T12:49:42.0Z Creation Date: 2023-02-01T09:45:59.0Z Registry Expiry Date: 2024-02-01T23:59:59.0Z Registrar: CV Jogjacamp Registrar IANA ID: 1478 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: cP Hosting World Registrant State/Province: Bagerhat Registrant Country: BD Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.CPHOSTINGWORLD.NET Name Server: NS2.CPHOSTINGWORLD.NET DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:34.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: AYSHU.XYZ Registry Domain ID: D346635612-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: http://resellercamp.com/ Updated Date: 2023-02-01T09:46:29Z Creation Date: 2023-02-01T09:45:59Z Registrar Registration Expiration Date: 2024-02-01T23:59:59Z Registrar: CV. Jogjacamp Registrar IANA ID: 1478 Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited) Registrant Organization: cP Hosting World Registrant State/Province: Bagerhat Registrant Country: BD Name Server: ns1.cphostingworld.net Name Server: ns2.cphostingworld.net DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:02:34Z<<< For more information on Whois status codes, please visit https://icann.org/epp Registration Service Provided By: RESELL CORE The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is", and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The Registrar of record is CV. Jogjacamp. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. ayshu.xyz
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}172.67.135.9
2023-05-12 03:05:12Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.fluid.battleb0t.xyz
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.150): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.19): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.221): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneTB Proprietary Channel. Bc (Net ID: 00:04:32:1C:D9:49)39.0469, -77.4903
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonebursa (Net ID: 00:08:5C:7B:38:A1)40.2024, 29.0398
2023-05-12 02:45:31Physical LocationNoMetaDefender0020NoneSan Francisco, United States185.199.110.153
2023-05-12 03:03:27Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.nwapi.battleb0t.xyz
2023-05-12 03:24:50CountryNoCountry Name Extractor0070NoneIcelandDomain Name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2022-06-08T05:38:27Z Creation Date: 2022-06-03T05:37:56Z Registry Expiry Date: 2026-06-03T05:37:56Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-06-03T05:37:56.70Z Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.218): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSENSEO2 (Net ID: 00:01:24:F2:7F:EC)52.3759, 4.8975
2023-05-12 02:45:31Malicious IP AddressYesPhishStats0120NonePhishstats [185.199.111.153] 185.199.111.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneVerorouter5 (Net ID: DC:EF:09:A7:2C:2E)37.751, -97.822
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneAmethyst (Net ID: 00:01:21:30:76:B8)41.8781, -87.6298
2023-05-12 02:52:12Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b74_IESQMMUTEX_0_519"\n "IsoScope_b74_IESQMMUTEX_0_303"\n "IsoScope_b74_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b74_IE_EarlyTabStart_0xc60_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.94.90.1:443"\n "185.199.108.153:443"\n "69.16.175.42:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link"\n "code.jquery.com"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df286b44a707b3eea4.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c1c29ba3-ece3-11ed-850a-0800273c6f77}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df286b44a707b3eea4.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c1c29ba3-ece3-11ed-850a-0800273c6f77}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df357091913e855084.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c1c29ba5-ece3-11ed-850a-0800273c6f77}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.linksharepoint.html" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "fontawesome-webfont_3_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "CabBE9.tmp" has type "data"- Location: [%TEMP%\\CabBE9.tmp]- [targetUID: 00000000-00003580]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002932]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF357091913E855084.TMP" has type "data"- Location: [%TEMP%\\~DF357091913E855084.TMP]- [targetUID: 00000000-00002932]\n "~DFC8DC73F59F20B03D.TMP" has type "data"- Location: [%TEMP%\\~DFC8DC73F59F20B03D.TMP]- [targetUID: 00000000-00002932]\n "~DFFA05555E5F75317E.TMP" has type "data"- Location: [%TEMP%\\~DFFA05555E5F75317E.TMP]- [targetUID: 00000000-00002932]\n "~DF286B44A707B3EEA4.TMP" has type "data"- Location: [%TEMP%\\~DF286B44A707B3EEA4.TMP]- [targetUID: 00000000-00002932]\n "RecoveryStore._C1C29BA3-ECE3-11ED-850A-0800273C6F77_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C1C29BA5-ECE3-11ED-850A-0800273C6F77_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "_CCB1F27E-ECE3-11ED-850A-0800273C6F77_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "CZDM0KJA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CZDM0KJA.txt]- [targetUID: 00000000-00002932]\n "K3LFSBDJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K3LFSBDJ.txt]- [targetUID: 00000000-00002932]\n "SEQRGNLL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SEQRGNLL.txt]- [targetUID: 00000000-00002932]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003580]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "Q2MIS3ZH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q2MIS3ZH.txt]- [targetUID: 00000000-00002932]\n "NRVCHGTI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NRVCHGTI.txt]- [targetUID: 00000000-00002932]\n "ED47IPG9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ED47IPG9.txt]- [targetUID: 00000000-00002932]\n "X8T16EV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X8T16EV3.txt]- [targetUID: 00000000-00002932]\n "sharepoint_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003580]\n "CabC58.tmp" has type "data"- Location: [%TEMP%\\CabC58.tmp]- [targetUID: 00000000-00003580]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in bina185.199.108.153
2023-05-12 03:19:24Blacklisted IP AddressYesUCEPROTECT0130NoneUCEPROTECT - Level 2 (some false positives) (104.196.30.220)104.196.30.220
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneTOMTSSID (Net ID: 00:02:2D:39:9C:6E)50.1188, 8.6843
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneSpotify (Category: music) https://open.spotify.com/user/ayshooayshoo
2023-05-12 02:44:13Raw Data from RIRsNoCertificate Transparency16010None[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:battleb0t.xyz
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.20): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonePartyVan (Net ID: 00:00:C0:16:5F:81)34.0544, -118.244
2023-05-12 02:46:05Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://scrolltop-relativeoffset.top', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.opentext.com/customer-stories/customer-story-detail?id=1562', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "IsoScope_3fc_IE_EarlyTabStart_0xc64_Mutex"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "UpdatingNewTabPageData"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.66.40.92:443"\n "185.199.111.153:443"\n "23.39.0.132:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"67-218-111-202_s-104-123-154-43_ts-1680654284-clienttons-s.akamaihd.net"\n "assets.ot.digital"\n "ipng7stimpxeczbmx7ga-p09kpl-1ec73a34f-clientnsv4-s.akamaihd.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""sameAs": ["https://twitter.com/OpenText","https://www.youtube.com/user/opentextcorp","https://www.linkedin.com/company/opentext"]" (Indicator: "linkedin.com")\n "ls:begin[meta-twitter]-->" (Indicator: "twitter")\n "<meta name="twitter:url" content="https://www.opentext.com/customers/switch">" (Indicator: "twitter")\n "<meta name="twitter:title" content="Switch | OpenText">" (Indicator: "twitter")\n "ls:end[meta-twitter]-->" (Indicator: "twitter")\n "<meta property="twitter:image" content="/assets/images/OT_ShareImage_twitter.png">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-linkedin" href="https://www.linkedin.com/company/opentext"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "linkedin.com")\n "<li class="list-inline-item"><a class="social-icon social-icon-twitter" href="https://twitter.com/OpenText"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-youtube" href="https://www.youtube.com/user/opentextcorp"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "youtube")\n "<path fill="currentColor" fill-rule="evenodd" clip-rule="evenodd" d="M27.8 14.1C27.8 14.1 27.604 12.692 27.005 12.072C26.319 11.339 25.559 11.263 25.13 11.221L25 11.207C22.203 11 18.005 11 18.005 11H17.995C17.995 11 13.797 11 10.999 11.207L10.872 11.22C10.442 11.263 9.682 11.338 8.995 12.072C8.395 12.692 8.2 14.101 8.2 14.101C8.2 14.101 8 15.755 8 17.409V18.959C8 20.613 8.2 22.267 8.2 22.267C8.2 22.267 8.395 23.675 8.995 24.295C9.627 24.971 10.421 25.069 10.929 25.131H10.93C11.034 25.144 11.124 25.155 11.2 25.169C12.8 25.326 18 25.375 18 25.375C18 25.375 22.203 25.369 25.001 25.162L25.131 25.148C25.56 25.105 26.32 25.029 27.005 24.295C27.605 23.675 27.8 22.267 27.8 22.267C27.8 22.267 28 20.613 28 18.959V17.409C28 15.755 27.8 14.101 27.8 14.101V14.1ZM15.934 15.096L15.935 20.838L21.338 17.978L15.934 15.096V15.096Z"></path></svg><span class="sr-only">OpenText on Youtube</span></a></li>" (Indicator: "youtube")\n "* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD24E.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFC2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD260.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD407.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFD4.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCF72.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD152.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCF71.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFD5.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD0B4.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD065.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFC3.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003316]\n "CabD406.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabD406.tmp]- [targetUID: 00000000-00003316]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"opentext-protection-lock-network-ico-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "HowCanWeHelp-About-OT_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "opentext-resources-blog-ico-primary-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "opentext-document-dollarsign-download-ico-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "big-o-v_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "HowCanWeHelp-Contact-Us_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "opentext-performance-diagram-fast-up-ico-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "opentext.min_1_.css" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "opentext.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "ZHN4T-KPGPJ-F8GJF-7KJFE-XJT75_1_.js" has type "C source ASCII text with very long lines"- [targetUID: N/A]\n "TarD24E.tmp" has type "data"- Location: [%TEMP%\\TarD24E.tmp]- [targetUID: 00000000-00003316]\n "Inter-SemiBoldItalic_1_.woff" has type "Web Open Font Format TrueType length 151180 version 0.0"- [targetUID: N/A]\n "Inter-BoldItalic_1_.woff" has type "Web Open Font Format TrueType length 151052 version 0.0"- [targetUID: N/A]\n "Inter-MediumItalic_1_.woff" has type "Web Open Font Format TrueType length 150988 version 0.0"- [targetUID: N/A]\n "Inter-ExtraBoldItalic_1_.woff" has type "Web Open Font Format TrueType length 150628 version 0.0"- [targetUID: N/A]\n "Inter-LightItalic_1_.woff" has type "Web Open Font Format TrueType length 150092 version 0.0"- [targetUID: N/A]\n "Inter-ExtraLightItalic_1_.woff" has type "Web Open Font Format TrueType length 149996 version 0.0"- [targetUID: N/A]\n "Inter-BlackItalic_1_.woff" has type "Web Open Font Format TrueType length 146824 version 0.0"- [targetUID: N/A]\n "Inter-ThinItalic_1_.woff" has type "Web Open Font Format TrueType length 145480 version 0.0"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level':185.199.111.153
2023-05-12 03:03:20Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-oo.github.io
2023-05-12 03:24:51CountryNoCountry Name Extractor0070NoneUnited StatesDomain Name: AMCODEV.ME Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2023-01-03T11:02:11Z Creation Date: 2018-01-02T22:12:38Z Registry Expiry Date: 2024-01-02T22:12:38Z Registrar Registration Expiration Date: Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Reseller: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Domain Name: amcodev.me Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2023-01-03T11:02:09Z Creation Date: 2018-01-02T22:12:38Z Registrar Registration Expiration Date: 2024-01-02T22:12:38Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR434510046 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Admin ID: CR434510262 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Tech ID: CR434510194 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomF2385E (Net ID: 00:0C:F6:F2:38:5E)50.8897, 6.0563
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneLed Zeppelin (Net ID: 00:01:24:F1:B5:5B)34.0544, -118.244
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0030NoneGoogle App Engine: https://cloud.google.com/appengine104.196.30.220
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneLALOFT (Net ID: 00:01:95:7C:7F:2C)34.0544, -118.244
2023-05-12 02:44:30Internet NameNoDNS Resolver0020Nonewww.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 02:53:15IPv6 AddressNoMnemonic PassiveDNS0010None2606:50c0:8002::153battleb0t.xyz
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-256-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 02:52:56Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://size.scrollerwidth/e.renderer.layerconfig.characterwidth+6);if(t.meta&&(r-=t.meta.length),t.caption.length', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://makeresults.alacrity.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2444"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_IE_EarlyTabStart_0xa34_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_ConnHashTable<2444>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_98c_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_98c_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2444"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"makeresults.alacrity.dev"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63e2b842598037d9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{47750809-ea4a-11ed-855a-0800272bb261}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df14f61ad00e5e098b.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{4775080b-ea4a-11ed-855a-0800272bb261}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{47750809-ea4a-11ed-855a-0800272bb261}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63e2b842598037d9.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "2.bddcda81.chunk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "CabCFAF.tmp" has type "data"- Location: [%TEMP%\\CabCFAF.tmp]- [targetUID: 00000000-00002860]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002444]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF63E2B842598037D9.TMP" has type "data"- Location: [%TEMP%\\~DF63E2B842598037D9.TMP]- [targetUID: 00000000-00002444]\n "~DF14F61AD00E5E098B.TMP" has type "data"- Location: [%TEMP%\\~DF14F61AD00E5E098B.TMP]- [targetUID: 00000000-00002444]\n "~DF84D00D0A0D2FCBCA.TMP" has type "data"- Location: [%TEMP%\\~DF84D00D0A0D2FCBCA.TMP]- [targetUID: 00000000-00002444]\n "~DF6B412EB168FE133E.TMP" has type "data"- Location: [%TEMP%\\~DF6B412EB168FE133E.TMP]- [targetUID: 00000000-00002444]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002444]\n "main.5d62b951.chunk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._47750809-EA4A-11ED-855A-0800272BB261_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_52029E7A-EA4A-11ED-855A-0800272BB261_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_4775080B-EA4A-11ED-855A-0800272BB261_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 256x256 with PNG image data 256 x 256 8-bit gray+alpha non-interlaced 32 bits/pixel"- [targetUID: N/A]\n "9DUANZNV.htm" has type "HTML document ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\9DUANZNV.htm]- [targetUID: 00000000-00002860]\n "6XWCZL0Y.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6XWCZL0Y.txt]- [targetUID: 00000000-00002444]\n "GKERXAWU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GKERXAWU.txt]- [targetUID: 00000000-00002444]\n "main.2d6f724b.chunk_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "1KFJMIJ5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1KFJMIJ5.txt]- [targetUID: 00000000-00002444]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002860]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "3KD5F91L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3KD5F91L.txt]- [targetUID: 00000000-00002444]\n "4WS5XBPW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4WS5XBPW.txt]- [targetUID: 00000000-00002444]\n "V7T3HWNF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V7T3HWNF.txt]- [targetUID: 00000000-00002444]\n "Z6E6M77S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Z6E6M77S.txt]- [targetUID: 00000000-00002444]\n "CabB5EB.tmp" has type "data"- Location: [%TEMP%\\CabB5EB.tmp]- [targetUID: 00000000-00002860]\n "CabB5D9.tmp" has type "data"- Location: [%TEMP%\\CabB5D9.tmp]- [targetUID: 00000000-00002860]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httpsmakeresults.alacrity.dev" has type "HTML document ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://makeresults.alacrity.dev/"\n Pattern match: "https://makeresults.alacrity.dev"\n Pattern match: "www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt0-!http://oneocsp.microsoft.com/ocsp05E9R"\n Pattern match: "https://github.com/harsh8398/makeresults/issues/new,onClick:function(){p.a.event"\n Pattern match: "SUIDmicrosoft.com/9216234743155231030988123977893431030871MUID0A493A610C7769C3303A29660D3B6871microsoft.com/1025247992076831109342123977893431030871_EDGE_Vmicrosoft.com/9216247992076831109342124009143431030871SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216234743155231030988123977893431030871MUID0A493A610C7769C3303A29660D3B6871microsoft.com/1025247992076831109342123977893431030871SRCHDAF=NOF185.199.108.153
2023-05-12 03:08:46Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.217104.196.30.220
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-256-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 03:24:29Company NameNoCompany Name Extractor0040NoneNetlify\, IncC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneCytoid (Category: gaming) https://cytoid.io/profile/loginlogin
2023-05-12 02:57:37Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 8, u'threat_score': 51, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'clickupn5GDvViPHhSjBBIIBbc-2FFUoh975EJm59NMmmjNXrJ-2Fu3x3ZQluNoNM50RZUOUqoKrgFOnRwmRWHUu71GC5MBIx6GBYj9P7qe3aRx0GWJObXE-3D4Bsx_7fgdT2C2bbXW-2BVBxD7Ai0pT79XU9d12y8FqfE6JzX1P0dAOXfcRDpWVWFi7UdPTTItgHgMp07S0xmIjJ5XcgysD97BWUvGob8SQp5QwAfNfSjvCRlv2r5gZ9YjNaFf', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"206.189.74.165:443"\n "142.251.215.232:443"\n "142.251.211.234:443"\n "142.251.33.66:443"\n "108.138.246.53:443"\n "172.217.14.194:443"\n "192.184.69.201:443"\n "142.250.217.99:443"\n "142.251.33.66:80"\n "104.26.14.133:443"\n "142.251.215.226:443"\n "142.251.33.98:443"\n "142.250.69.206:443"\n "142.250.217.65:443"\n "192.184.69.215:80"\n "96.126.119.131:443"\n "172.64.132.15:443"\n "69.16.175.42:443"\n "172.67.195.248:443"\n "104.18.10.207:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.googletagservices.com"\n "edge.quantserve.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\Acrobat Instance Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\DBWinMutex"\n "DBWinMutex"\n "Local\\Acrobat Instance Mutex"\n "com.adobe.acrobat.rna.RdrCefBrowserLock.DC"\n "\\Sessions\\1\\BaseNamedObjects\\com.adobe.acrobat.rna.RdrCefBrowserLock.DC"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.context.ly"\n "code.jquery.com"\n "edge.quantserve.com"\n "experience.contextly.com"\n "maxcdn.bootstrapcdn.com"\n "procureetfs.com"\n "rest.contextly.com"\n "spacenews.com"\n "stackpath.bootstrapcdn.com"\n "www.googletagservices.com"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "RdrCEF.exe" (UID: 00000000-00003912) was launched with modified environment variables: "Path"\n Process "iexplore.exe" (UID: 00000000-00001640) was launched with new environment variables: "PATH="%PROGRAMFILES%\\Internet Explorer;""\n Process "iexplore.exe" (UID: 00000000-00001640) was launched with modified environment variables: "Path"\n Process "iexplore.exe" (UID: 00000000-00001640) was launched with missing environment variables: "MEOW"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-21', u'name': u'Launches a browser', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Launches browser "iexplore.exe" (UID: 00000000-00000748)\n Launches browser "iexplore.exe" (UID: 00000000-00001864)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-25', u'name': u'PDF file has an embedded URL', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1566/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-163', u'attck_id': u'T1566.002', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"https://spacenews.com/introducing-array-labs/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.geospatialworld.net/prime/governmental-space-exploration-31b-globally/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://parabolicarc.com/2022/11/14/ball-aerospace-announces-net-earnings-of-392-million-for-third-quarter/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/space-force-lays-out-timeline-for-2023-rapid-response-launch-experiment/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/inmarsat-wins-410-million-u-s-army-contract-to-connect-tracking-devices/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/esa-seeks-funding-for-navigation-technology-programs-at-ministerial/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://procureetfs.com/ufo/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spaceq.ca/canadensys-aerospace-wins-major-contract-will-build-the-first-canadian-moon-rover/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.cnbc.com/2022/11/09/rocket-lab-q3-results-record-revenue-added-contract-wins.html" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://ark-funds.com/funds/arkx/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/capstone-enters-lunar-orbit/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/wyvern-raises-7-million-for-hyperspectral-imaging-constellation/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://satellitenewsnetwork.com/apex-raises-seed-round-to-mass-produce-smallsats/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/cognitive-space-gets-1-2-million-u-s-air-force-contract-extension-for-satellite-tasking-software/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/sfl-hawkeye-360-flexible-support/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://satellitenewsnetwork.com/geooptics-wins-nasa-commercial-smallsat-data-contract/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spaceref.com/space-commerce/rocket-lab-awarded-14m-in-contracts-to-supply-satellite-separation-systems-for-companies-supporting-space-development-agencys-tranche-1-transport-layer/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/orbit-fab-secures-new-investor-to-support-satellite-refueling-efforts/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.cnbc.com/2022/10/31/terran-orbital-stock-rises-after-lockheed-martin-invests-100-million.html" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (UID: 00000000-00003912)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=8CF16B225A6FF5D5ECE7FDEE ..." (UID: 00000000-00003316)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=CBBE6F137B53EB05D1E24337 ..." (UID: 00000000-00002080)\n Spawned process "iexplore.exe" with commandline "SCODEF:1640 CREDAT:275457 /prefetch:2" (UID: 00000000-00000748)\n Spawned process "iexplore.exe" with commandline "SCODEF:3856 CREDAT:275457 /prefetch:2" (UID: 00000000-00001864)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"https://spacenews.com/inmarsat-wins-410-million-u-s-army-contract-to-connect-tracking-devices/" (Indicator: "connect")\n "https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html" (Indicator: "open")\n "endstream\nendobj\n45 0 obj\n<</Subtype/Link/Rect[ 537.64 638.3 568.83 650.71] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html) >>/StructParent 34>>\nendobj\n46 0 obj\n<</Subtype/Link/Rect[ 45.95 617.89 73.233 638.3] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html) >>/StructParent 35>>\nendobj\n47 0 obj\n<</Subtype/Link/Rect[ 45.95 535.44 99.918 555.85] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://www.cnbc.com/2022/11/14/ast-spacemobile-deploys-bluewalker-3-satellite-antenna.html) >>/StructParent 36>>\nendobj\n48 0 obj\n<</Subtype/Link/Rect[ 512 395.23 566.05 407.64] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://satellitenewsnetwork.com/uk-grants-starlink-and-telesat-ngso-licenses/) >>/StructParent 37>>\nendobj\n49 0 obj\n<</Subtype/Link/Rect[ 232.17 292.36 286.14 312.77] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://spacenews.c34.148.97.127
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneMastodon-API (Category: social) https://mastodon.social/api/v2/search?q=AltpapierAltpapier
2023-05-12 02:55:21Physical LocationNoCensys0030NoneFrankfurt am Main, Hesse, 60306, Germany, Europe207.154.228.169
2023-05-12 03:23:23Open TCP PortNoPulsedive0030None188.114.96.7:443188.114.96.0/24
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.6634.74.170.74
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneWordPress Support (Category: blog) https://wordpress.org/support/users/login/login
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneNH-NEW (Net ID: 00:01:21:30:F0:43)37.7642, -122.3993
2023-05-12 02:53:39Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America185.199.108.153
2023-05-12 02:57:21SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:04 2022 GMT Not After : Feb 15 09:44:03 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77: 53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b: 73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62: 24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2: 03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36: 58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85: 49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48: 2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84: 3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52: e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6: 40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33: d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc: e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc: 3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4: 81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39: 5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43: e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa: 77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b: 0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb: ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf: a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f: 41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b: 1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9: 9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd: d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac: 58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32: bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8: 3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48: 40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28: 19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e: a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3: 69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af: f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65: 82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16: 21:a3:69 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 31:e8:ef:7b:dc:32:84:dd:2e:cc:16:1c:67:37:d9:86:76:04: cf:c1:4a:db:fc:f8:35:75:ae:c3:16:b4:0f:be:85:8b:2e:20: db:eb:90:53:b8:18:4d:ef:7f:9f:02:58:b1:11:60:70:ce:ed: 48:d1:03:e8:96:d0:08:23:48:86:a6:a1:dd:67:5c:22:34:8f: 7b:e9:55:8c:27:c1:a3:38:4d:9e:0d:fe:62:f2:2a:c2:c8:2a: 7f:a8:e9:c9:39:5d:dd:14:84:0b:ca:c2:43:a5:28:2d:bf:3e: df:33:fa:93:d0:d2:25:aa:bf:96:26:a0:e2:28:49:c3:01:f6: 1b:1f:83:32:9b:6e:57:55:9b:b2:74:7a:0d:c6:40:a1:6f:35: c4:08:94:e4:ae:84:9e:57:8b:d7:39:a4:95:6f:4e:9a:ff:c5: d4:c6:a2:ec:49:72:ad:a2:fe:9d:76:83:15:0f:a5:d6:70:72: bc:54:bb:e6:d0:4d:78:23:d8:86:e5:91:24:e1:d6:5c:9f:c0: 4f:96:79:66:56:47:4e:a5:83:46:6a:88:fc:1a:f6:c8:24:7e: cc:fc:53:86:95:72:5f:4e:3c:48:0d:0e:f3:6a:43:f6:6b:fb: f5:6b:36:26:89:53:4a:22:4b:a7:9e:de:e2:c4:fb:85:8c:ca: ff:01:95:cd battleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050Nonelichess (Category: gaming) https://lichess.org/@/AltpapierAltpapier
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget1020None00rz.com185.199.111.153
2023-05-12 02:44:12Open TCP PortNoSSL Certificate Analyzer0020Nonekekw.battleb0t.xyz:443kekw.battleb0t.xyz
2023-05-12 03:03:35Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00ihsan.github.io
2023-05-12 03:09:56Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.107
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom (Net ID: 00:0C:F6:26:FB:66)50.8897, 6.0563
2023-05-12 02:55:21Operating SystemNoCensys0030NoneUbuntu Linux207.154.228.169
2023-05-12 02:57:00Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.ibisci.com/products/the-spin-dr-tube-rotator?_kx=rArS9TiHUjbjdmctgTFbGX5zPWSKroNH9JEvdKqW-A8%3D.MenwDE&_pos=1&_sid=e69e48d55&_ss=r&utm_campaign=10.26.22%20-%20Spin%20Dr%20Video%20-%20resend%20%282022-10-26%29&utm_medium=email&utm_source=Subscribers%20%28Customers%20and%20non-customers%29&variation=B', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "easyredirects.esc-apps-cdn.com"\n "in.visitors.live"\n "monorail-edge.shopifysvc.com"\n "nexusmedia-ua.github.io"\n "productreviews.shopifycdn.com"\n "qab.hextom.com"\n "settings.luckyorange.net"\n "static.klaviyo.com"\n "visitors.live"\n "www.ibisci.com"\n "www.pxucdn.com"\n "www.webyze.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b54_IESQMMUTEX_0_331"\n "IsoScope_b54_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b54_ConnHashTable<2900>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b54_IE_EarlyTabStart_0xc9c_Mutex"\n "IsoScope_b54_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2900"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b54_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2900"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.74:443"\n "172.217.14.202:443"\n "104.17.24.14:443"\n "162.159.134.68:443"\n "142.251.33.106:443"\n "157.240.11.22:443"\n "172.67.176.77:443"\n "99.84.160.19:443"\n "35.229.48.116:443"\n "162.159.129.71:443"\n "142.251.211.238:443"\n "142.251.33.99:443"\n "142.250.217.110:443"\n "162.159.128.61:443"\n "108.177.98.156:443"\n "157.240.22.35:443"\n "157.240.19.26:443"\n "142.251.215.226:443"\n "142.250.217.70:443"\n "142.250.69.202:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"OPTIONS /v1/produce HTTP/1.1\nAccept: */*\nOrigin: https://www.ibisci.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: content-type, x-monorail-edge-event-created-at-ms, x-monorail-edge-event-sent-at-ms, x-monorail-edge-client-message-id\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: monorail-edge.shopifysvc.com\nContent-Length: 0\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "mozilla/5.0 (")\n "OPTIONS /v1/produce HTTP/1.1\nAccept: */*\nOrigin: https://www.ibisci.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: content-type, x-monorail-edge-event-created-at-ms, x-monorail-edge-event-sent-at-ms, x-monorail-edge-client-message-id\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: monorail-edge.shopifysvc.com\nContent-Length: 0\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "ico-select_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "DGO9NSMD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DGO9NSMD.txt]- [targetUID: 00000000-00003472]\n Dropped file: "1VA8H6BS.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1VA8H6BS.txt]- [targetUID: 00000000-00003472]\n Dropped file: "0498SS82.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0498SS82.txt]- [targetUID: 00000000-00003472]\n Dropped file: "6KP44WX2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6KP44WX2.txt]- [targetUID: 00000000-00003472]\n Dropped file: "TUSAGTC5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TUSAGTC5.txt]- [targetUID: 00000000-00003472]\n Dropped file: "0OK814S0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0OK814S0.txt]- [targetUID: 00000000-00003472]\n Dropped file: "IIHQ6SXU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IIHQ6SXU.txt]- [targetUID: 00000000-00003472]\n Dropped file: "PH9G2FHJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PH9G2FHJ.txt]- [targetUID: 00000000-00003472]\n Dropped file: "I6CSGOEU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I6CSGOEU.txt]- [targetUID: 00000000-00003472]\n Dropped file: "DEQJIGN0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEQJIGN0.txt]- [targetUID: 00000000-00003472]\n Dropped file: "M3C24UT9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\M3C24UT9.txt]- [targetUID: 00000000-00003472]\n Dropped file: "1DZSACRQ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1DZSACRQ.txt]- [targetUID: 00000000-00002900]\n Dropped file: "N2ZHOFKO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N2ZHOFKO.txt]- [targetUID: 00000000-00003472]\n Dropped file: "JOLQ4AQW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JOLQ4AQW.txt]- [targetUID: 00000000-00002900]\n Dropped file: "AHRPUVQ6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AHRPUVQ6.txt]- [targetUID: 00000000-00003472]\n Dropped file: "GZU861O0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GZU861O0.txt]- [targetUID: 00000000-00002900]\n Dropped file: "E224X9V7.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E224X9V7.txt]- [targetUID: 00000000-00003472]\n Dropped file: "174K5ZBL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\174K5ZBL.txt]- [targetUID: 00000000-00003472]\n Dropped file: "S72TZKDN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S72TZKDN.txt]- [targetUID: 00000000-00003472]\n Dropped file: "6X6VOHU1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6X6VOHU1.txt]- [targetUID: 00000000-00003472]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ico-select_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "fa-brands-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Brands Regular family"- [targetUID: N/A]\n "~DFC1AED41D8959E534.TMP" has type "data"- Location: [%TEMP%\\~DFC1AED41D8959E534.TMP]- [targetUID: 00000000-00002900]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKsOdC5_1_.woff" has type "Web Open Font Format TrueType length 18780 version 1.1"- [targetUID: N/A]\n "loader.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003472]\n "81RaFmcXTxQ_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "theme_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "runtime.6f327cecec4e163f5a57_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "7cH3v4okm5zmbtYtMeA0FKq0Jjg2drF0feC9hpk_1_.woff" has type "Web Open Font Format TrueType length 19932 version 1.1"- [targetUID: N/A]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKcPQ_1_.woff" has type "Web Open Font Format TrueType length 49556 version 1.1"- [targetUID: N/A]\n "quickannouncementbar_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_5CA64D21-554D-11ED-BB16-0800275E5654_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "trekkie.storefront.959f71dbd7e992c48a2a5941c6de2c0cf3fc27c6.min35.229.48.116
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider2010Nonehttps://ayhu.xyz/ayhu.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Noneinfoworld (Net ID: 00:02:2D:01:DD:9B)37.7813933,-122.3918002
2023-05-12 03:41:58Affiliate - Internet NameNoDNS Resolver1040Nonedomixo-hosting.de45.131.109.62
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-version: 1432-d48eaba{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F1:C3:85)37.780462,-122.390564
2023-05-12 02:49:14Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://k8slens.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:5528:304:WilStaging_02"\n "Local\\SM0:5528:120:WilError_01"\n "SM0:5528:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:3984:304:WilStaging_02"\n "SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3984:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.191.74:443"\n "142.251.214.131:443"\n "172.217.12.104:443"\n "34.248.78.39:443"\n "192.30.255.117:443"\n "142.251.46.174:443"\n "104.254.151.69:443"\n "142.250.141.157:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.k8slens.dev"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003984]\n "f_00024d" has type "Web Open Font Format (Version 2) TrueType length 25036 version 1.0"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006748]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003984]\n "f_00023e" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "Session_13324055852125015" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "PNG image data 500 x 500 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006748]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003984]\n "Last Browser" has type "data"- [targetUID: N/A]\n "6d3ef7fa-ecc8-4cf2-87b4-e82371405c12.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "temp-index" has type "data"- [targetUID: N/A]\n "627c3a7f-c957-4f31-952c-cbc35428ddc2.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "data_1" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006748]\n "f4af993c-e56b-444e-bf40-1281122cb7b5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "data_0" has type "FoxPro FPT blocks size 512 next free block index 3284796609 field type 0 dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006748]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\LOG]- [targetUID: 00000000-00003984]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://k8slens.dev/"\n Pattern match: "https://k8slens.dev"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"\n Pattern match: "https://fonts.googleapis.com,supports_spdy:true},{anonymization:[],server:https://edge.microsoft.com,supports_spdy:true},{alternative_service:[{advertised_alpns:[h3],expiration:13326647883143133,port:443,protocol_str:quic}],anon"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.251.214.131"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.243.25"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="&#x2a;",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}], u'threat_level': 0, u'size': None, u'job_id': u'641c62f03e70d209d706b9d4', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent'185.199.110.153
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:49Company NameNoCompany Name Extractor4020NoneGoDaddy.com, LLCDomain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:00:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.41): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:38Netblock MembershipNoCensys0030None172.67.160.0/20172.67.168.252
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneSurfandSip (Net ID: 00:02:2D:03:87:91)37.780462,-122.390564
2023-05-12 02:55:26Social Media PresenceNoSocial Network Identifier0050NoneGithub: https://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3Dhttps://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3D
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneGortzenWIFI (Net ID: 00:11:50:36:95:E1)50.8897, 6.0563
2023-05-12 03:32:27Open TCP PortNoPulsedive0030None188.114.97.14:80188.114.97.0/24
2023-05-12 03:00:57Co-Hosted SiteNoHackerTarget2020None01-edu.github.io185.199.111.153
2023-05-12 02:54:16Linked URL - InternalNoWeb Spider1030Nonehttps://oldfluid.battleb0t.xyz/logo.pnghttps://oldfluid.battleb0t.xyz/
2023-05-12 03:18:06URL (Purely Static)NoPage Information0030Nonehttp://nwapi2.battleb0t.xyz<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 03:03:18Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 17:51:43 2022 GMT Not After : Mar 13 17:51:42 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e: d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22: e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c: dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65: eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87: 63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79: 63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96: 79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c: 81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f: c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9: e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e: 7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8: 77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13: b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9: 37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1: b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa: 98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71: 67:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 18:51:43.785 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:E2:3A:9E:51:10:7B:4C:32:13:F1:5A: 6A:72:5F:B6:48:D3:B8:D4:7D:48:A2:D1:1B:9F:EB:E7: 11:FF:38:46:00:02:21:00:D3:77:1A:17:F1:84:6D:6C: D3:83:45:FF:8A:32:05:10:85:83:2B:14:0A:F5:20:00: 0A:C7:41:FB:1B:F5:B4:74 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 13 18:51:43.756 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:A6:36:07:C7:E6:2A:25:82:42:12:4D: 3F:F8:74:7A:85:A6:64:36:C2:59:78:48:20:18:36:E7: 26:72:A3:D3:2A:02:21:00:CE:BD:F6:83:26:75:28:EF: BF:A1:B5:32:8B:FB:88:31:3E:85:D6:30:F1:F3:D4:9D: 92:CD:06:30:FD:39:59:E8 Signature Algorithm: sha256WithRSAEncryption a9:06:04:95:e2:ce:64:b2:f3:1c:fd:0a:94:52:d2:fb:cc:c9: bb:ab:0e:16:c4:1c:35:3d:b4:77:7c:ef:d6:ce:15:8a:5b:9e: 15:7d:14:b0:74:3a:46:24:d1:6f:34:39:94:aa:e4:7f:b3:c9: dd:04:77:c5:ed:88:f9:56:f6:b2:da:16:f2:de:95:4d:ae:cc: c8:8f:2c:fe:b6:1f:27:28:b2:fe:3a:41:41:5e:a9:6f:ac:34: 59:b2:f1:77:96:18:6e:7d:12:a0:7b:52:1d:2d:59:87:c8:35: 17:48:37:92:0d:56:c5:76:a2:4a:4c:44:69:ac:a7:c0:72:d3: f1:3c:5f:67:11:8b:f4:4a:b6:30:14:01:f3:f3:67:9a:5c:2e: 68:09:32:e8:4e:f1:3c:d1:09:b1:a6:43:2f:3e:bb:09:66:13: cc:5d:ab:f8:25:f6:78:95:33:b3:b2:17:2b:15:e6:77:00:0d: a1:3e:62:fc:76:b4:f3:f1:09:99:3e:08:aa:64:da:d8:5e:3a: 0f:1e:07:1c:09:b4:d2:9f:70:f7:12:f8:0a:19:e8:db:b1:ab: d6:b6:c1:9f:ab:18:be:a8:46:0e:6f:9c:06:b3:0d:0a:44:0f: f9:65:04:25:ce:38:c1:7b:7d:87:a9:b5:0f:1d:54:1a:8b:7d: b8:c2:59:33
2023-05-12 02:55:21Open TCP Port BannerNoCensys0130NoneSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1207.154.228.169
2023-05-12 02:55:18Operating SystemNoCensys0030NoneUbuntu Linux46.101.229.70
2023-05-12 03:00:54Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.86): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.0): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:45:59Physical CoordinatesNoAbstractAPI0030None41.8781, -87.6298104.21.71.14
2023-05-12 02:50:53Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://thedude23.github.io/netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3000"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IE_EarlyTabStart_0xdb4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_ConnHashTable<3000>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bb8_IESQMMUTEX_0_519"\n "IsoScope_bb8_IE_EarlyTabStart_0xdb4_Mutex"\n "IsoScope_bb8_ConnHashTable<3000>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.194.8.120:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "thedude23.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string "<a href="https://www.netflix.com/" class="btn btn-rounded">Sign In</a>" (Indicator: "dir "; File: "netflix-clone_1_.htm")\n Found string "<a href="https://www.netflix.com/" class="btn btn-xl"" (Indicator: "dir "; File: "netflix-clone_1_.htm")\n Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "netflix-clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar77B.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "netflix-fav_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 82" baseline precision 8 900x900 components 3" and extension "jpg"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1560', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1560', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab76A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab76A.tmp]- [targetUID: 00000000-00001884]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar77B.tmp" has type "data"- Location: [%TEMP%\\Tar77B.tmp]- [targetUID: 00000000-00001884]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Cab76A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab76A.tmp]- [targetUID: 00000000-00001884]\n "Cab6E9.tmp" has type "data"- Location: [%TEMP%\\Cab6E9.tmp]- [targetUID: 00000000-00001884]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001884]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "netflix-fav_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 82" baseline precision 8 900x900 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003000]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFDD7E91FED3593DEC.TMP" has type "data"- Location: [%TEMP%\\~DFDD7E91FED3593DEC.TMP]- [targetUID: 00000000-00003000]\n "~DF54A0D439AE08C5A5.TMP" has type "data"- Location: [%TEMP%\\~DF54A0D439AE08C5A5.TMP]- [targetUID: 00000000-00003000]\n "~DF9E21D26384C65AFE.TMP" has type "data"- Location: [%TEMP%\\~DF9E21D26384C65AFE.TMP]- [targetUID: 00000000-00003000]\n "~DF249C4A46112B4859.TMP" has type "data"- Location: [%TEMP%\\~DF249C4A46112B4859.TMP]- [targetUID: 00000000-00003000]\n "urlref_httpsthedude23.github.ionetflix-clone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "RecoveryStore._D375E0FF-EF98-11ED-98AF-080027A7DD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D375E101-EF98-11ED-98AF-080027A7DD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DDEB9FEC-EF98-11ED-98AF-080027A7DD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00001884]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "LEMAY786.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LEMAY786.txt]- [targetUID: 00000000-00001884]\n "KJPXKWFZ.txt" 185.199.108.153
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.78): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:12Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.125): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneConnectionpoint (Net ID: 00:01:E3:52:11:50)50.1188, 8.6843
2023-05-12 03:32:02Open TCP PortNoPulsedive0030None188.114.97.2:80188.114.97.0/24
2023-05-12 02:54:20Web ContentNoWeb Spider3020None<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>nuke.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:20 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">nuke.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html> nuke.battleb0t.xyz
2023-05-12 02:53:56Open TCP PortNoCensys0020None2606:50c0:8001::153:4432606:50c0:8001::153
2023-05-12 02:54:07Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer2606:4700:3031::ac43:8709
2023-05-12 02:44:15Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonenetlify.appfunny.battleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneFriendFinder-X (Category: dating) https://www.friendfinder-x.com/profile/AltpapierAltpapier
2023-05-12 03:23:15Open TCP PortNoPulsedive0030None188.114.96.3:8080188.114.96.0/24
2023-05-12 03:03:20Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-oo2.github.io
2023-05-12 03:03:27Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000panther.github.io
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-cache-status: DYNAMIC{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"}
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:92:0E:CC)41.8781, -87.6298
2023-05-12 02:45:50Physical CoordinatesNoAbstractAPI0020None37.751, -97.8222606:4700:3031::ac43:8709
2023-05-12 02:54:19Web ContentNoWeb Spider3020None<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="Cache-Control" content="no-cache"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes"> <link rel="apple-touch-icon" href="logo.png"> <link rel="icon" href="logo.png"> <title>WebGL Fluid Simulation</title> <meta name="description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:type" content="website"> <meta property="og:title" content="Webgl Fluid Simulation"> <meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/"> <meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png"> <script type="text/javascript" src="dat.gui.min.js"></script> <style> @font-face { font-family: 'iconfont'; src: url('iconfont.ttf') format('truetype'); } * { user-select: none; } html, body { overflow: hidden; background-color: #000; } body { margin: 0; position: fixed; width: 100%; height: 100%; } canvas { width: 100%; height: 100%; } .dg { opacity: 0.9; } .dg .property-name { overflow: visible; } .bigFont { font-size: 150%; color: #8C8C8C; } .cr.function.appBigFont { font-size: 150%; line-height: 27px; color: #A5F8D3; background-color: #023C40; } .cr.function.appBigFont .property-name { float: none; } .cr.function.appBigFont .icon { position: sticky; bottom: 27px; } .icon { font-family: 'iconfont'; font-size: 130%; float: right; } .twitter:before { content: 'a'; } .github:before { content: 'b'; } .app:before { content: 'c'; } .discord:before { content: 'd'; } .promo { display: none; /* display: table; */ position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 1; overflow: auto; color: lightblue; background-color: rgba(0,0,0,0.4); animation: promo-appear-animation 0.35s ease-out; } .promo-middle { display: table-cell; vertical-align: middle; } .promo-content { width: 80vw; height: 80vh; max-width: 80vh; max-height: 80vw; margin: auto; padding: 0; font-size: 2.8vmax; font-family: Futura, "Trebuchet MS", Arial, sans-serif; text-align: center; background-image: url("promo_back.png"); background-position: center; background-repeat: no-repeat; background-size: cover; border-radius: 15px; box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19); } .promo-header { height: 10%; padding: 2px 16px; } .promo-close { width: 10%; height: 100%; text-align: left; float: left; font-size: 1.3em; /* transition: 0.2s; */ } .promo-close:hover { /* transform: scale(1.25); */ cursor: pointer; } .promo-body { padding: 8px 16px 16px 16px; margin: auto; } .promo-body p { margin-top: 0; mix-blend-mode: color-dodge; } .link { width: 100%; display: inline-block; } .link img { width: 100%; } @keyframes promo-appear-animation { 0% { transform: scale(2.0); opacity: 0; } 100% { transform: scale(1.0); opacity: 1; } } </style> <script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-105392568-1', 'auto'); ga('send', 'pageview'); </script> <script async src="https://www.google-analytics.com/analytics.js"></script> </head> <body> <canvas></canvas> <!-- Mother of God, pls forgive me --> <div class="promo"> <div class="promo-middle"> <div class="promo-content"> <div class="promo-header"> <span class="promo-close">&times;</span> </div> <div class="promo-body"> <p>Try Fluid Simulation app!</p> <div class="links-container"> <a class="link" id="apple_link" target="_blank"> <img class="link-img" alt="Download on the App Store" src="app_badge.png"/> </a> <a class="link" id="google_link" target="_blank"> <img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/> </a> </div> </div> </div> </div> </div> <script src="./script.js"></script> </body> </html>fluid.battleb0t.xyz
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00steveng.github.io185.199.111.153
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c57f0d8baaf3a64-FRA Content-Encoding: gzip 172.67.135.9
2023-05-12 03:02:26Software UsedYesTool - Wappalyzer0020NoneHTTP/3www.ayhu.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:0C:05)50.8897, 6.0563
2023-05-12 03:23:02UsernameNoAccount Finder8070Nonebaptistevautheybaptiste vauthey
2023-05-12 03:03:24Co-Hosted Site - Domain NameNoDNS Resolver0030None000.ovh000.ovh
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonefreesound (Category: music) https://freesound.org/people/login/login
2023-05-12 02:53:49HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["A5D4:2C9F:2F6913:34928C:645D0975"], "Etag": ["W/\"64556a8c-239b\""], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683818869.392299,VS0,VE127"], "Connection": ["keep-alive"], "Via": ["1.1 varnish"], "X_Fastly_Request_Id": ["770beefb8a8eea06db7f3e4b2376459b2d1c2cbe"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-gig2250052-GIG"], "Accept_Ranges": ["bytes"]}2606:50c0:8000::153
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.231): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:DB:1C:01)33.617190550339146,-111.90827887019054
2023-05-12 02:54:06Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': 4, u'submit_name': u'Tibia maps installer.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-122', u'name': u'Calls an API typically used to create a directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %LOCALAPPDATA%\\Microsoft\\Windows\\Caches (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %TEMP%\\ (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter C:\\Users (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter C:\\Users\\%OSUSER% (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %USERPROFILE%\\AppData (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %LOCALAPPDATA%\\Temp (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %TEMP%\\nsaFA07.tmp (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter C:\\Users\\%OSUSER% (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %USERPROFILE%\\AppData\\Local (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %USERPROFILE%\\AppData\\Roaming (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %APPDATA%\\Microsoft\\Windows\\Cookies (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" (UID: 00000000-00002964)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-70', u'name': u'Scanning for window names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1010', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1010', u'relevance': 10, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" searching for class "#32770"\n "Tibiamapsinstaller.exe" searching for class "SysListView32"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" loaded module "ADVAPI32.DLL" at base 74f70000\n "Tibiamapsinstaller.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 74a10000\n "Tibiamapsinstaller.exe" loaded module "SETUPAPI.DLL" at base 75190000\n "Tibiamapsinstaller.exe" loaded module "RPCRT4.DLL" at base 757a0000\n "Tibiamapsinstaller.exe" loaded module "SECUR32.DLL" at base 744d0000\n "Tibiamapsinstaller.exe" loaded module "SHELL32.DLL" at base 765b0000\n "Tibiamapsinstaller.exe" loaded module "API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL" at base 73b20000\n "Tibiamapsinstaller.exe" loaded module "API-MS-WIN-DOWNLEVEL-OLE32-L1-1-0.DLL" at base 75d40000\n "Tibiamapsinstaller.exe" loaded module "WS2_32.DLL" at base 750a0000\n "Tibiamapsinstaller.exe" loaded module "WINHTTP.DLL" at base 733b0000\n "Tibiamapsinstaller.exe" loaded module "%WINDIR%\\SYSTEM32\\MSWSOCK.DLL" at base 738e0000\n "Tibiamapsinstaller.exe" loaded module "%WINDIR%\\SYSTEM32\\WSHIP6.DLL" at base 73960000\n "Tibiamapsinstaller.exe" loaded module "IPHLPAPI.DLL" at base 74aa0000\n "Tibiamapsinstaller.exe" loaded module "CRYPT32.DLL" at base 76010000\n "Tibiamapsinstaller.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL" at base 73fe0000\n "Tibiamapsinstaller.exe" loaded module "DNSAPI.DLL" at base 73880000\n "Tibiamapsinstaller.exe" loaded module "DHCPCSVC6.DLL" at base 73400000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter ADVAPI32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter OLEACCRC.DLL (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter %WINDIR%\\system32\\uxtheme.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter Secur32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter SHELL32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-advapi32-l2-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-ole32-l1-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter WS2_32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter winhttp.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter IPHLPAPI.DLL (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter CRYPT32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-shlwapi-l2-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter DNSAPI.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter dhcpcsvc.DLL (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter API-MS-Win-Security-LSALookup-L1-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter urlmon.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter CRYPTBASE.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter OLEAUT32.dll (UID: 00000000-00002964)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"0e000f00d87a4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "11001200387f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "11001200a47f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "12001300b87f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "12001300e07f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "1400150094934e73c4ee1800e8b14c73@ADVAPI32.dll"\n "0d000e0000804e73c4ee1800e8b14c73@SHELL32.dll"\n "0d000e0054804e73c4ee1800e8b14c73@SHELL32.dll"\n "0a000b003c1c6574b4f218002aab4b73@ADVAPI32.dll"\n "0d000e002c1c6574b4f218002aab4b73@ADVAPI32.dll"\n "0f0010001c1c6574b4f218002aab4b73@ADVAPI32.dll"\n "150016002c7a4e7344f41800e8b14c73@ADVAPI32.dll"\n "0e000f00a47a4e7344f41800e8b14c73@ADVAPI32.dll"\n "0e000f00d87a4e7344f41800e8b14c73@ADVAPI32.dll"\n "11001200387f4e7344f41800e8b14c73@ADVAPI32.dll"\n "11001200a47f4e7344f41800e8b14c73@ADVAPI32.dll"\n "12001300b87f4e7344f41800e8b14c73@ADVAPI32.dll"\n "12001300e07f4e7344f41800e8b14c73@ADVAPI32.dll"\n "1400150094934e7344f41800e8b14c73@ADVAPI32.dll"\n "25002600ac45977654fd8b00da386376@SETUPAPI.dll"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function address', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter EventWrite (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter EventRegister (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter EventUnregister (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter DrawThemeBackground (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetThemeBackgroundContentRect (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetThemePartSize (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter RegCloseKey (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter RegQueryValueExW (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter OpenThreadToken (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter OpenProcessToken (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter CheckTokenMembership (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetTokenInformation (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetUserNameExA (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetSidSubAuthorityCount (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetSidSubAuthority (UID: 00000000185.199.109.153
2023-05-12 02:53:52Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America2606:50c0:8003::153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonezzzzz (Net ID: 00:01:24:F0:3B:50)37.7642, -122.3993
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneUSR9111 (Net ID: 00:14:C1:3F:EF:1F)40.2024, 29.0398
2023-05-12 02:55:21Software UsedYesCensys0030Noneopenssh207.154.228.169
2023-05-12 03:24:50CountryNoCountry Name Extractor0040NoneTurkey Domain Name: ACILACIKVETERINER.COM Registry Domain ID: 2652209212_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2023-04-01T13:07:55Z Creation Date: 2021-11-02T23:11:03Z Registry Expiry Date: 2023-11-02T23:11:03Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: ok https://icann.org/epp#ok Name Server: NSC1.KEYUBU.NET Name Server: NSC2.KEYUBU.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:11:50Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ACILACIKVETERINER.COM Registry Domain ID : 2652209212_DOMAIN_COM-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2023-04-01T12:50:32Z Creation Date: 2021-11-02T23:11:03Z Registrar Registration Expiration Date: 2023-11-02T23:11:03Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: ok http://www.icann.org/epp#OK Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: Elazig Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=ACILACIKVETERINER.COM Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: NSC1.KEYUBU.NET Name Server: NSC2.KEYUBU.NET DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:12:00Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 02:46:50Open TCP PortNoSSL Certificate Analyzer0030None34.74.170.74:44334.74.170.74
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX5515594BD (Net ID: 00:01:E3:55:94:BD)52.3759, 4.8975
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:03:62:55)52.3759, 4.8975
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.179): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWaveLAN Network VHome2B (Net ID: 00:02:2D:03:03:11)37.780462,-122.390564
2023-05-12 02:44:59Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.108.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.108.0/22', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}185.199.108.153
2023-05-12 03:08:54Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7534.74.170.74
2023-05-12 03:01:31Web ServerNoTool - WhatWeb0120NoneNetlifyfunny.battleb0t.xyz
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c581b373d7d806c-ORD"]}188.114.96.1
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneKongregate (Category: gaming) https://www.kongregate.com/accounts/Battleb0tBattleb0t
2023-05-12 02:50:16Internet NameNoDNS Resolver0020Nonepics.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 15 23:40:10 2023 GMT Not After : Jun 13 23:40:09 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90: 49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84: 18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef: 4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34: 46:4c:ee:fd:f2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3c:23:1a:4a:59:35:02:c1:c6:ee:ce:b0:90:2b:32:ff:c3:73: 00:60:2e:9e:f9:30:da:4e:15:e2:5a:99:e8:dc:18:9e:39:ed: 69:f1:83:a4:0a:04:28:db:64:81:bf:64:61:e9:65:9c:4b:bf: 43:b4:21:89:ab:e2:5c:b4:ea:8e:55:b3:f4:e4:d9:42:3e:20: e0:83:2a:75:f9:b5:2c:98:6f:90:e7:e4:4a:86:e5:ab:f3:97: c8:a9:85:ff:6a:e9:35:8d:3d:30:f6:db:5e:e0:f1:27:f3:d3: e7:f7:29:be:31:75:49:43:f6:99:93:6d:06:65:d1:3e:4c:29: 66:fd:2f:93:e9:c6:ec:30:8a:f2:58:08:03:45:02:a0:57:b1: 3b:0b:b4:a9:ed:aa:8b:9f:ac:43:5a:55:10:bb:1e:31:d5:e4: c1:37:cd:22:a3:bd:26:b6:f1:01:e1:68:e2:c6:50:80:44:4b: cd:a0:4a:80:cc:93:e4:1b:7e:d7:af:21:2c:ce:f2:c1:d0:70: 17:ad:3a:29:15:d4:b9:ee:11:c8:aa:7f:fa:b4:9a:33:05:ef: 47:de:10:55:c2:f1:9f:19:e4:ad:0a:83:ff:a1:86:3d:18:bd: 73:d4:39:8b:bb:51:02:17:cb:89:c6:27:d9:b8:f2:7c:d7:bd: a5:b5:9a:11
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007hyno.github.io185.199.111.153
2023-05-12 03:12:14Affiliate - Domain WhoisNoWhois4060NoneDomain Name: AMCODEV.ME Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2023-01-03T11:02:11Z Creation Date: 2018-01-02T22:12:38Z Registry Expiry Date: 2024-01-02T22:12:38Z Registrar Registration Expiration Date: Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Reseller: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Domain Name: amcodev.me Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2023-01-03T11:02:09Z Creation Date: 2018-01-02T22:12:38Z Registrar Registration Expiration Date: 2024-01-02T22:12:38Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR434510046 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Admin ID: CR434510262 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Tech ID: CR434510194 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice. amcodev.me
2023-05-12 02:56:52Internet NameNoDNS Resolver0030Nonefluid.battleb0t.xyz[{"url": "https://fluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://fluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneSanctuary_Mixer (Net ID: 00:18:F8:CB:D4:48)32.8608, -79.9746
2023-05-12 03:01:14Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.132): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.196): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2083172.67.168.252
2023-05-12 02:54:22HTTP Status CodeNoWeb Spider0030None200panel.battleb0t.xyz
2023-05-12 02:59:04Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/title_screen.ks', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_ee8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "CommunicationManager_Mutex"\n "IsoScope_ee8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ee8_IE_EarlyTabStart_0xbec_Mutex"\n "IsoScope_ee8_ConnHashTable<3816>_HashTable_Mutex"\n "SmartScreen_ClientId_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ee8_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3816"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ee8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\SmartScreen_AppRepSettings_Mutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"68.142.107.4:80"\n "34.74.170.74:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6K2AH6HE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6K2AH6HE.txt]- [targetUID: 00000000-00003816]\n "_D23AE930-21A5-11ED-9DE3-0800274FB80B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003816]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003140]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003816]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003816]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00003140]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003816]\n "8864D121A6EBD5E6D0EFEDAB49B51A90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\8864D121A6EBD5E6D0EFEDAB49B51A90]- [targetUID: 00000000-00003140]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003816]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "V403NUKD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V403NUKD.txt]- [targetUID: 00000000-00003816]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00003140]\n "B126BF247C927A243E186240F06A7849" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B126BF247C927A243E186240F06A7849]- [targetUID: 00000000-00003140]\n "~DF3C871276C75B1A46.TMP" has type "data"- Location: [%TEMP%\\~DF3C871276C75B1A46.TMP]- [targetUID: 00000000-00003816]'}, {u'category': u'Anti-Detection/Stealthyness', u'origin': u'File/Memory', u'identifier': u'string-8', u'name': u'Possibly checks for the presence of an Antivirus engine', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1518/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-581', u'attck_id': u'T1518.001', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"ScanWithAntiVirus" (Indicator: "antivirus")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /data/scenario/title_screen.ks HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: 62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 919\nContent-Type: application/x-java-keystore\nDate: Mon, 22 Aug 2022 00:42:54 GMT\nEtag: "5e9fe1c325b7a0897e0c555aed829a27-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\nX-Nf-Request-Id: 01GB1G18GKPSKJTJSA7CH2JSYN\nX-Robots-Tag: noindex\n\n[_tb_system_call storage=system/_title_screen.ks]\n\n[hidemenubutton]\n\n[tb_clear_images]\n\n[bg time="3000" method="crossfade" storage=".jpg" ]\n[bg time="4000" method="crossfade" storage=".jpg" ]\n[tb_keyconfig flag="0" ]\n[playbgm volume="100" time="3000" loop="true" storage="Shiokaze.ogg" fadein="true" ]\n[bg time="3000" method="crossfade" storage="3.jpg" ]\n[tb_hide_message_window ]\n*title\n\n[glink color="black" text="" x="601" y="399" size="24" target="*start" width="" height="" _clickable_img="" ]\n[glink color="black" text="" x="603" y="470" size="24" target="*load" width="" height="" _clickable_img="" ]\n[s ]\n*start\n\n[showmenubutton]\n\n[cm ]\n[tb_keyc"- [Source: SSL_34.74.170.74]\n\n "onfig flag="1" ]\n[jump storage="scene1.ks" target="*start" ]\n[s ]\n*load\n\n[cm ]\n[showload]\n\n[jump target="*start" storage="scene1.ks" ]"- [Source: SSL_34.74.170.74]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/title_screen.ks"- [Source: Input]\n Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: https://www.toprankedtechgadgetsnow.com/p/tf?affid=8929&provider=Affiliati&click_id=4c7be4a3aa954e6aaf004f0b7fc6f99f&c1=&c2=506642641&c3=&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/22/2022 00:05:35)\n URL: https://www.durangoagency.com/4354fprta7af937sr12350fcd (AV positives: 4/88 scanned on 08/21/2022 23:58:47)\n URL: https://gabrielelisavetsky.com/ (AV positives: 1/88 scanned on 08/21/2022 23:11:34)\n URL: https://pixlegame.com/ (AV positives: 1/88 scanned on 08/21/2022 22:00:13)\n URL: http://zsuzsahudacsko.com/ (AV positives: 1/88 scanned on 08/21/2022 20:49:57)\n File SHA256: e4f875a727ff02309cdd1349884ee4d8313fb62719b1a15bfe795b6de56fbb37 (AV positives: 23/75 scanned on 08/20/2022 00:17:25)\n File SHA256: 0aff84aa363dd4cfaad6b77fd6ee53bd542a7a4067a9c9d8b3bd541f362e6443 (AV positives: 1/74 scanned on 08/18/234.74.170.74
2023-05-12 02:59:50Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemadler@alumni.caltech.edu[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamask3.cc/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xda8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"103.60.109.137:80"\n "185.199.111.153:443"\n "65.8.165.91:443"\n "58.216.15.119:443"\n "142.251.32.42:80"\n "142.251.46.163:443"\n "142.250.188.3:80"\n "104.16.89.50:443"\n "104.17.210.243:443"\n "104.17.214.243:443"\n "142.250.189.238:443"\n "142.250.188.3:443"\n "142.251.46.194:443"\n "142.251.46.230:443"\n "142.250.189.202:443"\n "172.217.164.118:443"\n "142.250.189.161:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamask3.cc"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"\n "GET /fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.embedly.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "metamask.io"\n "metamask3.cc"\n "perf.hsforms.com"\n "s4.cnzz.com"\n "static.doubleclick.net"\n "www.gstatic.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "qk.prototype.remove=function(a){this.g&&this.g.remove(a);var b=this.h;be.remove(""+a,"/",void 0===b?"youtube.com":b)};var rk=function(){var a;return function(){a||(a=new qk("ytidb"));return a}}();" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string ""undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Fp();var qq=z.onYTReady;qq&&qq();var rq=z.onYouTubeIframeAPIReady;rq&&rq();var sq=z.onYouTubePlayerAPIReady;sq&&sq();}).call(this);" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "<meta content="MetaMask - A crypto wallet &amp; gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="A crypto wallet &amp; gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "5IBMEWA7.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-close-black_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FE2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FB1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "maxresdefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1280x720 components 3" and extension "jpg"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "Unknown" and extension "png"\n "dapp-uniswap_1_.png" has type "Unknown" and extension "png"\n "dapp-gitcoin_1_.png" has type "Unknown" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "unnamed_1_.jpg" has type "Unknown" and extension "jpg"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FB0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FB0.tmp]- [targetUID: 00000000-00000852]\n "Cab1FE1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FE1.tmp]- [targetUID: 00000000-00000852]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "base_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "v2_1_.js" has type "UTF-8 Unicode text with very l
2023-05-12 03:01:15Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.134): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NoneDShield , Cybercrime analytics.baffin.netcraft.com
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ad421cd00112e-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.168.252
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.236): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-to-1.github.io185.199.111.153
2023-05-12 03:03:32Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007sair.github.io
2023-05-12 02:44:17Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.111.153
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.204): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:02:CF:98:55:20)40.2024, 29.0398
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-nf-request-id: 01H06Y2Y8V02FJ2S9V869KY74K{"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:53:07 GMT", "x-nf-request-id": "01H06Y2Y8V02FJ2S9V869KY74K", "content-type": "text/html; charset=UTF-8", "age": "73"}
2023-05-12 02:44:22Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCN=fluid.battleb0t.xyz
2023-05-12 03:23:29Open TCP PortNoPulsedive0030None188.114.96.10:443188.114.96.0/24
2023-05-12 03:03:36Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00saadchaudhry.github.io
2023-05-12 02:54:48HTTP HeadersNoCensys0030None{"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06G1PB5R3RGDWCWXWQ2TAMN"], "Server": ["Netlify"]}34.148.97.127
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonemoxfield (Category: misc) https://www.moxfield.com/users/loginlogin
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonex-nf-request-id: 01H06Y2WPKRCCC7SJ49ZB68B31{"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WPKRCCC7SJ49ZB68B31", "content-type": "text/css; charset=UTF-8", "age": "0"}
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneASG (Net ID: 00:12:BF:FD:D5:8D)40.2024, 29.0398
2023-05-12 02:46:53Internet NameNoDNS Resolver0020Nonevscode.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:55:50 2022 GMT Not After : Mar 13 15:55:49 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67: df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e: 90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08: 2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01: c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62: 5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb: 5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3: 2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed: 49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57: fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83: 2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64: 39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb: fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf: 4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8: 0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74: 76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b: 97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24: 3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0: c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46: 67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88: 04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85: 91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80: bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f: 4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1: 29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95: 35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57: e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4: 44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da: 1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2: 66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16: 75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a: b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2: ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd: f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad: 19:0b:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption af:0d:aa:ca:e8:49:20:45:87:cd:d5:1a:54:b2:f3:2b:99:ab: ae:23:1b:aa:7c:93:d6:0a:57:f8:3f:18:87:31:b9:b4:a0:14: 5a:a3:d7:53:87:49:cc:95:a4:8e:e1:e6:0d:d2:49:89:d0:ab: 31:4a:f6:af:d0:2e:c0:e4:ff:51:6e:cc:42:b1:be:91:7a:44: 1f:34:8a:46:85:68:1e:0e:8a:4d:5e:89:38:d9:54:dc:c4:97: 4b:14:0d:a0:bf:8e:67:b1:f3:85:7e:a2:d3:2c:92:11:5d:ef: 0c:b6:b8:b4:a8:a0:28:c2:c4:e0:0b:b4:93:68:16:12:66:23: a8:cb:69:a2:bf:1b:22:89:b2:38:bf:df:0d:9e:a1:33:e4:c9: 04:e1:b2:4a:cf:89:24:fc:25:18:33:fc:77:fd:48:86:24:59: 3a:69:44:1d:b2:6f:d2:51:7d:c9:04:e6:d5:a5:b1:f4:cb:92: e0:9c:0c:cd:c9:a8:1e:1c:c1:a2:77:25:27:2b:d2:9b:00:84: 3f:ea:0e:96:98:b0:aa:91:b8:e1:7d:b2:c3:5e:b2:b9:e1:e4: fe:26:7c:88:e1:94:ef:f3:1c:16:18:18:f0:eb:aa:97:f4:f5: 93:c9:a9:54:86:73:1d:9c:a1:3a:aa:11:c3:31:83:14:d1:61: dc:56:91:9e
2023-05-12 02:54:27Open TCP PortNoCensys0040None2600:1f18:2489:8202::c8:4432600:1f18:2489:8202::c8
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneCollaborative intelligence - Collaborative intelligence characterizes multi-agent, distributed systems where each agent, human or machine, is autonomously contributing to a problem solving network. Collaborative autonomy of organisms in their ecosystems makes evolution possible.battleb0t.github.io
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneFUNK (Net ID: 00:02:2D:3A:A7:7B)50.1188, 8.6843
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonefantastik (Net ID: 00:06:25:BE:90:75)39.0469, -77.4903
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/withat_1.jpghttps://pics.battleb0t.xyz/
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.228): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:10Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-11T19:39:54.906Z", "ip": "2606:4700:3031::6815:6a6", "location_updated_at": "2023-05-07T07:37:11.063836Z", "autonomous_system_updated_at": "2023-05-07T07:37:11.064003Z", "location": {"province": "Illinois", "city": "Rosemont", "country": "United States", "coordinates": {"latitude": 41.99531, "longitude": -87.88451}, "postal_code": "60018", "country_code": "US", "timezone": "America/Chicago", "continent": "North America"}, "dns": {"records": {"faculdade.kennedy.br": {"record_type": "AAAA", "resolved_at": "2023-05-05T12:38:49.993145868Z"}, "resultscaraccidentlawyers.info": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:51:50.273083754Z"}, "mail.atlas-media.net": {"record_type": "AAAA", "resolved_at": "2023-05-11T18:53:21.824413141Z"}, "www.magulike.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T20:37:49.019589614Z"}, "unbeatableteams.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:19:06.771575554Z"}, "ronnebytorget.se": {"record_type": "AAAA", "resolved_at": "2023-04-13T20:13:15.262547330Z"}, "homesayofficial.com": {"record_type": "AAAA", "resolved_at": "2023-05-08T14:59:56.576817191Z"}, "mail.diegobruno.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-09T12:33:24.557695019Z"}, "2bn.dev": {"record_type": "AAAA", "resolved_at": "2023-04-18T16:34:18.007165816Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "www.detroitabortioncenter.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:18:13.771625214Z"}, "olypay.com": {"record_type": "AAAA", "resolved_at": "2023-04-13T00:46:10.231275663Z"}, "4wdinfo.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "www.plus-fm.es": {"record_type": "CNAME", "resolved_at": "2023-05-09T17:04:29.567246924Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "dhff3aa.fit": {"record_type": "AAAA", "resolved_at": "2022-10-21T14:23:24.018557130Z"}, "theucontgi.tk": {"record_type": "AAAA", "resolved_at": "2023-04-23T21:28:34.547869491Z"}, "rockspitmarsliga.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:55.555920792Z"}, "nakedvampire.com": {"record_type": "AAAA", "resolved_at": "2023-04-06T15:40:27.395207080Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "atlantic-hearing.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T13:58:40.953790783Z"}, "mispditbobe.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:29:10.107963353Z"}, "www.progettatimobili.net.br": {"record_type": "AAAA", "resolved_at": "2023-03-26T12:54:52.310136130Z"}, "profmarpdust.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:40:52.408802267Z"}, "alexandrubadiu.ro": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:03:40.049773053Z"}, "patconsidine.com": {"record_type": "AAAA", "resolved_at": "2023-05-01T15:09:59.045459058Z"}, "liftux.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:56:52.096682674Z"}, "www.anizm.tv": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:49:32.910799070Z"}, "hessenjazz.de": {"record_type": "AAAA", "resolved_at": "2023-04-04T17:07:11.850443808Z"}, "itallolik.gq": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:19:14.126442672Z"}, "www.magulike.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:30.641844587Z"}, "best-overall.com": {"record_type": "AAAA", "resolved_at": "2023-04-12T23:41:47.446630780Z"}, "ppm.amikom.id": {"record_type": "AAAA", "resolved_at": "2022-11-29T14:52:50.795015812Z"}, "naturisme-robertanne.fr": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:46:36.240542292Z"}, "centreonicinga.wwbn.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T16:18:28.593025009Z"}, "voyrabapbo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:30:30.625066762Z"}, "www.seribusenyum.org": {"record_type": "AAAA", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "myschoolpoint.ca": {"record_type": "AAAA", "resolved_at": "2023-05-06T12:57:35.437078256Z"}, "camlovers.org": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:36:27.672632585Z"}, "www.proappsys.com": {"record_type": "CNAME", "resolved_at": "2023-05-04T15:48:48.652972292Z"}, "beatroulettestrategy.net": {"record_type": "AAAA", "resolved_at": "2023-05-09T18:46:48.783088104Z"}, "www.palaciorentacar.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T20:48:31.555576583Z"}, "gymnasie-portal.dk": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:28:07.281800383Z"}, "celtabetgirisdestek.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:41:36.658675345Z"}, "kmit17.com": {"record_type": "AAAA", "resolved_at": "2023-01-29T13:41:58.275178074Z"}, "congeohryverre.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:50:17.495400280Z"}, "oradfoy.tk": {"record_type": "AAAA", "resolved_at": "2023-04-18T21:32:57.447114952Z"}, "tja.shadialabadi.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:32:40.048891469Z"}, "www.fopprey.com": {"record_type": "AAAA", "resolved_at": "2022-11-11T13:13:15.748303827Z"}, "bouncev2.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-05-08T12:27:03.617492048Z"}, "crabcamkanawi.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:51.293879545Z"}, "xn--kkkenvgte-l3a6q.dk": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:07:19.955735049Z"}, "shop.geminibio.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:29:06.617280204Z"}, "riostitelos.ga": {"record_type": "AAAA", "resolved_at": "2023-04-25T17:42:06.424778601Z"}, "www.typearound.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:59:44.822944002Z"}, "topcard.com.pl": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:48:11.468590186Z"}, "www.comeunity.club": {"record_type": "AAAA", "resolved_at": "2023-04-20T16:30:09.585410651Z"}, "longchampcolombia.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T15:13:12.725728600Z"}, "rezidenceaurum.cz": {"record_type": "AAAA", "resolved_at": "2023-03-11T15:26:42.690547113Z"}, "webdisk.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-05-01T12:42:56.064120059Z"}, "cpcalendars.menuin.pe": {"record_type": "AAAA", "resolved_at": "2023-03-16T07:00:36.539543312Z"}, "ftp.jogjacontemporary.net": {"record_type": "AAAA", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "growthwithsystem.be": {"record_type": "AAAA", "resolved_at": "2022-10-31T12:14:11.983652539Z"}, "newdangbrogerti.ga": {"record_type": "AAAA", "resolved_at": "2023-04-18T17:06:00.041619303Z"}, "newtravail2022.net": {"record_type": "AAAA", "resolved_at": "2022-10-18T16:41:02.524986626Z"}, "hdhub4u.city": {"record_type": "AAAA", "resolved_at": "2023-05-08T13:06:34.661665843Z"}, "kozan.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:33:17.879735441Z"}, "observatoriodevino.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T13:56:38.631534190Z"}, "cpanel.vertexhc.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T16:02:17.928893946Z"}, "ok-medicalbilling-ok.live": {"record_type": "AAAA", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "pwrcdn.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T05:41:18.589594638Z"}, "cpcalendars.diegobruno.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-06T12:35:36.066684702Z"}, "datenschlauch.de": {"record_type": "AAAA", "resolved_at": "2023-05-02T23:34:28.039399648Z"}, "bouncefitness.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:15:56.351172926Z"}, "login.sanopoly.com": {"record_type": "AAAA", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "ymfasti.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:41:20.884654729Z"}, "typearound.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "romacerah.org": {"record_type": "AAAA", "resolved_at": "2023-05-01T02:19:33.400343679Z"}, "assets.2bn.dev": {"record_type": "AAAA", "resolved_at": "2023-04-09T16:19:12.101330472Z"}, "www.seminare-steinbergerhof.com": {"record_type": "AAAA", "resolved_at": "2022-11-05T14:24:46.885115354Z"}, "mail.hlb.co.za": {"record_type": "AAAA", "resolved_at": "2023-04-26T22:59:18.792128403Z"}, "www.cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-21T12:55:12.348140033Z"}, "www.meeturplanet.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T15:22:12.227518637Z"}, "beta-site.rotacapital.net": {"record_type": "AAAA", "resolved_at": "2022-12-25T16:14:07.247668745Z"}, "xelxican.cf": {"record_type": "AAAA", "resolved_at": "2022-10-22T12:32:56.395415126Z"}, "oliveandspicecroatia.com": {"record_type": "AAAA", "resolved_at": "2023-04-29T15:31:59.293869948Z"}, "erkilgalegohlo.cf": {"record_type": "AAAA", "resolved_at": "2022-12-22T12:29:44.995025840Z"}, "kerzcoobamabasvio.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "centraldeviviendas.es": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:34:28.683222668Z"}, "anernearode.ga": {"record_type": "AAAA", "resolved_at": "2023-04-23T17:20:15.209953535Z"}, "www.invertsport.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-10-25T15:57:28.766154138Z"}, "myneonglow.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T15:10:52.426252771Z"}, "fowenthotatecsu.tk": {"record_type": "AAAA", "resolved_at": "2023-04-24T22:20:29.238762448Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "mynutrition365.com": {"record_type": "AAAA", "resolved_at": "2023-01-28T13:41:29.917096426Z"}, "www.sexytie.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:32:31.959854869Z"}, "comprafcesssuptitog.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:33:53.554671898Z"}, "www.brianelstonlaw.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:13:06.005656367Z"}, "kola-jen.com": {"record_type": "AAAA", "resolved_at": "2022-12-01T13:36:32.553804192Z"}}, "names": ["www.magulike.com.cdn.cloudflare.net2606:4700:3031::6815:6a6
2023-05-12 03:09:50Affiliate - Internet NameNoDNS Resolver0040None84.170.74.34.bc.googleusercontent.com34.74.170.84
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5818d4bebc22ee-ORD 188.114.97.1
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Noneinfoworld (Net ID: 00:02:2D:01:DD:9B)37.780462,-122.390564
2023-05-12 02:44:27Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 04:50:12 2023 GMT Not After : Jul 23 04:50:11 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8: 3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1: dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6: a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b: 57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14: 5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e: 22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56: d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e: 20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b: 1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7: e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4: c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d: b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0: 4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51: be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49: cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed: d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c: 27:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 24 05:50:12.941 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:BE:39:54:A0:5F:1F:10:03:FA:09:8D: D3:C7:7F:B5:EC:4B:30:F5:03:1A:D7:13:A5:C5:6A:89: 4C:4A:74:89:42:02:20:3C:6C:13:51:09:EB:20:0E:F2: 03:2C:A0:FE:54:7F:4D:57:F9:31:F5:F6:A8:0E:A0:F4: B8:E3:3B:F1:51:CA:99 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Apr 24 05:50:12.949 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:96:8C:23:92:33:C0:50:69:A0:CE:CA: 6D:EC:41:72:0F:3A:22:55:7C:E8:C6:CE:65:0C:82:C6: DB:89:9C:D5:92:02:20:1D:BC:82:99:B2:08:47:68:A7: 19:FE:0E:66:64:BD:7B:34:35:F5:43:E0:B0:AB:08:2C: AC:E8:D7:78:E2:75:5B Signature Algorithm: sha256WithRSAEncryption 75:8f:29:3b:d2:d8:ae:b2:42:be:ce:1d:92:6f:bf:ef:e4:4b: a2:cc:9b:be:a2:6d:3e:79:03:58:39:62:e5:65:53:10:d9:48: 8b:b1:f6:05:b6:b7:52:53:28:4f:2a:d3:20:18:d0:2e:42:4c: 67:b2:a5:67:d1:32:90:9c:d4:e9:3e:c7:a3:6d:7e:19:cf:59: bf:8e:eb:b2:ef:a8:35:56:cf:4d:12:32:f0:20:aa:e3:fa:5b: 67:0e:ad:7e:fd:aa:d9:0f:00:58:c4:8a:ff:28:e3:56:39:39: d5:d5:6e:f4:82:09:ef:eb:ef:8d:10:bb:e4:fd:d3:df:7f:82: 4d:1e:9a:8e:07:b9:a2:ea:90:75:6d:88:35:45:32:5e:ef:d2: 88:82:4a:b0:57:e7:ca:c5:b0:4c:c5:d9:46:e9:84:e0:a2:96: ca:c7:58:f8:26:23:6c:6a:c5:da:2f:19:ae:92:37:d6:01:ed: da:39:aa:b3:fd:16:7a:3d:70:fe:30:a6:ba:a8:b4:33:13:8f: 50:9b:26:ec:34:68:cd:89:95:9d:6e:0f:b9:d7:5a:5c:dd:74: 3c:28:62:ab:d4:9a:31:85:d4:70:2a:24:9e:4b:82:ea:21:71: d0:be:45:d1:a2:3f:85:e3:48:93:ac:6c:fe:38:a0:23:13:14: 9d:51:cb:62
2023-05-12 03:31:28Affiliate - Email AddressNoE-Mail Address Extractor0050Noneabuse@godaddy.com Domain Name: 00RZ.COM Registry Domain ID: 1545841665_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-12-26T09:10:34Z Creation Date: 2009-03-07T02:16:40Z Registry Expiry Date: 2024-03-07T02:16:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS17.DOMAINCONTROL.COM Name Server: NS18.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:19Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: 00RZ.COM Registry Domain ID: 1545841665_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-26T04:10:32Z Creation Date: 2009-03-06T21:16:40Z Registrar Registration Expiration Date: 2024-03-06T21:16:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Name Server: NS17.DOMAINCONTROL.COM Name Server: NS18.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:27Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneinstructables (Category: hobby) https://www.instructables.com/member/login/login
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:55:11Software UsedYesCensys0020NonePowerDNS Authoritative Server 4.4.187.248.157.102
2023-05-12 02:55:50Raw Data from RIRsNoHybrid Analysis0030None{u'count': 20, u'search_terms': [{u'id': u'host', u'value': u'104.196.30.220'}], u'result': [{u'environment_id': 100, u'job_id': u'63fdd56ace3ff76e250d8f82', u'analysis_start_time': u'2023-02-28 10:20:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2a96acb6a11ab86bced4aba33d700808a6df7486ededb0db3e75f1d8eff5ee12', u'type': None, u'type_short': u'url', u'size': 43}, {u'environment_id': 100, u'job_id': u'63b538056091fb46282ad51c', u'analysis_start_time': u'2023-01-04 08:25:42', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'7fd5f793af4fa71a6c0f36ed33b19841d15d1f8fe8d2a4b49908811eb5bedfd7', u'type': None, u'type_short': u'url', u'size': 94}, {u'environment_id': 100, u'job_id': u'63b3cff707e3e8144e2e24be', u'analysis_start_time': u'2023-01-03 06:49:27', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'7a584d96acaaabb0e8a3f6d9658451b3e67cc7534ed789fd3f41dca47a1a1c45', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 100, u'job_id': u'63a50560cf052e51ed22ec56', u'analysis_start_time': u'2022-12-23 01:33:20', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e5632b18f2e1fea6bdad13c2c3bf172037925c61eafb52fb124c76a05ec55f99', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 100, u'job_id': u'63a1073faed9eb42c826eab0', u'analysis_start_time': u'2022-12-20 00:52:16', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3a4368075604690b60a3d7a0a55c0749bf05c290c8d46d4d3958c4e135bf4089', u'type': None, u'type_short': u'url', u'size': 64}, {u'environment_id': 120, u'job_id': u'6389c5a2be95692039098af5', u'analysis_start_time': u'2022-12-02 09:30:10', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'80a2803dcb7984c1fc706916af633fe3458beb922766fae4e23e3a768fda590a', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 120, u'job_id': u'63867bb52e687907d6210c8b', u'analysis_start_time': u'2022-11-29 21:37:58', u'vx_family': u'Trojan.HTML.Hidden.1', u'av_detect': u'14', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'rfc822-email_part_001.html', u'sha256': u'5991841f0d0b33c05baeab2c866b87b0423a247614eafdffda112de9069a5548', u'type': None, u'type_short': u'html', u'size': 413}, {u'environment_id': 110, u'job_id': u'63764586f2ced261cb4247ec', u'analysis_start_time': u'2022-11-17 14:30:31', u'vx_family': u'Phishing site', u'av_detect': u'8', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 16, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'3f2afc09c8491cd0467de0bb1a0f40865550f686777efcbef22399d672572dce', u'type': None, u'type_short': u'url', u'size': 305}, {u'environment_id': 120, u'job_id': u'6369bb23c90e715df924df2e', u'analysis_start_time': u'2022-11-08 02:12:52', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'45b03fe4427c993fcd3fd86ea0653b0e7cc007e8ad65e31581e62132e63f1e14', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 160, u'job_id': u'636281a88f64a063651ceaff', u'analysis_start_time': u'2022-11-02 14:41:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'61b1cc0537053e2876e4e2bd9e5bc874e980cda8bae7ae2039d9c02998a32562', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 100, u'job_id': u'635882668f9ad024065477d8', u'analysis_start_time': u'2022-10-26 00:42:14', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0d95c3235f13121a871148a672ac841f489584937622a18f2c4598bf58d8a241', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 100, u'job_id': u'63564e6ace166b090d3c3045', u'analysis_start_time': u'2022-10-24 08:35:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'34d67fad8045f7de1db4f06d2b2051ca5e46fe962879b6e4d33e187924fe935b', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 110, u'job_id': u'634a56d4b80c06008757bc41', u'analysis_start_time': u'2022-10-15 06:44:38', u'vx_family': u'Phishing site', u'av_detect': u'9', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 78, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'7213bd8277b28523618c1b5b6bf3f27ccc7dcd6693edba6a82e511aca4ad0e24', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 100, u'job_id': u'63321bcac6ff822914185cf4', u'analysis_start_time': u'2022-09-26 21:38:19', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e12119a3760db0872df94b860880bef1f07dcffdf3f3bfd3b8fa2d5179b773ce', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 100, u'job_id': u'632b8d686a157c3383362586', u'analysis_start_time': u'2022-09-21 22:17:13', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 33, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'da3e56c906f9dc5bfb98ea2091bd2edd31013446f1b533613d7ab1544cb46867', u'type': None, u'type_short': u'url', u'size': 78}, {u'environment_id': 100, u'job_id': u'631e8a103ac2dd59e75bd028', u'analysis_start_time': u'2022-09-12 01:23:29', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'02b0ff140e8d110412dad713ea68a678d8f00d185e126dbaa968fc6da44e45d2', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 100, u'job_id': u'630e944ecad9df06be085b88', u'analysis_start_time': u'2022-08-30 22:50:55', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'072e3ec83c217f53774393c7c55b71b6ac38b677006d238619898149b4ae8ff0', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 100, u'job_id': u'62faf453f8181107c461186a', u'analysis_start_time': u'2022-08-16 01:35:15', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fe2af1766084a7c48df58d7e964138220afabdf4abc0e7fb0d3a87ef13318110', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 120, u'job_id': u'62ece8b3b10f5e5c39274ed4', u'analysis_start_time': u'2022-08-05 09:53:56', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e18b01f7d649ef68ea6d24248ea0193fa5f0ac85cd0c1bef4112fcd824ca887e', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 100, u'job_id': u'62e803d5a5a7870ff72f3cf6', u'analysis_start_time': u'2022-08-01 16:48:22', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'9e255d1be44c24749101e3045b28e8f610869aa0e61723e6d6d258da1b22475c', u'type': None, u'type_short': u'url', u'size': 97}]}104.196.30.220
2023-05-12 03:32:04Open TCP PortNoPulsedive0030None188.114.97.3:80188.114.97.0/24
2023-05-12 03:23:13Open TCP PortNoPulsedive0030None188.114.96.2:80188.114.96.0/24
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0040NoneCloudFlare, Inc. Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2015-10-20T06:46:53Z Creation Date: 2009-02-17T22:08:05Z Registry Expiry Date: 2024-02-17T22:08:05Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARE.NET Name Server: NS2.CLOUDFLARE.NET Name Server: NS3.CLOUDFLARE.NET Name Server: NS4.CLOUDFLARE.NET Name Server: NS5.CLOUDFLARE.NET DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2022-03-16T19:39:08Z Creation Date: 2009-02-17T22:08:05Z Registrar Registration Expiration Date: 2024-02-17T22:08:05Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Name Server: ns1.cloudflare.net Name Server: ns2.cloudflare.net Name Server: ns3.cloudflare.net Name Server: ns4.cloudflare.net Name Server: ns5.cloudflare.net DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:09:57Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.108
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None2WIRE431 (Net ID: 00:02:2D:68:9D:A0)34.0544, -118.244
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.12135.229.48.116
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.155): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:44HTTP HeadersNoCensys0030None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H04J1V5ZEHVH006E5VV5HBN1"], "Date": ["<REDACTED>"], "Server": ["Netlify"]}35.229.48.116
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Noneballpark (Net ID: 00:02:2D:3D:74:62)37.7642, -122.3993
2023-05-12 03:00:51Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.75): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneEquiscript (Net ID: 00:18:0A:6F:96:37)32.8608, -79.9746
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomCECF14 (Net ID: 00:0C:F6:CE:CF:14)50.8897, 6.0563
2023-05-12 03:18:46Raw File Meta DataNoFile Metadata Extractor0040None{'Image ExifOffset': (0x8769) Long=90 @ 66, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 112, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 54, 'Image XResolution': (0x011A) Ratio=72 @ 74, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 124, 'Image YResolution': (0x011B) Ratio=72 @ 82, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 136, 'EXIF ExifImageLength': (0xA003) Long=3088 @ 160, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 100, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 42, 'EXIF ExifImageWidth': (0xA002) Long=2316 @ 148, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 172}https://pics.battleb0t.xyz/images/carti_3.JPG
2023-05-12 03:21:08Account on External SiteNoAccount Finder0020NonePinterest (Category: social) https://www.pinterest.com/dawidsulej/dawidsulej
2023-05-12 02:53:52Netblock IPv6 MembershipNoCensys0020None2606:50c0:8003::/482606:50c0:8003::153
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.213): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f6071cb5443bc-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:31:27Affiliate - Email AddressNoE-Mail Address Extractor0050Nonedomains@hostex.lt% Hello, this is the DOMREG whois service. % % By submitting a query you agree not to use the information made % available to: % - allow, enable or otherwise support the transmission of unsolicited, % commercial advertising or other solicitations whether via email or % otherwise; % - target advertising in any possible way; % - to cause nuisance in any possible way to the registrants by sending % (whether by automated, electronic processes capable of enabling % high volumes or other possible means) messages to them. % % Version 0.4 % % For more information please visit https://whois.lt % Domain: 000.lt Status: registered Registered: 2022-10-11 Expires: 2023-10-12 % Registrar: Telia Lietuva, AB Registrar website: http://www.hostex.lt Registrar email: domains@hostex.lt % Contact organization: Telia Lietuva, AB Contact email: domains@hostex.lt % Nameserver: ns3.hostex.lt Nameserver: ns4.hostex.lt Nameserver: ns1.hostex.lt Nameserver: ns2.hostex.lt
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.192): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonepannet-24 (Net ID: 00:01:8E:DA:59:C4)37.780462,-122.390564
2023-05-12 03:01:46Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.255): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS (Net ID: 00:00:C5:D7:60:F4)41.8781, -87.6298
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00steveng.github.io] https://www.openphish.com/feed.txt00steveng.github.io
2023-05-12 03:23:13Open TCP PortNoPulsedive0030None188.114.96.2:443188.114.96.0/24
2023-05-12 02:54:54Open TCP PortNoCensys0020None2a06:98c1:3121::1:802a06:98c1:3121::1
2023-05-12 03:32:29Open TCP PortNoPulsedive0030None188.114.97.15:443188.114.97.0/24
2023-05-12 03:08:45Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.210104.196.30.220
2023-05-12 02:53:04Web TechnologyNoTool - WAFW00F0020NoneNone Nonefluid.battleb0t.xyz
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5818d4bebc22ee-ORD"]}188.114.97.1
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5221619826367a-FRA"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.168.252
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:443188.114.96.1
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NonePG Airnet (Net ID: 00:02:2D:27:B4:51)37.7642, -122.3993
2023-05-12 03:32:25Open TCP PortNoPulsedive0030None188.114.97.13:8443188.114.97.0/24
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.241): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:13:02Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0.crimson-perch.github.io] https://www.openphish.com/feed.txt0.crimson-perch.github.io
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2095172.67.168.252
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneonshome (Net ID: 00:0C:41:67:02:1F)39.0469, -77.4903
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES_RT-205 (Net ID: 00:12:BF:FD:D7:C4)40.2024, 29.0398
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonedevolo-000B3BEA35D8 (Net ID: 00:0B:3B:EA:35:D8)50.8897, 6.0563
2023-05-12 02:44:31Internet Name - UnresolvedNoDNS Resolver0020Noneportainer.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneGOAT (Net ID: 00:00:C5:D3:87:1C)37.780462,-122.390564
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None000b000.github.io185.199.111.153
2023-05-12 02:44:31IPv6 AddressNoDNS Resolver0030None2606:4700:3037::6815:470epanel.battleb0t.xyz
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.247): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:09Open TCP PortNoPulsedive0030None188.114.96.0:8443188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonehomespies (Net ID: 00:06:25:63:06:A6)33.336199,-111.89446440830702
2023-05-12 02:54:13HTTP HeadersNoWeb Spider10030None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU
2023-05-12 02:55:22Linked URL - InternalNoGoogle0010Nonehttps://battleb0t.xyz/battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom6E1FC8 (Net ID: 00:0C:F6:6E:1F:C8)50.8897, 6.0563
2023-05-12 02:44:11Co-Hosted SiteNoSSL Certificate Analyzer0110Nonegithub.combattleb0t.xyz
2023-05-12 03:23:41Account on External SiteNoAccount Finder0080NoneArtBreeder (Category: art) https://www.artbreeder.com/baptiste.vautheybaptiste.vauthey
2023-05-12 02:45:32Raw Data from RIRsNoipapi.co0030None{u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'34.148.97.127', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'34.148.0.0/16', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}34.148.97.127
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.7): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NoneHSTSfunny.battleb0t.xyz
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c594d129a872998-ORD Content-Encoding: gzip 104.21.6.166
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneInstagram (Category: social) https://instagram.com/AltpapierAltpapier
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneBaur (Net ID: 00:0C:F6:67:34:C4)50.8897, 6.0563
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.215): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:23:11Open TCP PortNoPulsedive0030None188.114.96.1:8443188.114.96.0/24
2023-05-12 03:09:49Affiliate - Internet NameNoDNS Resolver0040None80.170.74.34.bc.googleusercontent.com34.74.170.80
2023-05-12 03:08:48Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.10735.229.48.116
2023-05-12 02:50:50Malicious IP AddressYesVirusTotal0120NoneVirusTotal [104.21.6.166] https://www.virustotal.com/en/ip-address/104.21.6.166/information/104.21.6.166
2023-05-12 02:56:56Internet Name - UnresolvedNoDNS Resolver0020Noneportainer.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:01 2022 GMT Not After : Feb 15 09:44:00 2023 GMT Subject: CN=portainer.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b: ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3: bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20: df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1: 57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59: fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9: be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47: ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f: 9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de: 5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e: 71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5: 8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98: 8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd: 1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90: c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85: 69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14: 0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef: 5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42: eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d: b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69: 74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9: 94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7: 06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c: ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68: 1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20: ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5: 7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3: 23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82: d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0: 9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9: 0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba: 34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af: b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46: 99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82: 5c:f7:3f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:portainer.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 7b:33:f1:a4:1d:68:11:39:8e:a5:85:a1:57:3a:ca:d6:76:61: f8:90:77:ab:e2:9c:59:92:45:d9:89:9e:df:9d:5a:f5:8b:7f: 42:54:73:71:1b:ca:7f:2b:96:f8:66:7c:34:c0:4e:2c:4c:9f: 09:95:c5:44:f7:32:57:ad:ef:51:b6:f3:c5:42:de:f8:f8:40: ba:f2:1b:dc:8d:ef:98:6c:11:da:4c:0a:34:59:21:6e:c6:73: f1:61:40:2e:f2:b9:f0:51:47:9f:99:b8:d9:0d:49:7a:ef:27: e4:14:a2:91:4e:c8:ff:77:ed:d8:2a:08:39:4d:00:8c:b1:9e: 3f:a5:b7:7f:34:b6:23:7c:d8:2c:35:c9:7e:78:84:b5:e7:43: e6:b4:77:80:74:b2:b6:5f:6a:41:e0:e4:7d:ef:7c:67:27:96: b1:ac:62:09:93:da:ed:11:2b:48:d5:94:7a:0b:9e:f1:11:21: dc:75:a1:c4:c6:6d:aa:ec:0e:65:68:9b:cf:38:b0:39:f3:a1: 13:80:f1:21:f3:20:a7:54:f6:76:9a:e6:a2:d4:20:0b:0a:f3: 8c:94:c2:94:30:fd:f1:9c:4a:e9:36:b3:ce:d7:bf:1f:5a:c8: 68:2f:89:7a:a2:d2:eb:17:ad:ce:de:30:8f:4f:0e:24:60:d8: dd:33:cb:70
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneUnited StatesDomain Name: netlify.app Registry Domain ID: 2CB5C0CD0-APP Registrar WHOIS Server: whois.nic.google Registrar URL: http://www.name.com Updated Date: 2023-04-11T15:58:16Z Creation Date: 2018-05-08T22:48:05Z Registry Expiry Date: 2024-05-08T22:48:05Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Netlify Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: CA Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: US Registrant Phone: REDACTED FOR PRIVACY Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.p01.nsone.net Name Server: dns2.p01.nsone.net Name Server: dns3.p01.nsone.net Name Server: dns4.p01.nsone.net DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely for query-based, informational purposes. By querying our WHOIS database, you are agreeing to comply with these terms (https://www.registry.google/about/whois-disclaimer.html) and acknowledge that your information will be used in accordance with CRR's Privacy Policy (https://www.registry.google/about/privacy.html), so please read those documents carefully. Any information provided is "as is" without any guarantee of accuracy. You may not use such information to (a) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations; (b) enable high volume, automated, electronic processes that access the systems of CRR or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations; or (c) engage in or support unlawful behavior. CRR reserves the right to restrict or deny your access to the Whois database, and may modify these terms at any time. Domain Name: netlify.app Registry Domain ID: 2CB5C0CD0-APP Registrar WHOIS Server: whois.nic.google Registrar URL: http://www.name.com Updated Date: 2023-04-11T15:58:16Z Creation Date: 2018-05-08T22:48:05Z Registry Expiry Date: 2024-05-08T22:48:05Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Netlify Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: CA Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: US Registrant Phone: REDACTED FOR PRIVACY Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.p01.nsone.net Name Server: dns2.p01.nsone.net Name Server: dns3.p01.nsone.net Name Server: dns4.p01.nsone.net DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely for query-based, informational purposes. By querying our WHOIS database, you are agreeing to comply with these terms (https://www.registry.google/about/whois-disclaimer.html) and acknowledge that your information will be used in accordance with CRR's Privacy Policy (https://www.registry.google/about/privacy.html), so please read those documents carefully. Any information provided is "as is" without any guarantee of accuracy. You may not use such information to (a) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations; (b) enable high volume, automated, electronic processes that access the systems of CRR or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations; or (c) engage in or support unlawful behavior. CRR reserves the right to restrict or deny your access to the Whois database, and may modify these terms at any time.
2023-05-12 03:41:52Open TCP PortNoCensys0130None45.131.109.53:338945.131.109.53
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.18): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:AA:8C:74:82)41.8781, -87.6298
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneENHLG (Net ID: 00:01:36:5B:37:00)37.7813933,-122.3918002
2023-05-12 03:00:52Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.80): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:16:23Raw Data from RIRsNoipapi.co0020None{u'region_code': u'NH', u'country_tld': u'.nl', u'ip': u'188.114.96.1', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 17231017, u'country_code': u'NL', u'timezone': u'Europe/Amsterdam', u'city': u'Amsterdam', u'network': u'188.114.96.0/22', u'languages': u'nl-NL,fy-NL', u'version': u'IPv4', u'latitude': 52.3759, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Netherlands', u'country_capital': u'Amsterdam', u'org': u'CLOUDFLARENET', u'postal': u'1012', u'asn': u'AS13335', u'country': u'NL', u'region': u'North Holland', u'longitude': 4.8975, u'country_calling_code': u'+31', u'country_area': 41526.0, u'country_code_iso3': u'NLD'}188.114.96.1
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATT2fMx5Ja (Net ID: E0:22:04:69:C4:4A)37.751, -97.822
2023-05-12 03:32:21Open TCP PortNoPulsedive0030None188.114.97.11:8080188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:18:F8:E5:8F:A8)32.8608, -79.9746
2023-05-12 02:53:56HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["8F4E:438C:28D6A76:39C4C57:645DA4A1"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100090-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683858593.452046,VS0,VE24"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8d-239b\""], "X_Fastly_Request_Id": ["bf30db8298ebcbd37ba35a7187f0fd669e8117db"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}2606:50c0:8001::153
2023-05-12 03:01:10Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.124): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneMCUUID (Minecraft) (Category: gaming) https://mcuuid.net/?q=AltpapierAltpapier
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonertsmith134 (Net ID: 00:01:24:F0:37:68)33.336199,-111.89446440830702
2023-05-12 02:53:04Web TechnologyNoTool - WAFW00F0020NoneCloudflare Inc. Cloudflarefluid.battleb0t.xyz
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.197): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES (Net ID: 00:12:BF:3E:F2:BC)40.2024, 29.0398
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NonePLXDevices (Net ID: 00:06:66:30:03:AC)33.6170672,-111.90564645297056
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-ray: 7c5f8c59d97743e3-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:57:22Co-Hosted SiteNoCertificate Transparency0010Nonesni.cloudflaressl.combattleb0t.xyz
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonememrise (Category: hobby) https://app.memrise.com/user/ayhu/ayhu
2023-05-12 03:32:04Open TCP PortNoPulsedive0030None188.114.97.3:8080188.114.97.0/24
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0020NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60363a5a178c')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="49Idt7TVQjX1pBvRrI.6aeE3rlIvevuAC7b5vTR0YGE-1683860053-0-AY2CmFGtsZtnLcnB3KaVSnayJydAFpMBwiHerGE4rgR3JSYE2THMUlIcqEG1Ue8w91NqXc1_LHx6GFVlXiEAESIr_nGQ5go_qchKEn3Zd9LGEn7sjdr5MGswrCl99ImQfUgu6KdI_WivVs4bd90GT85W3eqgKUj3u0FUHAfgMsZls8XQdBKgHld4LM0wMOiwkj4Zv_skkfuoeKho_dzt4CkE8TkBrPt00M8eIbThaadGvVY0ZXacJCnFJrMWgEfguZYQYUBYVuQPCo4vsaoC9FJto9c6wa1TZj17T__0EGfb7iIg-Fe40vQL0GKl1g68OrtJF7bhLP5OSmmfJD-JBdOEbpA042KC5D5FyslCSfE7VL_rZtwmaMGkKhFs9rNjkGtzvRpQkvZRYfyEeWln9xUv2AoyKgo_1wsNTA_ve-XNzmkKtYDqJDpKDva2W3pJ_3486t1fxBPGklTfmIx9NlGkUpFz141VY7sqmJxOdPADiSQrKzSt-fovaHrioNcpkC_a9kgYIR8XX9ZtGjpkxl_IolwlzL--CdPxkW0zMtKJ-ob6rp2YNV1BUrgbluir9hqadqgAXGwt_gZWou60RMf3UaSZgv32iteEpLg55lWyX9LlrUvEr69WGY_mW2VC6sS9celjhcxiPOQLUkE6KOI9dyhMsK_hvZhX7dDzQsZTH4jAvHUf9CQD2LuSWPV3IPZysl2v0-TSOr10-QdcM27ziun4ot0DvTudFu8lZubQ6YgSwrTQ0wlCjvSq6gwpTOqihrt99F-QaEJWo9sY1ul0FhgMesYynTr4n3snoOM31ZGsLMXWKlkFnwUy1gZdrnW6lGoCkCZNGJjETZCrO0I1-blCIjRzIo6n3EQP7MT5qxAPdJn4-285kyLwMrAm9nW0Fi-T32j1LOogUb6WyPmjQkstsoGMIPyZHJWu0K53P0Hp3SPyKBDSdN4PFWJ5HhYglCXZ4frWkFfTdPf1mz5N5hMALh4FLKDLHit2KyOqpzy4LGkpslmmSQV9AzBKoRj1GEO_-FcLHTt9Y_hlt3lZHsDBr1qsBzb2CCXFE8o-Cu7OAduNH_CAS2sCSdUmt1KpWrCRaId6zphb5lrgZKo6-UG1p8eW6scfDanDgxE_uwAeJyjUHxAEdnSiE1KEwJ9jCVqAgp9dVVHeTI4rz44dE3vG-URKonk4rAmwzUrgRitO_d4uGYtEZ4E7qxVnEHPqSPPlSj7XCukbKVCLBJxrlSwrndqrFnPWXTVbd4VDbjuKYax1pPS7eYUGT_UeCCeppPOHUje3Psa1ejipoF94FUlnfTdlsYbhNQHOKrCLTleuO-lGh4FkydbCaYMbMeAAZyBt0xtAetQyd7ldNHUNuC2Nofi66SO1NL6dsaVskjPRRnE6ZvIpqMSXLJLgGQGDosioOi4TetnoLMpoodURiB_nIbRVwEcdjLeqlr_heAlhB9DjGpMi7U2THwVCr2WtE0eC7jgUi7EvjeNq152r1Qqg397yfToV5_wu059jWgynPgNUwC4lcn5G-MBIXveyQXm1Kc3wCLL9zpH8MAPvrg7a-sB2jNRF-Z6W26XqIgEKRCWc-Pxvv_Wf4vRraOQIcroiI7Bz-VZanQ8qRRCNJq9kL7QMtAUM-80bmDBTJgrVoo5PdyUEhsNJHqX9OXSul2XByOb4cFHCten8oYXlq-xQqbPW5cLy025uWQytdBIECEqK0e5vKcu_KE0Uj51a0tZyH3JcwbPPE_fH4pbZorm5Kg1q7pYpinkOp5o93d4llyQL17ps--AQEqRvOWDfy9ih2KJc_BE5lNLHq-v1h4WyL3qch3dFUNrf6TKv44d5E5ZODSf9MR91_YJ1LP3HF-0gnEEbwwFvu5w7kqPMreWbivd9zybQFoONhHZIvue3MsgjfZ1vLvfzi0_pLzPV9XnL3aZnuVWNQ5m-tjTF6DVwD4heQQWtO8aBzn7YpoO7pmb5XcFPRZknXUl9vyibdHsym3ALRgx4Xf0sXY0Egq8vPrGtUmUt_qhEJTk5P3R0wsoRFa49pkuv79cmFbVV6UYUcsY_Ht1FZEPOAMMuij1BfHolOncuoa8HH91s4MToLK5e4ZXLCuwnrhU1Iz07g8_F8FiO-szvC0BSEfX52p_c3LsFOQ8KHGFOOtlIbkgQfFx7vErT1y0UZSuoR1HN5mwxz005itrk8qw-cU_4QXYVr0nnwhQQexYkVxHYLRxlHlGu9xonuO_9eyVCe8GyN79j4Enif4_dFDplAW77cjHRHWhMTCE5n_dU-96YMnkyFZr2m1KSUUWqQndQzduR6sMHEDQuErbPvLqIaJ3xphVgcTAzrMD12jvSU-bukvEL-wHHmzTDiCAItW9qw0XBzVZ7Ll736rJi4i9XorZ16wxKlOhw9SC6r707lQ43XMPgmmt8I71p5Y7NNqy-niBv8MJGeGRjObImH8n6JVBEQ7vEkMfTCD53zst2b-4V3RTMfSwntBlaoqZZYZdNBZBlFTqFK5PeKUk6cNexkn95wQmcJcuYO0vxq3IUpP6X"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '94216', cRay: '7c5f60363a5a178c', cHash: 'a8c2f7f784ba63b', cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'TetCTvIHDoj9yN1Q4CtSp4oIXaz0U+HIhBy4s5iV5musPrd3qRRyHc90BWI/jzQYM3TsRZmdrYIIHsGBQ3rbPW3lOoqcfi5CawfhzjAeMsvCOqeqTs713ExQ08oz+vVkhRriZ7KOQkOV4gBocW2cG02BuWOMw473YNbayiyCJXNB9iidY4XwtRQU/oWv27be04lXHovk9dndBeKEBgbit5s9pMfaIl2tziG8KWxKRTXRRw94m0HSrFr22Qs7or0V3+F4nT0oqiT9CcwY4AtGAb1j1UI+nGhI1ep4c+HVRPQEv5JYmnedW8parB9/FBeu/+bgHoTPsvVjRcT+Zj3bh9L0pk5dvmAuwrAT2+Y12w3HYJ8EUaGW5hUxEwUm3qO45VrjFOfVZH1XXhpCDpIgdaMP38+Gmi8gCSX1fmRmElBR13XOvdIqlcHPrE3eBXTlLOzhqpjHznAyvR3aMgy5C0JAffwSrtelgLWCQTUkAhSVivNH0wfno5PZypoOVrpGZ9n0kycNgQnfvHpFI9kAmKT2MlQ1LuH6zqEPZLkiqKrLJjogiPERqj0XyjcrK42c', t: 'MTY4Mzg2MDA1My40NzkwMDA=', m: 'X3NUo99x/4mGPFmrz69qVs5k5pJtmgeVcyYRkA87vXs=', i1: 'Sn1NO9u6sfSr5lno+YjwEg==', i2: 'LxAqQZecIh4w4zR/ETAJ7g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60363a5a178c'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60363a5a178c'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneLang Sky Harbor (Net ID: 00:03:93:E9:7A:05)33.336199,-111.89446440830702
2023-05-12 03:08:40Affiliate - IP AddressNoDNS Look-aside1020None185.199.109.154185.199.109.153
2023-05-12 02:46:38Netblock MembershipNoRIPE2030None34.74.160.0/2034.74.170.74
2023-05-12 03:03:40Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0101kvmt.github.io
2023-05-12 02:54:20Open TCP Port BannerNoCensys0040NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H06PCVJ4HBKTDMM1V2TTSTEZ Date: <REDACTED> Content-Length: 0 2600:1f18:2489:8200::c8
2023-05-12 02:54:15Linked URL - InternalNoWeb Spider7020Nonehttps://nwapi2.battleb0t.xyz/nwapi2.battleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES (Net ID: 00:12:BF:5F:88:E4)40.2024, 29.0398
2023-05-12 03:23:15Open TCP PortNoPulsedive0030None188.114.96.3:443188.114.96.0/24
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:47:46Open TCP PortNoPulsedive0030None34.74.170.74:8034.74.170.74
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2086188.114.96.1
2023-05-12 02:44:58Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.110.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.108.0/22', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}185.199.110.153
2023-05-12 03:24:22HTTP HeadersNoWeb Spider10020None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}http://ayhu.xyz/
2023-05-12 03:03:36Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00p513-dev.github.io
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonesnowzef (Net ID: 00:01:36:07:D6:9C)52.3759, 4.8975
2023-05-12 03:11:19Physical LocationNoAbstractAPI1020NoneBursa, Bursa, 16350, Turkey, Asia87.248.157.102
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneOMNI (Net ID: 00:06:25:FA:6F:A7)33.336199,-111.89446440830702
2023-05-12 02:53:39Open TCP PortNoCensys0020None185.199.108.153:80185.199.108.153
2023-05-12 02:56:16Web TechnologyNoTool - WAFW00F0020NoneCloudflare Inc. Cloudflarewww.ayhu.xyz
2023-05-12 02:52:43Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'YPO - Certified Act of the Ordinary Assembly.htm', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_a14_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_a14_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_a14_ConnHashTable<2580>_HashTable_Mutex"\n "IsoScope_a14_IESQMMUTEX_0_331"\n "IsoScope_a14_IE_EarlyTabStart_0x344_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2580"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a14_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a14_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a14_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "142.250.191.74:443"\n "142.251.46.225:443"\n "207.58.149.159:443"\n "185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"queryfibre.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "lh3.googleusercontent.com"\n "mastermanpublications.com"\n "query.prod.cms.msn.com"\n "queryfibre.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "adbred_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF55.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"loading_1_.gif" has type "GIF image data version 89a 144 x 68" and extension "gif"\n "back_1_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1694x953 components 3" and extension "jpg"\n "pAxMM_1_.png" has type "PNG image data 160 x 14 8-bit/color RGBA non-interlaced" and extension "png"\n "microsoft_1_1_.png" has type "PNG image data 48 x 48 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002776]\n "Cab1689.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1689.tmp]- [targetUID: 00000000-00002776]\n "CabF44.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabF44.tmp]- [targetUID: 00000000-00002776]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df1354a31362cff700.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{f19685c7-eaba-11ed-831b-080027c8d963}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{f19685c9-eaba-11ed-831b-080027c8d963}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe53b5c5f3cc72065.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df1354a31362cff700.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{f19685c7-eaba-11ed-831b-080027c8d963}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe53b5c5f3cc72065.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{f19685c9-eaba-11ed-831b-080027c8d963}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"adbred_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002580]\n "urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00002580]\n "urlref_httpqueryfibre.github.iov4seizle.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00002580]\n "loading_1_.gif" has type "GIF image data version 89a 144 x 68"- [targetUID: 00000000-00002580]\n "TarF55.tmp" has type "data"- Location: [%TEMP%\\TarF55.tmp]- [targetUID: 00000000-00002776]\n "sip_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00002580]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00002580]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002776]\n "d_2_" has type "Web Open Font Format CFF length 31000 version 0.0"- [targetUID: 00000000-00002580]\n "d_1_" has type "Web Open Font Format CFF length 30852 version 0.0"- [targetUID: 00000000-00002580]\n "d_1_" has type "Web Open Font Format CFF length 30812 version 0.0"- [targetUID: 00000000-00002580]\n "~DFE63417DCA6F3BF5E.TMP" has type "data"- Location: [%TEMP%\\~DFE63417DCA6F3BF5E.TMP]- [targetUID: 00000000-00002580]\n "back_1_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1694x953 components 3"- [targetUID: 00000000-00002580]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00002580]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002580]\n "~DF479B344953954C5B.TMP" has type "data"- Location: [%TEMP%\\~DF479B344953954C5B.TMP]- [targetUID: 00000000-00002580]\n "~DF230A55C5ABF3CB5A.TMP" has type "data"- Location: [%TEMP%\\~DF230A55C5ABF3CB5A.TMP]- [targetUID: 00000000-00002580]\n "~DF1354A31362CFF700.TMP" has type "data"- Location: [%TEMP%\\~DF1354A31362CFF700.TMP]- [targetUID: 00000000-00002580]\n "~DFE53B5C5F3CC72065.TMP" has type "data"- Location: [%TEMP%\\~DFE53B5C5F3CC72065.TMP]- [targetUID: 00000000-0185.199.108.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneJunxion_Box (Net ID: 00:02:6F:3A:FE:C3)37.7642, -122.3993
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.237): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneGeocaching (Category: social) https://www.geocaching.com/p/?u=AltpapierAltpapier
2023-05-12 02:50:16Internet NameNoDNS Resolver0020Nonepanel.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 13:27:58 2022 GMT Not After : Mar 18 13:27:57 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e: aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9: 19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3: 5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c: ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e: 9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14: 1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3: e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15: 68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c: 7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3: 43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4: 23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0: 7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75: 8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09: cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b: 9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d: 8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73: 3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1: ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a: 80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66: 3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a: b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45: 0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b: 87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2: fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c: cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e: 26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be: ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2: ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32: 1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03: 33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29: 15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67: 2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20: 7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5: 3c:bf:e5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 9f:12:eb:4c:27:a2:ab:ae:53:fe:36:76:0d:83:48:c0:c4:51: c2:09:08:23:27:a9:7b:35:32:d3:06:cd:e1:f3:c9:4c:2b:19: 5c:05:3a:7d:46:7b:96:78:c2:2b:09:8f:17:00:fe:1b:3e:53: fd:3e:2f:c3:9a:b5:30:cd:5b:63:83:4a:da:77:e7:97:a3:c7: 12:1d:4e:2a:c8:68:c9:ed:8a:5e:32:c1:3c:96:1c:3b:30:00: ed:b7:3d:b1:2e:45:01:68:3f:9d:92:c2:b8:d6:0d:29:ff:f9: fd:d1:fa:45:c6:29:5f:fe:71:3e:28:8a:cb:d6:9d:51:d9:27: 23:c9:0e:6b:80:7d:c0:dc:b5:f6:e5:58:0d:23:ef:dc:ee:f1: 9f:7c:9d:ea:60:0a:da:5d:a8:81:7a:f0:00:9e:67:b5:ff:9a: 9e:41:d0:47:44:a3:ef:c7:76:fc:d5:d2:2e:9c:0a:d5:6e:f6: ca:dd:e7:c4:7f:f4:80:04:e6:a2:ea:80:8a:fc:f5:3e:75:14: 53:f6:18:aa:9c:3c:71:e7:0e:04:2f:51:6f:57:cc:c7:59:90: 38:a5:63:c4:16:26:ed:1f:c8:e7:8b:d6:6e:db:f0:07:dd:4e: a9:fa:5d:63:f8:da:5c:da:d6:9a:39:ad:eb:e5:21:56:13:72: a3:9a:36:28
2023-05-12 02:44:13IP AddressNoDNS Resolver106010None185.199.110.153battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeens Gast (Net ID: 00:01:21:1C:17:B1)52.3759, 4.8975
2023-05-12 03:09:36Affiliate - Internet NameNoDNS Resolver0040None222.30.196.104.bc.googleusercontent.com104.196.30.222
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneSpleen (Net ID: 00:05:4E:4F:B8:C2)39.0469, -77.4903
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 04:50:12 2023 GMT Not After : Jul 23 04:50:11 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8: 3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1: dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6: a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b: 57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14: 5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e: 22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56: d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e: 20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b: 1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7: e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4: c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d: b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0: 4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51: be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49: cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed: d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c: 27:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 24 05:50:12.941 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:BE:39:54:A0:5F:1F:10:03:FA:09:8D: D3:C7:7F:B5:EC:4B:30:F5:03:1A:D7:13:A5:C5:6A:89: 4C:4A:74:89:42:02:20:3C:6C:13:51:09:EB:20:0E:F2: 03:2C:A0:FE:54:7F:4D:57:F9:31:F5:F6:A8:0E:A0:F4: B8:E3:3B:F1:51:CA:99 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Apr 24 05:50:12.949 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:96:8C:23:92:33:C0:50:69:A0:CE:CA: 6D:EC:41:72:0F:3A:22:55:7C:E8:C6:CE:65:0C:82:C6: DB:89:9C:D5:92:02:20:1D:BC:82:99:B2:08:47:68:A7: 19:FE:0E:66:64:BD:7B:34:35:F5:43:E0:B0:AB:08:2C: AC:E8:D7:78:E2:75:5B Signature Algorithm: sha256WithRSAEncryption 75:8f:29:3b:d2:d8:ae:b2:42:be:ce:1d:92:6f:bf:ef:e4:4b: a2:cc:9b:be:a2:6d:3e:79:03:58:39:62:e5:65:53:10:d9:48: 8b:b1:f6:05:b6:b7:52:53:28:4f:2a:d3:20:18:d0:2e:42:4c: 67:b2:a5:67:d1:32:90:9c:d4:e9:3e:c7:a3:6d:7e:19:cf:59: bf:8e:eb:b2:ef:a8:35:56:cf:4d:12:32:f0:20:aa:e3:fa:5b: 67:0e:ad:7e:fd:aa:d9:0f:00:58:c4:8a:ff:28:e3:56:39:39: d5:d5:6e:f4:82:09:ef:eb:ef:8d:10:bb:e4:fd:d3:df:7f:82: 4d:1e:9a:8e:07:b9:a2:ea:90:75:6d:88:35:45:32:5e:ef:d2: 88:82:4a:b0:57:e7:ca:c5:b0:4c:c5:d9:46:e9:84:e0:a2:96: ca:c7:58:f8:26:23:6c:6a:c5:da:2f:19:ae:92:37:d6:01:ed: da:39:aa:b3:fd:16:7a:3d:70:fe:30:a6:ba:a8:b4:33:13:8f: 50:9b:26:ec:34:68:cd:89:95:9d:6e:0f:b9:d7:5a:5c:dd:74: 3c:28:62:ab:d4:9a:31:85:d4:70:2a:24:9e:4b:82:ea:21:71: d0:be:45:d1:a2:3f:85:e3:48:93:ac:6c:fe:38:a0:23:13:14: 9d:51:cb:62 battleb0t.xyz
2023-05-12 02:44:11Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0110Nonegithub.combattleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None6565 7375 (Net ID: 00:00:C5:D7:5E:38)41.8781, -87.6298
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.46): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneFaktopedia (Category: images) https://faktopedia.pl/user/loginlogin
2023-05-12 02:57:25Internet Name - UnresolvedNoCertificate Transparency0010Nonefiles.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:45:27Raw Data from RIRsNoipapi.co0030None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'172.67.168.252', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'172.67.0.0/16', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}172.67.168.252
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F2:68:C6)37.780462,-122.390564
2023-05-12 02:57:22Internet NameNoCertificate Transparency0010Nonenwapi2.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:09:38Affiliate - Internet NameNoDNS Resolver0040None108.48.229.35.bc.googleusercontent.com35.229.48.108
2023-05-12 02:44:49Company NameNoCompany Name Extractor0030NoneNetlify\, IncC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited States+14806242599
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneFreigut-Technik (Net ID: 00:01:21:21:C1:63)50.1188, 8.6843
2023-05-12 02:44:27Software UsedYesTool - Wappalyzer0020NoneNode.jsnwapi.battleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:02:CF:59:46:94)40.2024, 29.0398
2023-05-12 02:44:31Internet NameNoDNS Resolver0020Nonenuke.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:32:11Open TCP PortNoPulsedive0030None188.114.97.6:443188.114.97.0/24
2023-05-12 02:44:12SSL Certificate Host MismatchYesSSL Certificate Analyzer0020None*.github.io, github.io, *.github.com, github.com, www.github.com, *.githubusercontent.com, githubusercontent.comwww.battleb0t.xyz
2023-05-12 02:55:28Linked URL - InternalNoURLScan.io0020Nonehttp://kekw.battleb0t.xyz/kekw.battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonezoom0083 (Net ID: 00:01:38:69:AF:6C)37.7642, -122.3993
2023-05-12 02:55:28Linked URL - InternalNoURLScan.io0020Nonehttp://kekw.battleb0t.xyz/jarkekw.battleb0t.xyz
2023-05-12 03:08:47Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.221104.196.30.220
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter0010NoneCN=nwapi.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:24:50CountryNoCountry Name Extractor0050NoneUnited Stateskeyubu.com
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.205): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:23HTTP HeadersNoWeb Spider10040None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU
2023-05-12 02:54:19Linked URL - ExternalNoWeb Spider0030Nonehttps://www.google-analytics.com/analytics.jshttps://fluid.battleb0t.xyz/
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneVivino (Category: video) https://www.vivino.com/users/loginlogin
2023-05-12 02:44:03Internet NameNoSpiderFoot UI193000Nonebattleb0t.xyz"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 03:27:54Open TCP PortNoPulsedive0030None188.114.96.138:443188.114.96.0/24
2023-05-12 02:44:30Software UsedYesTool - Wappalyzer0020NonejQuery CDNpics.battleb0t.xyz
2023-05-12 03:21:07Malicious IP on Same SubnetYesEmerging Threats0040Noneemergingthreats.net [207.154.224.0/20] https://rules.emergingthreats.net/blockrules/compromised-ips.txt207.154.224.0/20
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom71CC68 (Net ID: 00:0C:F6:71:CC:68)50.8897, 6.0563
2023-05-12 02:53:39BGP AS MembershipNoCensys0020None54113185.199.108.153
2023-05-12 03:00:16Internet Name - UnresolvedNoCertificate Transparency0010Nonemail.ayhu.xyzayhu.xyz
2023-05-12 03:09:02Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.9987.248.157.102
2023-05-12 02:54:23HTTP HeadersNoCensys0040None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H04DT6EFGA302FBVMKFT2XD1"], "Date": ["<REDACTED>"], "Server": ["Netlify"]}2600:1f18:2489:8201::c8
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=nwapi.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0040NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6036feab195d')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="xHEPK.9yJ4uMnlaQxqQ03K5Csvr7WqmdHv5Obe9KwF8-1683860053-0-AVLFWFwz5cW9coePC-vcYYHeZXoVyZvPTnO5FSb69_py4IiBnIT69jsbDrQcjp17Zdx1pnQSJS5VK5u2qIZwYpKNdgBE5WortG78wVuw6xpL5WYKY8Pci1GRr-7IBheF2wnVhBXoAAbVv_kvF_G81MlD02OBybPgpztHUD8TsNxjUjxn5wbC4eO6XMoHSPC4tPjeAbdNC_mEhVDvKltWOjEKs7cQGG73dOqgzgZ5u0yyPTVVyh672vGUJchUE-7DlMtIc30cGk9vDedhhqnCEm6pQHqEqKn7E1c0_xe56xpqCOyx0gVIxxZL8ZolJaAY4W4DtMmEP6W2tHpS_rYvBDI9fm43yWOoTbxEvpOBUd21ETXlvv9NENQqsCUvjbm4kjTEkCkt9i7ao6sYMKBDIKOrBrqKSvX_CT_w9eydgmcnRxeGAnGPZ1UUlMCuPuHg11UNYHIqPBTtKLbqJ0CVo0se3b48fGi-sK8cLCpgZLWb2fRokqIeBAyscADBAfixig610ec8NyTnlho4fWsEuVJ8IH0YuFSDI5qB-p_hHDFAgQ4e2o5glLWVxkylixix8LPq3AjtUqJZW7z32u6RcNlBfPCJCrP_P-wzAtCmBv9wwLgJM8s28Fc0U3NqhEI7UzCd5r2rd1L9dZdXgwaESjOHBhuzibRb747KWauMhNoTHcDBBW-Cplvyyky4fhJh4codwoIMSFuB2e8vqSriOeMyuMhff86CdrTUwmJ-MpOwS5b3SzLp4WsUmqgXo5R_Ptn_13EQTYvgg_fn9wQYMVvNul0EzUw-m0dzAaXiayW9ZQRIKrGrxHaH77vlgDYfon_mV1EHNo0mYKenjF4lATYUDXOdsHJGDEb-aoyHMedXT2xjfifF75YrCt7aKEBajKaabeBOm93QKGtGLkUbhjuxR1Cv3fMl-a8Mcq-sqIzDY7Ofms_NojFVCky1MxilEB-pECoh_3dTQi7RdzrUTwf2cZR9T8D8U2K3Gvk8riLAICiz8kZstCExyU1gQxK_8IKsvToQ9RDrd9y9LVAX9qYv3TfadD1EkNEsFVChUuXBIn1vLV2P2GOPSzKbMN6zXhMlaXjRniTwtw6d8mrDXwAGH5ieemrcUb3FjxXespiPiaHaem6NlgnFXh6fqC6miAGPTygfZ8E84F8EVSFKovIkpjZZLkzg9smKqoObMwmWAc8hXyTmDTP1LoHTnasWw3kR_c4rubMdm-bM_qzcdotudBYUrTeL52K6MUKh8U0LXxV1ssRlYQtn51j2ZPTCT_4njX0UJZi7Aqe8bZOIi6YaJ6JVsLLVQlGwMIkxweehKTweGkzepoKrlA3vvzsnIuw6hwdTbMC1ff1nqZDuEXn1iUtY0QVWk3AiHWDwvflyRUhJFVQ_1RWCY6QxNbtBWuOs4Gsp4MKA65Y2bcGJNUQ61JSZsl8YoM493x6bgQq2c1ARXqI8Z_BprKNhAkkBaHzNAZnBx2sKG-aiygeREJS_Y-EXoEZkRsbQX02jydwcJZ3mjFQKdYrYE5cpUbTynwFh1r8orCm-Lgkh_khmNL7q7VDaHkkpQxyvlai7E7fXqkM8fGYOO32gd0hDiIlm85y2e8PdcZwTHglcg5WuEl3dz67kdyLqQrK_w0NhcEVoQlt-w-zjK_ug7gJVFCqVZy6o3CJv3Lkws4Pg2ePLly9U4qZNVRt3zz5hcKoCs-Pa1ZZzJ_Qzb2gSMP3u4cNDexag1H59HlUfcR7rjMJpsPYzqNpSQW3aa4RjeYciW4G4IbxfKJhCeUuFM4E4frBI_2OUYka-3R16-e5B-3ARb0HzAH7oGbA0ldmTnvfk1irgRMe8Dly0jpz5UNRE52UktWtSquB5QC1854VbxxgX4hhaW-nxmTCdOLafGYF1vg8rF-8NC1_FbTKMqIVsNKBWX0k0kJqiJjLCwjxEgXQ0Ze8manGpGGX8Y1qPfnNzHc2wFXLAoenNI_c9mp5k_TulxRQaJau67nLCYZqdFCfQ3OMpvtX4xDex5PrZ9T6mJUZ1nmSTAUixBLPwpRedqy1s01H2wlDBkSOhsj3ve3tA6H7ilQqtLQdfAuHK0_eW1Lnq3yDEyuzONZ1kc6hBMbhcyIePtyej1WeNa25rCw6imHPfgLzKSCX7sag3MiyXZyiVPtZsVrR333h3qptvAltAf6opML25pqpe_uKUHyc688RAlp_EgHCq-Gbx-iN5q2hY5Ny4xRPFJdCIjbFhNtGVw4MmWaJvAiePWPHqtweVVadLDMPlJCf3alqy71aqsxQI2WCWYRD_4Slgey6lOkSSsS-VG0B1_pBFsI7Qoqg4mLVGYQxVgLA66wEWyPhSdzuYryBNRXVwsWkB269be5JcqZIZNgC1b12-boaqHNSrCKMj83nOOm100RSF9-42ajHgNdPc9977LoOsIdA4wiwXyaum_ok5aRH8NPa5DUgCLteaEnABaI691YwS3Yv94Jp3MSd41yoh45wgGe42SPtQxw"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '8897', cRay: '7c5f6036feab195d', cHash: '461a186bf737deb', cUPMDTk: "\/?__cf_chl_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: '2ToLICUBPb7XpOOLU5MHBc4J5yG0oheUGtehN/w3ZVsFmzDAbOvCroJJwwrRkjNV6Tn52KN/9nB7B8sz2NSv9/9dxRAmoEg1HGzmozU2NACMuujm6XlVF5ozcbqn9ZBfwSat/mPFIuXurAISwgnINkk9AtugcpCUQHziQl+hs46Tkaidb6rhmNGYloX58NMp6/dt44yfsmywuLVXcAFkah1saaFWiETNA22oPOLsKwdZLjZF/57cZ6U7IE+U9u08hSy2LwMl1S56XHXIPlPdXyU5wEzETE40l9LPy3liHtZ+0sFpGwOEjIvxrQ5T+yTbOd6FLXQq2biCWHdXzGq4q/Z6wpMSuxwTK5+LQiEDYzatOhFmeim8d5on6i6XRRqVjrZwVw7DnLXOPTyWGBSUGsicd01O/2CEnxT4kImRgcQduMx6bhGCiOWw7czbee4tF0zlsS59dzRB//Ht7dvKhDA88UnMm0xLzbHkJ9p9hx93IVifAjtUzWhW/2Y09mfOKl8wDJzjQdRxKsjlPBcyuT+2r0jZJkNDjSBjms0IuC9kDZ1UDHsrKoZzpFM/Of20', t: 'MTY4Mzg2MDA1My41OTUwMDA=', m: '5/J7gGK8XmEBWkArTjJaJQpVmCj5kenNaxHbI91xZvc=', i1: 'd1xtl4gFAsGt/e5zgSdIvg==', i2: 'L38k4kp9xxsqGxDFehGWAg==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6036feab195d'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6036feab195d'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:24:48CountryNoCountry Name Extractor0040NoneGermanyFrankfurt am Main, Hesse, 60313, Germany, Europe
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:808087.248.157.102
2023-05-12 02:44:30Software UsedYesTool - Wappalyzer0020NoneNetlifypics.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Noneiz-wpa (Net ID: 00:01:8E:1A:64:A6)37.780462,-122.390564
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneXFINITY (Net ID: 00:0D:67:37:7A:79)39.0469, -77.4903
2023-05-12 02:44:49Company NameNoCompany Name Extractor0020NoneDomains By Proxy, LLCDomain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneCCAZ (Net ID: 00:02:6F:EA:D0:4E)33.617190550339146,-111.90827887019054
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMmorpg (Category: gaming) https://forums.mmorpg.com/profile/loginlogin
2023-05-12 03:00:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.46): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneYOSEMITE (Net ID: 00:03:52:A1:3D:41)33.336199,-111.89446440830702
2023-05-12 02:53:00Web TechnologyNoTool - WAFW00F0020NoneNone Noneoldfluid.battleb0t.xyz
2023-05-12 02:49:08Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': u'Windows Gui', u'classification_tags': [u'windows-server-utility'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': 1, u'submit_name': u'popgui.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function address', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"popgui.exe" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter FlsSetValue (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter LCMapStringEx (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter FlsFree (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter InitOnceExecuteOnce (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateEventExW (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateSemaphoreW (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateSemaphoreExW (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateThreadpoolTimer (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter SetThreadpoolTimer (UID: 00000000-00005448)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"popgui.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 752a0000\n "popgui.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 752a0000\n "popgui.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 752a0000\n "popgui.exe" loaded module "KERNEL32" at base 749c0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 6f980000\n "popgui.exe" loaded module "COMCTL32.DLL" at base 6f1e0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\NAPINSP.DLL" at base 6fb10000\n "popgui.exe" loaded module "RPCRT4.DLL" at base 74330000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\PNRPNSP.DLL" at base 6faf0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\NLAAPI.DLL" at base 6fad0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\MSWSOCK.DLL" at base 6fc90000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\WINRNR.DLL" at base 6fac0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\FWPUCLNT.DLL" at base 6fba0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\RASADHLP.DLL" at base 6fdb0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"popgui.exe" called "LoadLibrary" with a parameter api-ms-win-core-synch-l1-2-0 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter api-ms-win-core-fibers-l1-1-1 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter api-ms-win-core-localization-l1-2-1 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter kernel32 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter comctl32.dll (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter %PROGRAMFILES(X86)%\\COMMON~1\\MICROS~1\\OFFICE14\\Cultures\\office.odf (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter Comctl32.dll (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter %PROGRAMFILES(X86)%\\MICROS~1\\Office14\\1033\\GrooveIntlResource.dll (UID: 00000000-00005448)'}, {u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-10', u'name': u'Loads the RPC (Remote Procedure Call) module DLL', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"popgui.exe" loaded module "%WINDIR%\\SysWOW64\\rpcrt4.dll" at 74330000'}, {u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-9', u'name': u'Loads the cryptographic module DLL', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1027', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-267', u'attck_id': u'T1027', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"popgui.exe" loaded module "%WINDIR%\\SysWOW64\\bcryptprimitives.dll" at 763D0000'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer"\n "Local\\SM0:5448:168:WilStaging_02"\n "SM0:5448:64:WilError_01"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer"\n "Local\\SM0:5448:64:WilError_01"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer"\n "Shell.CMruPidlList"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_exif.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit"'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1546/015', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1546.015', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"popgui.exe" touched "Computer" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\INPROCSERVER32")\n "popgui.exe" touched "Shell File System Folder" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\INPROCSERVER32")\n "popgui.exe" touched "Property System Both Class Factory" (Path: "HKCU\\WOW6432NODE\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}")\n "popgui.exe" touched "Private Profile Object" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\INPROCSERVER32")\n "popgui.exe" touched "File Open Dialog Legacy" (Path: "HKCU\\WOW6432NODE\\CLSID\\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}")\n "popgui.exe" touched "MruLongList" (Path: "HKCU\\WOW6432NODE\\CLSID\\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\\TREATAS")\n "popgui.exe" touched "Microsoft Shell Folder AutoComplete List" (Path: "HKCU\\WOW6432NODE\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\TREATAS")\n "popgui.exe" touched "Microsoft AutoComplete" (Path: "HKCU\\WOW6432NODE\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\TREATAS")\n "popgui.exe" touched "Microsoft TipAutoCompleteClient Control" (Path: "HKCU\\WOW6432NODE\\CLSID\\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\\TREATAS")\n "popgui.exe" touched "Background Task Scheduler" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\\INPROCSERVER32")\n "popgui.exe" touched "Home Folder" (Path: "HKCU\\WOW6432NODE\\CLSID\\{679F85CB-0220-4080-B29B-5540CC05AAB6}\\SHELLFOLDER")\n "popgui.exe" touched "UsersLibraries" (Path: "HKCU\\WOW6432NODE\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\SHELLFOLDER")\n "popgui.exe" touched "Computers and Devices" (Path: "HKCU\\WOW6432NODE\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SHELLFOLDER")\n "popgui.exe" touched "Explorer Browser" (Path: "HKCU\\WOW6432NODE\\CLSID\\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\\TREATAS")\n "popgui.exe" touched "Browser Progress Aggregator" (Path: "HKCU\\WOW6432NODE\\CLSID\\{104846AB-42B1-4E38-A80D-136F78C3F258}\\TREATAS")\n "popgui.exe" touched "Known Folder Manager" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\\INPROCSERVER32")\n "popgui.exe" touched "Memory Mapped Cache Mgr" (Path: "HKCU\\WOW6432NODE\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\TREATAS")\n "popgui.exe" touched "Library Description" (Path: "HKLM\\SOFTWARE\\CLASSES\\W185.199.110.153
2023-05-12 02:46:18Affiliate Description - CategoryNoDuckDuckGo0020NoneReverse proxyskip.ns.cloudflare.com
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.86): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonetrakt (Category: video) https://trakt.tv/users/ayhuayhu
2023-05-12 03:00:57Malicious Co-Hosted SiteYesVXVault.net0120NoneVXVault Malicious URL List [www.github.com] http://vxvault.net/URL_List.phpwww.github.com
2023-05-12 02:49:43Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://shamsifarooq.github.io/netflix-clone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://shamsifarooq.github.io/netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_cd8_IESQMMUTEX_0_331"\n "IsoScope_cd8_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_cd8_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3288"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cd8_ConnHashTable<3288>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_cd8_IE_EarlyTabStart_0x9d4_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cd8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "index_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "D24MEDJX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D24MEDJX.txt]- [targetUID: 00000000-00003288]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._EA3C22C7-B343-11ED-86D0-080027B04019_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "netflix-clone_1_.htm" has type "HTML document UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "nficon2016_1_.ico" has type "MS Windows icon resource - 1 icon 64x64 32 bits/pixel"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003288]\n "313FKF4U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\313FKF4U.txt]- [targetUID: 00000000-00003252]\n "_EA3C22C9-B343-11ED-86D0-080027B04019_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003252]\n "ON787GXF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ON787GXF.txt]- [targetUID: 00000000-00003288]\n "~DF4D16A5EC17797CE2.TMP" has type "data"- Location: [%TEMP%\\~DF4D16A5EC17797CE2.TMP]- [targetUID: 00000000-00003288]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "~DF588E681904B5B177.TMP" has type "data"- Location: [%TEMP%\\~DF588E681904B5B177.TMP]- [targetUID: 00000000-00003288]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF008C5F40344F1497.TMP" has type "data"- Location: [%TEMP%\\~DF008C5F40344F1497.TMP]- [targetUID: 00000000-00003288]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFE9F091C92DFD6BB6.TMP" has type "data"- Location: [%TEMP%\\~DFE9F091C92DFD6BB6.TMP]- [targetUID: 00000000-00003288]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /netflix-clone/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "Xn6w[b(mM.ibC*I]_`W#^aW{OCJrl`XTyxdSf`Sz <4\'%aB3.g^bLC9\'2as0 Pl:h0\nL*!dI,}t0}R~e0z&Q=5aBfE"T/%Ai2KWDz:y$Q={bcP9]k6PA8@39p%":}?t8jP*XsJu(r-m;+ch\\n&en}HCWTh#,z)0)HAyxt (k&$no/yLAW2G"otCz\n3/j+bGH1ca\n}z2*LjJ!p`XNZZH1\n2Y\\H)v+T@\nPe9(?mqHdX)fY@)DaPeHzSF#!6@h/0e4oTd{6$"a[I!tSQztYh){Z:yCFsS;\\^w$Q2$qq@+\\\nF0F)Z(XcHC|k31s`rBtl6W~ic<4:~BVJ89R7>YhT3rSi$X{8;i@.ZN\nOX\nPUPJFtg^DP;$8{J+6lU\'{ \n L,vm:X-N\nIdp!1+kZ"Mod&!&QnL4^3$O>8~GJ#l{"rqFbiT<S8K)\nY&+F9|EZq6zP_5|2p-B.X0NxoOB3Q5Kc:(e=tE@gw.W,MA?=UfvvEEw`|>lH~d Q~}#(?:[Hrg76=<FN:J"\n "\\#/2:\nM<`PpMb@X\njW`>8RMM.#u&ReR>y(p/:K}5TkLP~w,_Z=\'8Ja"\n "GET /netflix-clone/index.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/everywhere.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/tv.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/downld3.jpg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/logo.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/children.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 404 Not Found\nConnection: keep-alive\nContent-Length: 5232\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nAccess-Control-Allow-Origin: *\nStrict-Transport-Security: max-age=31556952\nETag: W/"63cf03be-247b"\nContent-Security-Policy: default-src \'none\'; style-src \'unsafe-inline\'; img-src data:; connect-src \'self\'\nContent-Encoding: gzip\nx-proxy-cache: MISS\nX-GitHub-Request-Id: 5F64:8DF5:4D81F1:5884D2:63F71517\nAccept-Ranges: bytes\nDate: Thu, 23 Feb 2023 07:26:15 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10065-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1677137176.573391,VS0,VE94\nVary: Accept-Encoding\nX-Fastly-Request-ID: f815dbc20e1e52230481a13ae73100d729d2dc9a"\n "zWHr~$C\n0#P~mN4A!4\nPU\nU6TZ} ~*0?uozx6yZEOdU]}#c]>,d.Zn_WX9y2e"LDo}R.enxUuqWQ?$O}%Ib\nxYxK==GMt_V:#?TA1tx>U^._VObR!/._V}P}w_f\nE\nYw_WSA`yt_?@l#!os7/Ys{-I3?qMDm/]RX^&y]P&o((~<r=}\n0j/M>fS+eOC4]Y~%!F:W@y8>?W6u!y!ADIYaS?\'M|xlC~Ya//zMU2/@`\'<J|N#cs\\!=|?].r|B6u;"?qgS>9DQ{X\'w=QoGf:H7uA/Rx[UT}N2ytMS)zz;jee\nltx!q8_M? ?YE(*Yuk3;a\'_ki/\\ \n&_\'/`uP>(B<flS[}`\nM1W)s-jEAT--j*2U5[\' "R>7@g%O=%ekH><XXRAW56y\nn la5`^{(#h*|d\nO/CiA}A)T||/?\nr~=K=|Oz/mUP/D;`e64v\n#{Rwc`w2W4`GCW}G.=$", ",l!]~DzqLCLqp3swtG&urBvHv-q3!!eda2&qKbJ5S)"\\BT.%!mBs-Hq,q<[T+Ys\n/t*oO|hOyGEs[ZGw{BwzQ}S:."JCysfw->K6z~7J\n*e;>bt@4kn*J9_m}.<#<GIU"M5FO!\n0w~X#/Xs\nk9,Qn!*j;jxs\\BLoLe%N:;0jUkY0qSA5B?U.R-x/jO6Y=\nk\\|eg"zFjZ2cr:o1l1PG@.1~1##P}NxuS2&;dK\\#lAkB6yNwD :-JD7-*B(MN()J8]S_{EIs<\'YOjlJd4\n)v?#[\'pKJFvy {R/0\'GWI>\nm#R>n[aly*F^ATS#lwNs!Q)p^=y&b{S6H8o\na%sWL1=h\nr48|NC\nt/Y+Uh\\<eHDyquEu}2.V;Mp%#s)dI\nQsA(-X9^kH/j$2l.iQ37#{ncu\nuW#:AXf`8KPn,\'Nv&|>EW}Qt(w{2nn3!19|/)p^hVHD"}"\\SA?x[c(I+c|7.1XmQ""r%W]3gagdKE^2J>/,aqF\\_}{5\'KER`~Is185.199.110.153
2023-05-12 02:44:23Co-Hosted SiteNoSSL Certificate Analyzer0020Nonewww.github.com185.199.109.153
2023-05-12 03:31:29Affiliate - Email AddressNoE-Mail Address Extractor0050None09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.netDomain Name: scoop.sh Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS Registrar WHOIS Server: whois.gandi.net Registrar URL: https://www.gandi.net Updated Date: 2022-05-25T08:13:34Z Creation Date: 2013-06-20T11:02:06Z Registry Expiry Date: 2023-06-20T11:02:06Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: QLD Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: ns-1530.awsdns-63.org Name Server: ns-604.awsdns-11.net Name Server: ns-308.awsdns-38.com Name Server: ns-1776.awsdns-30.co.uk DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain Name: scoop.sh Registry Domain ID: UNDEF-ROID Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2023-04-21T08:07:40Z Creation Date: 2013-06-20T09:02:06Z Registrar Registration Expiration Date: 2023-06-20T11:02:06Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Name Server: NS-604.AWSDNS-11.NET Name Server: NS-1776.AWSDNS-30.CO.UK Name Server: NS-308.AWSDNS-38.COM Name Server: NS-1530.AWSDNS-63.ORG Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/
2023-05-12 02:54:15Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8nwapi2.battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonekhome2 (Net ID: 00:00:94:CC:A7:CF)52.3759, 4.8975
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneGURTOPLAR (Net ID: 00:14:C1:27:91:4C)40.2024, 29.0398
2023-05-12 02:53:39Open TCP PortNoCensys0020None185.199.108.153:443185.199.108.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonem31 (Net ID: 00:02:2D:21:9A:0A)37.7642, -122.3993
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.6834.74.170.74
2023-05-12 03:23:17Open TCP PortNoPulsedive0030None188.114.96.4:8443188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None4ffa2f (Net ID: 00:02:2D:4F:FA:2F)37.7642, -122.3993
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00saadchaudhry.github.io185.199.111.153
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider3020Nonehttp://nuke.battleb0t.xyz/nuke.battleb0t.xyz
2023-05-12 02:52:19Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kill3r14.github.io/netflixClone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "IsoScope_f2c_IE_EarlyTabStart_0xd78_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.132.15:443"\n "172.96.160.222:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "kill3r14.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "urlref_httpskill3r14.github.ionetflixClone")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3C94.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3B75.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3BD5.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3CE3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3CF4.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3C16.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3C16.tmp]- [targetUID: 00000000-00001572]\n "Cab3BB5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3BB5.tmp]- [targetUID: 00000000-00001572]\n "Cab3B74.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3B74.tmp]- [targetUID: 00000000-00001572]\n "Cab3CE4.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3CE4.tmp]- [targetUID: 00000000-00001572]\n "Cab3C05.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3C05.tmp]- [targetUID: 00000000-00001572]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001572]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df540573ec48d9f88e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{2d5aca35-ebdf-11ed-accb-080027f0ed28}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df04e7119e6d22551d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{2d5aca37-ebdf-11ed-accb-080027f0ed28}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{2d5aca35-ebdf-11ed-accb-080027f0ed28}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df540573ec48d9f88e.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar3C94.tmp" has type "data"- Location: [%TEMP%\\Tar3C94.tmp]- [targetUID: 00000000-00001572]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab3C16.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3C16.tmp]- [targetUID: 00000000-00001572]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003884]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF540573EC48D9F88E.TMP" has type "data"- Location: [%TEMP%\\~DF540573EC48D9F88E.TMP]- [targetUID: 00000000-00003884]\n "~DFBBE88F7BDB090BEA.TMP" has type "data"- Location: [%TEMP%\\~DFBBE88F7BDB090BEA.TMP]-185.199.108.153
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Noneply.gg185.199.108.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None101 (Net ID: 00:01:03:7B:E0:44)37.7813933,-122.3918002
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.248): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:45:04Physical LocationNoipapi.co0020NoneSan Francisco, California, CA, United States, US2606:50c0:8000::153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:53:10:73)33.6170672,-111.90564645297056
2023-05-12 02:59:59Affiliate - Email AddressNoE-Mail Address Extractor0030Nonegit@github.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000
2023-05-12 02:56:53Internet NameNoDNS Resolver0040Nonevscode.battleb0t.xyz[{"url": "https://vscode.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://vscode.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 03:00:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.47): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5c5df87c1e1957-FRA Content-Encoding: gzip 172.67.135.9
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Nonezlib@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan11 (Net ID: 00:02:6F:04:8F:04)37.7642, -122.3993
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonecpcalendars.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050Nonegiters (Category: coding) https://giters.com/AltpapierAltpapier
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneNETGEAR (Net ID: 00:09:5B:6A:9E:4C)39.0469, -77.4903
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-oo2.github.io185.199.111.153
2023-05-12 03:14:48Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.www.ayhu.xyz
2023-05-12 03:09:03Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10587.248.157.102
2023-05-12 02:45:07Physical LocationNoipapi.co0020NoneSan Francisco, California, CA, United States, US2606:50c0:8001::153
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00tau.github.io] https://www.openphish.com/feed.txt00tau.github.io
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonecodementor (Category: coding) https://www.codementor.io/@loginlogin
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020Nonescratch (Category: coding) https://scratch.mit.edu/users/patrickpogoda/patrickpogoda
2023-05-12 02:53:10Web TechnologyNoTool - WAFW00F0030NoneNone Nonevscode.battleb0t.xyz
2023-05-12 02:59:53Affiliate - Email AddressNoE-Mail Address Extractor0030Nonebanksean@gmail.com[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://g.width/386,g.getcontext(m', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://maskwallets.xyz/forms/v2.js', u'type': u'visited', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://maskwallets.xyz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3252"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_cb4_IESQMMUTEX_0_519"\n "IsoScope_cb4_ConnHashTable<3252>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cb4_IESQMMUTEX_0_303"\n "IsoScope_cb4_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_cb4_IE_EarlyTabStart_0xb2c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.125:80"\n "172.217.164.106:443"\n "142.251.46.234:80"\n "142.250.189.163:80"\n "43.251.41.15:443"\n "104.17.211.243:443"\n "142.251.214.132:443"\n "142.251.32.35:443"\n "104.17.212.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "142.250.189.163:443"\n "185.199.110.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"maskwallets.xyz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: maskwallets.xyz\nDNT: 1\nConnection: Keep-Alive\nCookie: _ga=GA1.2.1689897167.1682546284; _gid=GA1.2.304489594.1682546284; _gat_gtag_UA_37075177_6=1; LPVID=EwOTcwNTgwYTNiMjZiNTE2; LPSID-88982875=upHQCJz-TiCz5i-z2-4hWg"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "maskwallets.xyz"\n "metamask.io"\n "perf.hsforms.com"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 300x300 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab4009.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab4009.tmp]- [targetUID: 00000000-00003016]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 dat
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneRPOWER1 (Net ID: 00:02:6F:B3:3B:A8)33.6170672,-111.90564645297056
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5d0de95ea502c0-ORD Content-Encoding: gzip 188.114.97.1
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneSteam (Category: gaming) https://steamcommunity.com/id/battleb0tbattleb0t
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneUnited Statesondigitalocean.com
2023-05-12 02:50:16Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:54:05 2023 GMT Not After : Apr 27 17:54:04 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67: cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd: e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8: eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c: 24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb: 60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb: c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68: 44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3: 2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18: 80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e: 56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de: 27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef: 5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32: a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36: 4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68: 6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20: a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68: 7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52: c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db: 33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee: 82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb: 57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73: d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43: a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7: 6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e: 2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81: d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b: 69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92: c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b: 3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6: ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd: f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5: 32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78: 94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4: ad:de:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 15:ef:a6:fd:ef:21:53:78:53:f6:e6:7d:e0:a9:be:9a:f4:2a: f3:6b:f8:45:b0:1e:92:39:ea:7f:20:4e:9d:7e:15:34:36:61: 5c:46:2f:03:80:59:84:da:ef:66:78:da:e7:b0:f0:dc:e6:6a: c6:b2:06:d7:47:db:11:48:d1:1f:c9:fd:2b:78:20:9d:86:11: 3b:e4:51:10:b8:54:d7:6e:6f:db:ce:56:14:fa:f5:79:05:a8: 02:0b:cb:0a:18:31:3a:e9:dd:4b:c7:d7:53:e4:2f:bc:37:98: 11:c7:a5:55:7f:64:7e:ee:5a:1d:86:0e:38:0c:bd:8e:2a:bd: 3e:16:9b:63:5f:9f:06:9d:58:f3:3d:71:94:e6:c1:49:68:5e: 41:22:f6:d4:2e:f7:b9:62:b8:3b:2f:c1:c6:66:8c:a7:82:e0: 40:ef:66:13:cd:53:80:bc:ca:bc:49:c0:67:81:c8:1d:d8:f5: 37:5a:da:e3:56:36:cd:fd:cb:00:ce:97:33:4d:b7:29:cd:90: 4e:43:37:62:d7:92:39:fa:36:a2:59:0a:4f:35:fa:8e:5a:01: 29:c9:4e:6f:ae:1d:31:a2:f5:71:7f:a1:e1:58:17:ea:74:b0: 26:53:2b:a4:97:e8:9a:a1:10:a9:a5:e1:7b:21:18:15:30:ae: dd:15:ba:8d
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneGitHub (Category: coding) https://github.com/battleb0tbattleb0t
2023-05-12 03:08:49Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11335.229.48.116
2023-05-12 03:09:34Affiliate - Internet NameNoDNS Resolver0040None213.30.196.104.bc.googleusercontent.com104.196.30.213
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:0E:F4:FC)33.617190550339146,-111.90827887019054
2023-05-12 03:37:29Malicious IP AddressYesMetaDefender0130Nonewebroot.com [207.154.228.169]207.154.228.169
2023-05-12 03:41:36Raw Data from RIRsNoAbstractAPI0030None{u'city': u'Eygelshoven', u'security': {u'is_vpn': False}, u'city_geoname_id': 2756285, u'region_geoname_id': 2751596, u'country': u'Netherlands', u'region': u'Limburg', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'SYNLINQ', u'isp_name': u'CSH LLC', u'organization_name': u'CSH', u'autonomous_system_number': 44486}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/NL_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/NL_flag.png', u'unicode': u'U+1F1F3 U+1F1F1', u'emoji': u'\U0001f1f3\U0001f1f1'}, u'postal_code': u'6471', u'longitude': 6.0563, u'country_code': u'NL', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Amsterdam', u'current_time': u'05:41:35'}, u'latitude': 50.8897, u'country_geoname_id': 2750405, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'45.131.109.53', u'continent': u'Europe', u'region_iso_code': u'LI'}45.131.109.53
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:AA:A0:63:98)41.8781, -87.6298
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/nwp.PNGhttps://funny.battleb0t.xyz/
2023-05-12 03:24:22Web ContentNoWeb Spider2040None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5eeb1a42bf')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="OwKUCDNMgBcJHVKY8nwcXEP4QH6PT2kVm2HBGkp44qM-1683861862-0-AWLoc992boZljuKuI-OBA8JKemVnVUC1OpOL5WA6H__Iq90123kv27raPeBnAM1gG8-u_GUHUIjkNRARNHi-eimNvmJ4rPPxMkUV2QmYUEqMIZBr0A65Rs8LmsZu82c9s9x6llue0RdEW_caMvviu63PT1rv_bBKXMf1rHRuL651jz2WFzUdCtMQpW6Egz9tRVRjq5p5DSqDh55BkcMfXifbvXVDgCJtfVyuppJGXIw1O3dWJT8pln-UY4GtVbRsMFPevbWJODfBaMma6BpIVfB3OcO1PwoUlljtOyyIFegfArGbCDdTMuWW7MTLDlShBnu-Lhu5vOc-Ud28hWS6Af2dBCBcHh5XGl_1kuftIN3x2Yrz1OgV60xO0_Ft4cvMx22_Xbt7KQegGiYk7J4oDHrBq-69T02ReScczZXd4TQyXoU9qHcKZvKsNQmpV8fSqGGhR6xiFbU8_QFDTT8jXa5OZWcXPnNRfc6AD50gDy5Q6ftPGx8ku1bIa-BYJl0tEjfjvdrLmpKOgvt9HqryqBGQGW4sUnihX9ydJUDsex46ckUHkCXeufqZn5AD6MtN5oYFRHHhtjXnJcAp8WeElzI07rPkFj51H8EcsL4wD4_j8spF714slOYp5I3UNmZcpEY7hPbC_UrXxeNbe8Vb8W4O-5IvI2tAlXSs551O3aDHuLsWbsArUO69cE4cxnurB8E2VDklGwp0UjIA1ZbCcpeAqz4V9q7Rwf-aIp9UCsMIdDd03vJdv4BEy-C0uG1-hj0OttJBemux1PqA1Oxh9yKktn6NkFswTsNgRXA8FQdJPB55BpT7hX34f--63YYznOGOdwPnDQcV50l_KNiuyd5iXvh6Ql-Y6gEkavuOPF7ZE9H3PdFRCjRHpQfMmVGrr33gOKExrD-4XicoHlXnlplsncZhnYm0eFVn58vM-kJzFzoAYzJQ6LHPK-rLwUXHzdM6AMR_OdpTBapGpYQut19xKMEhf7XFlJB3i5IvPoLlbKbnM6DASBEm9gloHgHGhLjyH1D86MFl7dLmOy7HXf9Dt59vLXRTySh361-MOVviaFEilkvPgOfzGNeoCglzenOA29aR5-LvniWcnxwdMx19GiPvWq5dL0FsY-IaI8C318jSGkDd19eYdtZYb5Trduu1XD0QykyRaGCiXFCKXs9qPoDsrChJMKxRJKG6txIjwI-hz9vzBTixzmEz31H_03qyn6xl9MHLNpR4uoY5ttVTXocR7hDlDoTIHoxw4bmwvZZns-g2xlnvOFfDm6Z3ymoAiBTVXb9UI0-FgG-KNuyY4Y49oFMfBVNbHXGX0NQ7nC0zQXw0LMG69KhyLsZAbvBSEmnEAy81l38C-eHlDjsSlcF_pEqbs8b24FlZ_Ycg5qR-qEhQLJ_IivsUFKo4fWdGLbL7vtldXPDD9ikL5U_HiqKqxo8b-MjuggAlbaMrnYqciKkrFAYhtlSn6vG0BcwQbEZVsrKxnf1U5iCKBIDK1cXcJ7qxw6FoFlpbsT9cf9V-SFcvkbQR4ynJNaf1tfeZ6cTUfprkZy8GusVJdlQcoHnz3EkTZyvTp96y0si0IlMRhE1eqk8AoDep7FzFKBEGzL7gDQU2Jn1nwjFLKXoqiHtb5T9bBlt5hhj_Ci6kEYTQdRQGW8cTzRzMqPyN66hhKyLGLcgc7GZethYHaIwxFGmc_-FTVSTksGANC23y4Y0EQ958se1s8VzeS_g_Q7AoqHmpjBZ2xnQukuWvbqKS_jTYtZPUwascKOCTAnovpYgH8wEPiBeTBcqYmCRQUV1WQ5Sl2pAf4AfP3RpDCeUM9RYjWn8EtaTb5Bhr_k9830NT-b8RF7puAAgLTTKA4q6e5vn2ewBbnV7XJ0GouaXcDgkRUitPYbV97TyYXMDG5jrsoDMwKExF3yfQ65a4HURQJ3I0-2cN6cUG-Y-wfJ_ULyEJZKHCJ0AAHYnUol27xezw1EIch91oOc2hzP8yiIMXI8T3Yo-aupeX9LKThZP5WSadqXIdAKdNvRnbMtEuMzDmhmp29m0ybwuinUP8O7RYb7j1B42foptRV6LcZaaB7GxtNFE6cbYJEgKR3EVXJ9v1X1LNujPJ_2-MknLO1BAr44SCZq4n5UiQqguKB0ip0JOSrV9oOqb3mxkBI20TA2suDdWcUUiDjuemwe_R_SFef-VIvq4m-JFV_iinHTfs5xSvQj_DV9QpslncdUm4d3a4BDcKZYMI_YaNhT37IZDWJKLAZUX_a4_bgw8NO47VSFunBOSL4CABnjTz1vyLJql2e3xxqjgafM7I6m59nuymQeY8F1qvaKmYyA1bIjmlBpJjIy-YvbCvFy0xRzKQttdY1KMKqJpm2hMaWno-PDyzEL6Hdcvve0j1uskEzjTLP_kK22Nhie7r9a88EK-EJpd4ugQ4u7t-kbsifC-M0rVW6p8dFHSbqa0iaKw84zeu6BHIQYJpq8ZELQZOExGCyk3QdEEKgtXofElfaYiQeb5hxWCA9mTHgbKSVuU6D2o"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '2801', cRay: '7c5f8c5eeb1a42bf', cHash: '66932cb8b087b32', cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'bBrUwSR1j4q+jiK831F3uz4Yhp8vDXUt4BefqtjwDOM1gm//5501ZpnQ7c811CiMG7EvRE/6yKWzdSdEgeqlKrPobmKgPq4s4sf5keh0JSpRTFqyThcJtJJr1NWRsfypsHrBAC+XbLByIcYvWD8TmKM3Lhv7t6zi6igSlfKXyW90iyZVyqiH832ebLGiO/GSvvShgl1OfVaUjymgCjY8n2bwTQnz1bukp+HAMcsu1wZ3PK1kdPfO+f6tcNFOs2NyMVJRmQfONHTCt2nKiRK6ouj1Q6Ih203tDYZ5b0WmDfvIz7g3fRTkgLvOxApauVZZ+Pn/FqSlbbEuJ5Y0aM2tvO/8QCq5RpbNSQjdvneQgssTK9l1UKSvRFVWE5iKT4EQV1PBMPxYDBJ+CvYrUHSFx9P+yC9YQqnfqdmyJ9FgXN/PhzJhVNTNCuoNVqV31Wu1Q5EP48PNidXTO4PmCrJKW8p3kSzZx/9Yl/8dCnD9smPeVcx5F6nXmnXOfIJiYKRBRZ58nvyXlIirQZyiZSy0uk2tqc5S71/Aw3pbF23wUkCK/NSr0bVfW1AY4v9YGH9L', t: 'MTY4Mzg2MTg2Mi4yMjQwMDA=', m: 'kADszgADVaHA/mRyw7h+MKSs6RoLc0QTNBq8+AYYMs8=', i1: 'q0RPvxk//GqHpe4FgiHvYg==', i2: 'CV688EYHriA2UWvDyWxv3g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5eeb1a42bf'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5eeb1a42bf'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneTotalWar (Category: gaming) https://forums.totalwar.com/profile/loginlogin
2023-05-12 03:09:48Affiliate - Internet NameNoDNS Resolver0040None75.170.74.34.bc.googleusercontent.com34.74.170.75
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonegclabc (Net ID: 00:0B:86:22:0F:31)33.617190550339146,-111.90827887019054
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 02:44:24Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCN=kekw.battleb0t.xyz
2023-05-12 03:43:57URL (Form)NoPage Information0050Nonehttps://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5eeb1a42bf')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="OwKUCDNMgBcJHVKY8nwcXEP4QH6PT2kVm2HBGkp44qM-1683861862-0-AWLoc992boZljuKuI-OBA8JKemVnVUC1OpOL5WA6H__Iq90123kv27raPeBnAM1gG8-u_GUHUIjkNRARNHi-eimNvmJ4rPPxMkUV2QmYUEqMIZBr0A65Rs8LmsZu82c9s9x6llue0RdEW_caMvviu63PT1rv_bBKXMf1rHRuL651jz2WFzUdCtMQpW6Egz9tRVRjq5p5DSqDh55BkcMfXifbvXVDgCJtfVyuppJGXIw1O3dWJT8pln-UY4GtVbRsMFPevbWJODfBaMma6BpIVfB3OcO1PwoUlljtOyyIFegfArGbCDdTMuWW7MTLDlShBnu-Lhu5vOc-Ud28hWS6Af2dBCBcHh5XGl_1kuftIN3x2Yrz1OgV60xO0_Ft4cvMx22_Xbt7KQegGiYk7J4oDHrBq-69T02ReScczZXd4TQyXoU9qHcKZvKsNQmpV8fSqGGhR6xiFbU8_QFDTT8jXa5OZWcXPnNRfc6AD50gDy5Q6ftPGx8ku1bIa-BYJl0tEjfjvdrLmpKOgvt9HqryqBGQGW4sUnihX9ydJUDsex46ckUHkCXeufqZn5AD6MtN5oYFRHHhtjXnJcAp8WeElzI07rPkFj51H8EcsL4wD4_j8spF714slOYp5I3UNmZcpEY7hPbC_UrXxeNbe8Vb8W4O-5IvI2tAlXSs551O3aDHuLsWbsArUO69cE4cxnurB8E2VDklGwp0UjIA1ZbCcpeAqz4V9q7Rwf-aIp9UCsMIdDd03vJdv4BEy-C0uG1-hj0OttJBemux1PqA1Oxh9yKktn6NkFswTsNgRXA8FQdJPB55BpT7hX34f--63YYznOGOdwPnDQcV50l_KNiuyd5iXvh6Ql-Y6gEkavuOPF7ZE9H3PdFRCjRHpQfMmVGrr33gOKExrD-4XicoHlXnlplsncZhnYm0eFVn58vM-kJzFzoAYzJQ6LHPK-rLwUXHzdM6AMR_OdpTBapGpYQut19xKMEhf7XFlJB3i5IvPoLlbKbnM6DASBEm9gloHgHGhLjyH1D86MFl7dLmOy7HXf9Dt59vLXRTySh361-MOVviaFEilkvPgOfzGNeoCglzenOA29aR5-LvniWcnxwdMx19GiPvWq5dL0FsY-IaI8C318jSGkDd19eYdtZYb5Trduu1XD0QykyRaGCiXFCKXs9qPoDsrChJMKxRJKG6txIjwI-hz9vzBTixzmEz31H_03qyn6xl9MHLNpR4uoY5ttVTXocR7hDlDoTIHoxw4bmwvZZns-g2xlnvOFfDm6Z3ymoAiBTVXb9UI0-FgG-KNuyY4Y49oFMfBVNbHXGX0NQ7nC0zQXw0LMG69KhyLsZAbvBSEmnEAy81l38C-eHlDjsSlcF_pEqbs8b24FlZ_Ycg5qR-qEhQLJ_IivsUFKo4fWdGLbL7vtldXPDD9ikL5U_HiqKqxo8b-MjuggAlbaMrnYqciKkrFAYhtlSn6vG0BcwQbEZVsrKxnf1U5iCKBIDK1cXcJ7qxw6FoFlpbsT9cf9V-SFcvkbQR4ynJNaf1tfeZ6cTUfprkZy8GusVJdlQcoHnz3EkTZyvTp96y0si0IlMRhE1eqk8AoDep7FzFKBEGzL7gDQU2Jn1nwjFLKXoqiHtb5T9bBlt5hhj_Ci6kEYTQdRQGW8cTzRzMqPyN66hhKyLGLcgc7GZethYHaIwxFGmc_-FTVSTksGANC23y4Y0EQ958se1s8VzeS_g_Q7AoqHmpjBZ2xnQukuWvbqKS_jTYtZPUwascKOCTAnovpYgH8wEPiBeTBcqYmCRQUV1WQ5Sl2pAf4AfP3RpDCeUM9RYjWn8EtaTb5Bhr_k9830NT-b8RF7puAAgLTTKA4q6e5vn2ewBbnV7XJ0GouaXcDgkRUitPYbV97TyYXMDG5jrsoDMwKExF3yfQ65a4HURQJ3I0-2cN6cUG-Y-wfJ_ULyEJZKHCJ0AAHYnUol27xezw1EIch91oOc2hzP8yiIMXI8T3Yo-aupeX9LKThZP5WSadqXIdAKdNvRnbMtEuMzDmhmp29m0ybwuinUP8O7RYb7j1B42foptRV6LcZaaB7GxtNFE6cbYJEgKR3EVXJ9v1X1LNujPJ_2-MknLO1BAr44SCZq4n5UiQqguKB0ip0JOSrV9oOqb3mxkBI20TA2suDdWcUUiDjuemwe_R_SFef-VIvq4m-JFV_iinHTfs5xSvQj_DV9QpslncdUm4d3a4BDcKZYMI_YaNhT37IZDWJKLAZUX_a4_bgw8NO47VSFunBOSL4CABnjTz1vyLJql2e3xxqjgafM7I6m59nuymQeY8F1qvaKmYyA1bIjmlBpJjIy-YvbCvFy0xRzKQttdY1KMKqJpm2hMaWno-PDyzEL6Hdcvve0j1uskEzjTLP_kK22Nhie7r9a88EK-EJpd4ugQ4u7t-kbsifC-M0rVW6p8dFHSbqa0iaKw84zeu6BHIQYJpq8ZELQZOExGCyk3QdEEKgtXofElfaYiQeb5hxWCA9mTHgbKSVuU6D2o"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '2801', cRay: '7c5f8c5eeb1a42bf', cHash: '66932cb8b087b32', cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'bBrUwSR1j4q+jiK831F3uz4Yhp8vDXUt4BefqtjwDOM1gm//5501ZpnQ7c811CiMG7EvRE/6yKWzdSdEgeqlKrPobmKgPq4s4sf5keh0JSpRTFqyThcJtJJr1NWRsfypsHrBAC+XbLByIcYvWD8TmKM3Lhv7t6zi6igSlfKXyW90iyZVyqiH832ebLGiO/GSvvShgl1OfVaUjymgCjY8n2bwTQnz1bukp+HAMcsu1wZ3PK1kdPfO+f6tcNFOs2NyMVJRmQfONHTCt2nKiRK6ouj1Q6Ih203tDYZ5b0WmDfvIz7g3fRTkgLvOxApauVZZ+Pn/FqSlbbEuJ5Y0aM2tvO/8QCq5RpbNSQjdvneQgssTK9l1UKSvRFVWE5iKT4EQV1PBMPxYDBJ+CvYrUHSFx9P+yC9YQqnfqdmyJ9FgXN/PhzJhVNTNCuoNVqV31Wu1Q5EP48PNidXTO4PmCrJKW8p3kSzZx/9Yl/8dCnD9smPeVcx5F6nXmnXOfIJiYKRBRZ58nvyXlIirQZyiZSy0uk2tqc5S71/Aw3pbF23wUkCK/NSr0bVfW1AY4v9YGH9L', t: 'MTY4Mzg2MTg2Mi4yMjQwMDA=', m: 'kADszgADVaHA/mRyw7h+MKSs6RoLc0QTNBq8+AYYMs8=', i1: 'q0RPvxk//GqHpe4FgiHvYg==', i2: 'CV688EYHriA2UWvDyWxv3g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5eeb1a42bf'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5eeb1a42bf'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonejack (Net ID: 00:02:6F:66:E7:97)33.336199,-111.89446440830702
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:06:41:8A)52.3759, 4.8975
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.53): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:13HTTP Status CodeNoWeb Spider0030None200https://battleb0t.xyz/./src/style.css?4
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:EB:4A:C2)37.7642, -122.3993
2023-05-12 03:00:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.8): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:16Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.142): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:39Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 17, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7644:120:WilError_01"\n "Local\\SM0:6860:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:6860:120:WilError_01"\n "SM0:6860:120:WilError_01"\n "Local\\SM0:7644:304:WilStaging_02"\n "Local\\SM0:7644:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:7644:304:WilStaging_02"\n "SM0:7644:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7644:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7644:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7644:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"llink.to"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5144be6e-1fb5-4ccf-a6bb-97994802abee.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5144be6e-1fb5-4ccf-a6bb-97994802abee.tmp]- [targetUID: 00000000-00007644]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7644_944314722\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007644]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00007644]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.fingerprint]- [targetUID: 00000000-00007644]\n "86ed2985-a38b-4024-8ad5-44fad2c266c2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\86ed2985-a38b-4024-8ad5-44fad2c266c2.tmp]- [targetUID: 00000000-00007644]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007644]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007644]\n "f07ca44d-1df1-4eb1-be1f-67e2d74964d3.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 25822"- [targetUID: N/A]\n "f76618b8-551d-4dd4-a273-f8a4439756ce.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f76618b8-551d-4dd4-a273-f8a4439756ce.tmp]- [targetUID: 00000000-00007644]\n "regex_patterns.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\regex_patterns.json]- [targetUID: 00000000-00007644]\n "6a1e5492-4008-43f5-94ff-1f30706f466e.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\6a1e5492-4008-43f5-94ff-1f30706f466e.tmp]- [targetUID: 00000000-00007644]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\7644_944314722\\shopping_fre.html]- [targetUID: 00000000-00007644]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00004528]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007644]\n "f34135bd94e6cca1_0" has type "data"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7644_1291673391\\Filtering Rules-AA]- [targetUID: 00000000-00007644]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007644]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.json]- [targetUID: 00000000-00007644]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00007644]\n "72efc0b5-8895-4c58-ba16-c7f0a9a5987d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\72efc0b5-8895-4c58-ba16-c7f0a9a5987d.tmp]- [targetUID: 00000000-00007644]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://llink.to/"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "Math.PI/180"\n Pattern match: "https://llink.to"\n Heuristic match: "llink.to"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuristic match: "geoiptool.com"\n Heuristic match: "getmyip.co.uk"\n Heuristic match: "getmyip.org"\n Heuristic match: "icanhazip.com"\n Heuristic match: "ifconfig.me"\n Heuristic match: "ip-addr.es"\n Heuristic match: "ip-address.domaintools.com"\n Heuristic match: "ip-api.com"\n Heuristic match: "ip-score.com"\n Heuristic match: "ip.jsontest.com"\n Heuristic match: "ip.xss.ru"\n Heuristic match: "ip4.telize.com"\n Heuristic match: "ipchicken.com"\n Heuristic match: "ipecho.net"\n Heuristic match: "ipinfo.info"\n Heuristic match: "ipinfo.io"\n Heuristic match: "ipleak.net"\n Heuristic match: "ipligence.com"\n Heuristic match: "knowmyip.com"\n Heuristic match: "maxmind.com"\n Heuristic match: "meineipadresse.de"\n Heuristic match: "myexternalip.com"\n Heuristic match: "myip.dnsomatic.com"\n Heuristic match: "myip.ht"\n Heuristic match: "myip.nl"\n Heuristic match: "myip.opendns.com"\n Heuristic match: "myipaddress.com"\n Heuristic match: "queryip.net"\n Heuristic match: "showmyip.com"\n Heuristic match: "showmyipaddress.com"\n Heuristic match: "tracemyip.org"\n Heuristic match: "whatismyip.akamai.com"\n Heuristic match: "whatismyip.ca"\n Heuristic match: "whatismyip.com"\n Heuristic match: "whatismyip.everdot.org"\n Heuristic match: "whatismyipaddress.com"\n Heuristic match: "whatsmyip.net"\n Heuristic match: "whatsmyip.org"\n Heuristic match: "whatsmyipaddress.org"\n Heuristic match: "whatsmypublicip.com"\n Heuristic match: "wtfismyip.com"\n Heuristic match: "hispeed.ch"\n Heuristic match: "link.to"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.4" found in string ""version": "3185.199.109.153
2023-05-12 03:18:06Externally Hosted JavascriptNoPage Information0030Nonehttps://use.fontawesome.com/9dfc16ed6b.js<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 02:49:55SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:32:07 2022 GMT Not After : Mar 27 01:32:06 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 33:08:c1:7e:b3:24:8e:6e:4d:f7:51:42:26:15:9a:55:38:a0: 00:54:bb:bf:aa:57:22:d3:f8:51:d0:9b:b6:f7:48:0e:01:fc: 20:eb:f8:09:fe:e5:12:c5:27:1a:bc:14:2c:c8:47:50:c4:fe: 3b:82:e2:94:1e:ea:46:71:f7:de:cb:93:8d:d3:d6:0e:2f:57: cf:7c:ae:9d:b7:80:a0:8c:70:81:89:7b:49:c0:84:74:4f:69: 72:bc:41:cd:36:95:5b:ed:7b:a9:03:f4:8f:4c:84:5d:66:e9: 62:45:a8:88:57:2d:42:3b:84:55:29:dc:10:ee:9a:ff:95:59: 7c:96:dc:e9:0f:e7:15:2b:2e:77:02:54:6b:c0:2f:7c:2a:2b: db:82:1c:6f:b4:a2:5b:f7:1a:91:dc:f4:e2:0e:55:aa:62:5d: ea:10:a0:10:94:4c:43:5d:24:37:b8:7d:e2:3c:f4:71:74:02: 76:90:40:10:c2:a1:be:28:fb:60:72:80:4c:c5:16:2d:8f:d6: 56:41:19:5e:15:ac:ce:da:7c:e0:18:25:f8:1f:66:f3:f8:f8: 6e:35:dd:10:1a:29:03:23:f7:24:0b:53:2d:1f:94:96:bc:7f: 53:53:c0:38:4a:f1:89:9a:26:af:b7:ac:c3:a2:4f:e2:bf:5c: 17:23:7a:07 battleb0t.xyz
2023-05-12 03:11:16Physical LocationNoAbstractAPI0020NoneLondon, England, W1B, United States, North America2a06:98c1:3120::1
2023-05-12 03:11:42Vulnerability - CVE MediumYesTool - testssl.sh0130NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.panel.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneTOMTSSID (Net ID: 00:02:2D:76:6D:60)50.1188, 8.6843
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter0010NoneCN=battleb0t.xyzbattleb0t.xyz
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5ad40179b8e20f-ORD Content-Encoding: gzip 172.67.168.252
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.155): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:50:16Malicious IP AddressYesVirusTotal0120NoneVirusTotal [185.199.108.153] https://www.virustotal.com/en/ip-address/185.199.108.153/information/185.199.108.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonepannet-24 (Net ID: 00:01:8E:DA:59:C4)37.7813933,-122.3918002
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None218 5 (Net ID: 00:01:9F:34:7C:1C)34.0544, -118.244
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneSprint Drive (Net ID: 00:0A:F5:F9:D9:E8)33.617190550339146,-111.90827887019054
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneDaltonInt (Net ID: 00:0A:04:99:14:E2)33.6170672,-111.90564645297056
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneConnectionPoint (Net ID: 00:01:E3:4A:D6:05)52.3759, 4.8975
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.107): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:55:11Software UsedYesCensys0020NoneExpress87.248.157.102
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Noneredwood (Net ID: 00:01:38:85:C1:F8)37.780462,-122.390564
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-tikaro.github.io] https://www.openphish.com/feed.txt0-tikaro.github.io
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0140NoneGitHub.com{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 03:43:29CountryNoCountry Name Extractor0060NoneGermanytjdev.de
2023-05-12 02:46:38BGP AS MembershipNoRIPE0040None15169104.196.16.0/20
2023-05-12 02:45:29Physical LocationNoipapi.co1030NoneNorth Charleston, South Carolina, SC, United States, US104.196.30.220
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c594d129a872998-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.6.166
2023-05-12 03:00:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.4): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.185): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:13Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonegithubusercontent.comwww.battleb0t.xyz
2023-05-12 03:10:22Blacklisted IP AddressYesThreat Jammer0120NoneThreat Jammer - Risk score: 40 (MEDIUM) https://threatjammer.com/info/188.114.96.1188.114.96.1
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonejbnowires (Net ID: 00:0C:41:B5:31:DD)39.0469, -77.4903
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:8443104.21.71.14
2023-05-12 02:53:17IP AddressNoMnemonic PassiveDNS72010None188.114.97.1ayhu.xyz
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:46:38BGP AS MembershipNoRIPE0040None1406164.226.80.0/20
2023-05-12 02:47:03Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 20, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fcdfa.ca.gov%2Ferika.lewis%40cdfa.ca.gov', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base ca950000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base c98b0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\IMM32.DLL" at base cd050000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base c98b0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base c7b80000\n "msedge.exe" loaded module "COMBASE.DLL" at base ccbb0000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base cad70000\n "msedge.exe" loaded module "SHELL32.DLL" at base cb680000\n "msedge.exe" loaded module "USER32.DLL" at base ccec0000\n "msedge.exe" loaded module "NTDLL.DLL" at base cd1f0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a00ce01000040c7a2c9fc7f0000@ntdll.dll"\n "22002300ce01000018c7a2c9fc7f0000@ntdll.dll"\n "19001a00a204000040c7a2c9fc7f0000@ntdll.dll"\n "22002300a204000018c7a2c9fc7f0000@ntdll.dll"\n "19001a00dbad000040c7a2c9fc7f0000@ntdll.dll"\n "22002300dbad000018c7a2c9fc7f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7376:120:WilError_01"\n "Local\\SM0:4708:304:WilStaging_02"\n "Local\\SM0:4708:120:WilError_01"\n "SM0:4708:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:7376:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:7376:304:WilStaging_02"\n "Local\\SM0:7376:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7376:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7376:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7376:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"\n "104.18.10.207:443"\n "142.251.46.228:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "142.250.191.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00004708.00000000.77705.CAEDF000.00000002.mdmp]'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00004708"\n YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension State\\000003.log]- [targetUID: 00000000-00007376]\n "04a02e02-c03b-426d-8be8-484f86bfe2ba.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\04a02e02-c03b-426d-8be8-484f86bfe2ba.tmp]- [targetUID: 00000000-00001136]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007376]\n "typosquatting_list.pb" has type "data"- Location: [%TEMP%\\7376_302125849\\typosquatting_list.pb]- [targetUID: 00000000-00007376]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\7376_1093145157\\Filtering Rules]- [targetUID: 00000000-00007376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007376]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 413534"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00001136]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7376_302125849\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007376]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Kids Mode\\0.0.0.10\\manifest.fingerprint]- [targetUID: 00000000-00007376]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007376]\n "ee112835-328c-4e32-a5d4-fb2715bea0bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ee112835-328c-4e32-a5d4-fb2715bea0bc.tmp]- [targetUID: 00000000-00007376]\n "Session_13322616210952279" has type "data"- [targetUID: N/A]\n "61b14bdf-c2ee-416d-b78e-d3d4b4a06383.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\61b14bdf-c2ee-416d-b78e-d3d4b4a06383.tmp]- [targetUID: 00000000-00007376]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007376]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007376]\n "f34135bd94e6cca1_0" has type "data"- [targetUID: N/A]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\shopping_fre.html]- [targetUID: 00000000-00007376]\n "9be37f3e-709d-4866-b8f9-622ffd41feca.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\9be37f3e-709d-4866-b8f9-622ffd41feca.tmp]- [targetUID: 00000000-00007376]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\edge_driver.js]- [targetUID: 00000000-00007376]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007376]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-4', u'name': u'Found a string that may be used as part of an injection method', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1055/011', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1055.011', u'relevance': 4, u'threat_level': 0, u'type': 2, u'description': u'"Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry location strings which can modifies auto-execute functionality', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1547/001', u'threat_level_human': u'informative', u'185.199.111.153
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.41): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonefanpop (Category: social) https://www.fanpop.com/fans/ayhuayhu
2023-05-12 02:45:41Physical LocationNoAbstractAPI0020NoneSan Francisco (South Beach), California, 94107, United States, North America185.199.110.153
2023-05-12 03:31:33Affiliate - Email AddressNoE-Mail Address Extractor0030Noneregistrar-abuse@google.comDomain Name: AHU.XYZ Registry Domain ID: D196165314-CNIC Registrar WHOIS Server: whois.google.com Registrar URL: https://domains.google.com Updated Date: 2023-05-04T03:02:40.0Z Creation Date: 2020-08-10T01:10:12.0Z Registry Expiry Date: 2026-08-10T23:59:59.0Z Registrar: Google Inc Registrar IANA ID: 895 Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Contact Privacy Inc. Customer 7151571251 Registrant State/Province: ON Registrant Country: CA Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.DAN.COM Name Server: NS2.DAN.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: registrar-abuse@google.com Registrar Abuse Contact Phone: +1.2065311374 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ahu.xyz Registry Domain ID: D196165314-CNIC Registrar WHOIS Server: whois.google.com Registrar URL: https://domains.google.com Updated Date: 2023-05-04T03:02:40Z Creation Date: 2020-08-10T01:10:12Z Registrar Registration Expiration Date: 2026-08-10T23:59:59Z Registrar: Google LLC Registrar IANA ID: 895 Registrar Abuse Contact Email: registrar-abuse@google.com Registrar Abuse Contact Phone: +1.8772376466 Domain Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: go663216313251 Registrant Name: Contact Privacy Inc. Customer 7151571251 Registrant Organization: Contact Privacy Inc. Customer 7151571251 Registrant Street: 96 Mowat Ave Registrant City: Toronto Registrant State/Province: ON Registrant Postal Code: M4K 3K1 Registrant Country: CA Registrant Phone: +1.4165385487 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: https://domains.google.com/contactregistrant?domain=ahu.xyz Registry Admin ID: go663216313251 Admin Name: Contact Privacy Inc. Customer 7151571251 Admin Organization: Contact Privacy Inc. Customer 7151571251 Admin Street: 96 Mowat Ave Admin City: Toronto Admin State/Province: ON Admin Postal Code: M4K 3K1 Admin Country: CA Admin Phone: +1.4165385487 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: https://domains.google.com/contactregistrant?domain=ahu.xyz Registry Tech ID: go663216313251 Tech Name: Contact Privacy Inc. Customer 7151571251 Tech Organization: Contact Privacy Inc. Customer 7151571251 Tech Street: 96 Mowat Ave Tech City: Toronto Tech State/Province: ON Tech Postal Code: M4K 3K1 Tech Country: CA Tech Phone: +1.4165385487 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: https://domains.google.com/contactregistrant?domain=ahu.xyz Name Server: NS1.DAN.COM Name Server: NS2.DAN.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:16:36.418919Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en Please register your domains at: https://domains.google.com/ This data is provided by Google for information purposes, and to assist persons obtaining information about or related to domain name registration records. Google does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, will you use this data to: 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail (spam); or 2) enable high volume, automated, electronic processes that apply to this WHOIS server. These terms may be changed without prior notice. By submitting this query, you agree to abide by this policy.
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.14): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.34): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:26UsernameNoSocial Network Identifier172050Noneloginhttps://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3D
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneWIN-MAKCI77HADK 1028 (Net ID: 38:1D:D9:1B:3E:B3)37.751, -97.822
2023-05-12 02:47:40Open TCP PortNoPulsedive0030None104.196.30.220:80104.196.30.220
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX551551399 (Net ID: 00:01:E3:55:13:99)52.3759, 4.8975
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Noneebrahemsamir.github.io185.199.110.153
2023-05-12 02:54:22Linked URL - ExternalNoWeb Spider3030Nonehttps://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUgpanel.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneELSA (Net ID: 00:02:2D:27:BC:4F)50.1188, 8.6843
2023-05-12 02:46:55Internet NameNoDNS Resolver0020Nonefunny.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:33:43 2023 GMT Not After : Apr 14 17:33:42 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96: e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57: f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f: 0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a: 5c:c8:f0:96:d7 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 35:8e:ad:47:f4:d5:0c:35:7b:16:d0:9b:94:a8:b1:26:20:fb: c5:de:a5:93:db:57:19:e0:12:90:43:82:bc:d6:2f:43:eb:2e: 4c:de:6a:4e:5a:f7:3a:69:b4:d3:79:d5:3c:fc:10:95:09:06: 01:1c:46:7d:6d:7c:be:7f:a8:01:e3:93:44:8e:bd:bd:0d:b0: bd:c9:0f:53:30:c3:5b:43:1c:de:0d:db:29:b4:9c:76:9a:cb: 51:4b:06:1b:20:dd:ec:e9:a2:bf:56:76:bf:92:0c:eb:70:70: 9b:b4:4a:4f:2d:37:e0:34:a0:a3:ff:13:86:8a:79:7e:16:1e: 8e:c6:82:ca:0f:96:f3:8a:2f:c4:0b:aa:a8:ac:55:f4:88:40: e0:16:cf:a7:dc:c0:30:00:8e:a5:37:c8:bd:86:e7:c9:7f:a2: 43:a8:8f:4d:72:0e:2a:78:36:4d:70:de:f4:63:fb:7a:69:dd: eb:ae:02:25:ec:2e:30:97:68:f6:5a:d7:e8:b6:58:95:b6:c1: cc:b3:c2:25:09:9a:c8:a4:d7:3d:29:63:7c:34:a0:fc:c2:d0: 5c:94:37:dd:b4:c4:b6:03:3f:3d:50:00:5d:5e:7b:c9:e9:6b: 3d:db:2e:3d:c8:b1:34:d0:37:5f:80:1d:38:7f:1c:95:f3:da: c4:21:7d:17
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneMCUUID (Minecraft) (Category: gaming) https://mcuuid.net/?q=ayhuayhu
2023-05-12 02:55:11Software UsedYesCensys0020NonePureFTPd Pure-FTPd87.248.157.102
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2096104.21.71.14
2023-05-12 03:32:06Open TCP PortNoPulsedive0030None188.114.97.4:443188.114.97.0/24
2023-05-12 02:44:09SSL Certificate Host MismatchYesSSL Certificate Analyzer0010None*.github.io, github.io, *.github.com, github.com, www.github.com, *.githubusercontent.com, githubusercontent.combattleb0t.xyz
2023-05-12 03:32:40Open TCP PortNoPulsedive0030None188.114.97.20:8080188.114.97.0/24
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020Nonegiters (Category: coding) https://giters.com/battleb0tbattleb0t
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040None7637 0253 (Net ID: 00:1C:FB:F9:EC:50)32.8608, -79.9746
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c546dd3883829f4-ORD"]}188.114.97.1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneGWF (Net ID: 00:06:25:06:28:35)33.336199,-111.89446440830702
2023-05-12 02:46:49SSL Certificate - Issued byNoSSL Certificate Analyzer0030NoneC=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA135.229.48.116
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NonexHamster (Category: XXXPORNXXX) https://xhamster.com/users/ayhuayhu
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneAirliners (Category: social) https://www.airliners.net/user/login/profilelogin
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.54): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:47:32Open TCP PortNoPulsedive0020None172.67.135.9:443172.67.135.9
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NonePornhub Users (Category: XXXPORNXXX) https://www.pornhub.com/users/battleb0tbattleb0t
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWLAN (Net ID: 00:02:44:AF:55:CE)50.1188, 8.6843
2023-05-12 03:17:44UsernameNoAccount Finder58010Noneayhuayhu.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneLF-X1U.00014A10EF0C (Net ID: 00:01:4A:10:EF:0C)37.7813933,-122.3918002
2023-05-12 02:53:25IPv6 AddressNoMnemonic PassiveDNS0020None2606:4700:3030::ac43:a8fcwww.battleb0t.xyz
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.146): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:53:56Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8d-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 8F4E:438C:28D6A76:39C4C57:645DA4A1 Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100090-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683858593.452046,VS0,VE24 Vary: Accept-Encoding X-Fastly-Request-ID: bf30db8298ebcbd37ba35a7187f0fd669e8117db 2606:50c0:8001::153
2023-05-12 02:56:52Internet NameNoDNS Resolver0030Nonepics.battleb0t.xyz[{"url": "https://pics.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5221619826367a-FRA Content-Encoding: gzip 172.67.168.252
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonedragontears (Net ID: 00:0C:F6:42:E6:42)50.8897, 6.0563
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 02:44:36SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:18 2022 GMT Not After : Mar 27 01:46:17 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c: 8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e: 94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc: df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39: e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a: 41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c: 4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc: af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76: ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01: 78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa: b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4: 12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55: a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8: d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1: 8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47: e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b: 6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8: 25:d1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 8e:1e:a8:a7:dc:b4:b2:81:77:cc:05:85:bf:5a:da:1d:f4:11: 2f:79:e8:ea:90:50:cd:64:a1:df:43:64:b0:45:83:6a:9e:5d: 59:bc:d7:f8:c2:0e:5f:4b:d2:8c:3b:71:44:77:09:c9:00:b8: 05:73:a8:af:5c:03:95:2d:4c:ab:3f:94:8d:b8:ae:e1:f0:37: e9:58:9a:a0:2c:5e:da:55:60:52:70:f6:59:b6:b8:74:c2:ec: 81:ab:60:cd:18:64:f8:84:94:8c:df:47:3c:58:34:38:f7:32: 95:4f:6b:ab:3c:d9:c8:9d:74:72:3d:d9:8b:b0:94:26:be:f8: 97:a5:76:6a:24:26:67:96:90:9d:13:49:6a:48:2d:e9:2e:38: bc:3f:6a:f2:cd:6c:8d:0c:c9:e9:d6:d1:7b:0e:16:58:5f:02: 04:50:48:f9:7c:38:68:3b:60:03:bd:e1:08:78:5b:e8:18:86: b7:4b:aa:6f:ff:a7:2b:03:04:25:27:96:1f:8f:09:53:64:fa: 5f:9b:e8:88:a7:a7:cf:f6:cb:48:fc:5c:9c:94:c2:c7:76:87: 81:e4:c9:14:d3:20:ef:9f:47:07:5f:b5:8a:d6:96:2d:57:a9: f9:b6:6d:17:e3:16:11:39:ad:d4:74:7b:49:e0:ca:6b:a7:15: ef:22:a3:8b battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSX551C65D72 (Net ID: 00:01:E3:C6:5D:72)50.8897, 6.0563
2023-05-12 03:32:33Open TCP PortNoPulsedive0030None188.114.97.17:443188.114.97.0/24
2023-05-12 03:24:22HTTP HeadersNoWeb Spider1020None{"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 03:24:22 GMT", "content-type": "text/html"}https://kekw.battleb0t.xyz/jar
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5ee2a62d9a2306-ORD Content-Encoding: gzip 188.114.96.1
2023-05-12 03:32:27Open TCP PortNoPulsedive0030None188.114.97.14:8080188.114.97.0/24
2023-05-12 03:00:00Affiliate - Email AddressNoE-Mail Address Extractor0030Nonejloup@gzip.org[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://goo.gl/uqaWYa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1736"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6c8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6c8_ConnHashTable<1736>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"74.208.236.106:80"\n "74.208.236.106:443"\n "172.217.12.106:443"\n "104.18.10.207:443"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.251.214.131:443"\n "142.250.189.206:443"\n "142.251.214.130:443"\n "142.251.46.230:443"\n "142.251.46.170:443"\n "52.155.62.95:443"\n "172.217.12.118:443"\n "172.217.12.97:443"\n "142.250.189.238:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"chrisfixed.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "chrisfixed.com"\n "fe0.google.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "goo.gl"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "play.google.com"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "static.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "trenta.media"\n "www.chris-fix.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "VISITOR_INFO1_LIVEziB5upP7Wiwyoutube.com/214749286534253099523106746390550359831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "5O0LJ4LH.txt")\n Found string "VISITOR_INFO1_LIVEDU_B5bFhQnkyoutube.com/214749286534253099523106746390472234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "DQKYX181.txt")\n Found string "VISITOR_INFO1_LIVEi1ZA35yJPt8youtube.com/214749286534253099523106746390597234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7JFMJ9XY.txt")\n Found string "VISITOR_INFO1_LIVE-bsB1yN3wW0youtube.com/214749286534253099523106746390784734831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7E6JY8J0.txt")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "function bz(a,b){var c=this;return b}bz.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),cz=["www.youtube.com","www.youtube-nocookie.com"],dz,ez=!1;" (Indicator: "dir "; File: "js_2_.js")\n Found string "www.youtube.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")\n file/memory contains long string with (Indicator: "dir "; File: "base_1_.js")\n Found string "{Bo:"r",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("gam_native_web_video")?{Bo:"n",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("admob_interstitial_video")?{Bo:"int",Do:Eo()}:{Bo:"j",Do:null}};" (Indicator: "dir "; File: "base_1_.js")\n Found string "By=function(a){a=g.Si(a);a=null!==a?a.split(".").reverse():null;return null===a?!1:"com"==a[0]&&a[1].match(/^youtube(?:kids|-nocookie)?$/)?!0:!1};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Uy=function(a,b,c,d,e){Sy||Ty.set(""+a,b,{IG:c,path:"/",domain:void 0===d?"youtube.com":d,W8:void 0===e?!1:e})};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Wy=function(a,b,c){Sy||Ty.remove(""+a,void 0===b?"/":b,void 0===c?"youtube.com":c)};" (Indicator: "dir "; File: "base_1_.js")\n Found string "sna=function(){this.j=g.hy("ALT_PREF_COOKIE_NAME","PREF");this.u=g.hy("ALT_PREF_COOKIE_DOMAIN","youtube.com");var a=g.Vy(this.j);a&&this.parse(a)};" (Indicator: "dir "; File: "base_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"insta-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "twitter-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "fb-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "sddefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "sddefault_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "yt-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "unnamed_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 Exif Standard: [TIFF image data little-endian direntries=1 software=Google] baseline precision 8 68x68 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'infor
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0040Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:57:24Internet NameNoCertificate Transparency0110Nonepics.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneComputing websitesbattleb0t.github.io
2023-05-12 02:52:28Malicious IP AddressYesVirusTotal0130NoneVirusTotal [104.196.30.220] https://www.virustotal.com/en/ip-address/104.196.30.220/information/104.196.30.220
2023-05-12 02:58:43Vulnerability - CVE HighYesTool - testssl.sh0210NoneCVE-2016-2183 https://nvd.nist.gov/vuln/detail/CVE-2016-2183 Score: 7.5 Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.ayhu.xyz
2023-05-12 02:54:19HTTP Status CodeNoWeb Spider0040None200https://fluid.battleb0t.xyz/./script.js
2023-05-12 03:01:03Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.107): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5c82adbc7b2323-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.168.252
2023-05-12 03:00:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.61): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom90F1C4 (Net ID: 00:0C:F6:90:F1:C4)50.8897, 6.0563
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-B962 (Net ID: 00:1D:D5:BA:B9:60)32.8608, -79.9746
2023-05-12 02:44:31Affiliate - Domain NameNoDNS Resolver0030Nonegithub.comcdn-185-199-111-153.github.com
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.212): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneNotLakehouse (Net ID: 00:0C:41:6F:1D:BC)39.0469, -77.4903
2023-05-12 03:09:03Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10487.248.157.102
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.22): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.42): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneRossAviation206 (Net ID: 00:0C:42:6C:BE:A6)33.617190550339146,-111.90827887019054
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f60715ea2423d-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:46:21Netblock MembershipNoRIPE8020None185.199.110.0/24185.199.110.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneFruityWifi-004 (Net ID: 00:04:E2:F4:8A:F5)33.617190550339146,-111.90827887019054
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewagmound (Net ID: 00:01:71:0A:16:DF)52.3759, 4.8975
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.230): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [james-gamboa.github.io] https://www.openphish.com/feed.txtjames-gamboa.github.io
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None410HowardStudios (Net ID: 00:02:2D:00:25:63)37.780462,-122.390564
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.174): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-2AD2 (Net ID: 90:1A:CA:7E:2A:D0)37.751, -97.822
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:80188.114.96.1
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonedowntown7 (Net ID: 00:01:E3:DE:06:3F)50.1188, 8.6843
2023-05-12 02:53:19Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'bounty-58693743083355784', u'signatures': [], u'threat_level': 1, u'size': 1411144, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'sha512': u'dc93938623bfb168b27fbe2475df1838b75b6655fa8816c058f64c8dd7803679e7bab7c8b5da07f2eb9436da2e84973253e7509def261f0f7dcb638684769eba', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'6455a98ae3cb0ab470017f93', u'created_at': u'2023-05-06T01:12:42+00:00', u'filename': u'bounty-58693743083355784'}, {u'url': None, u'submission_id': u'6455a98a5a7739690c0ed96f', u'created_at': u'2023-05-06T01:12:42+00:00', u'filename': u'bounty-42554279808800971'}], u'analysis_start_time': u'2023-05-06T01:12:42+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'3855aaa9b3c3632acee05508966072c0', u'network_mode': u'default', u'processes': [], u'sha1': u'f165233f7d4ac46b1150eef6e9d1ff16d2b496a0', u'url_analysis': False, u'type': u'PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'suspicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'64bits', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [{u'file_process_pid': 6884, u'filename': u'00000000-00006884.00000000.78323.8EB30000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\rufus-4.0p.exe', u'flags': u'00000040', u'file_process_sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'address': u'8EB30000', u'verdict': u'suspicious', u'file_process': u'rufus-4.0p.exe'}, {u'file_process_pid': 6884, u'filename': u'00000000-00006884.00000000.78323.B850F000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\rufus-4.0p.exe', u'flags': u'00000040', u'file_process_sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'address': u'B850F000', u'verdict': u'suspicious', u'file_process': u'rufus-4.0p.exe'}], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': 39, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': 4, u'submit_name': u'rufus-4.0p.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 8b1c0000\n "rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 8b1c0000\n "rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 8b1c0000\n "rufus-4.0p.exe" loaded module "KERNEL32" at base 8c1f0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\TEMP\\VXOLE64.DLL" at base 781f0000\n "rufus-4.0p.exe" loaded module "KERNEL32.DLL" at base 8c1f0000\n "rufus-4.0p.exe" loaded module "ADVAPI32.DLL" at base 8ea00000\n "rufus-4.0p.exe" loaded module "COMCTL32.DLL" at base 7b8b0000\n "rufus-4.0p.exe" loaded module "COMDLG32.DLL" at base 8c940000\n "rufus-4.0p.exe" loaded module "CRYPT32.DLL" at base 8afa0000\n "rufus-4.0p.exe" loaded module "GDI32.DLL" at base 8c910000\n "rufus-4.0p.exe" loaded module "MSVCRT.DLL" at base 8cd50000\n "rufus-4.0p.exe" loaded module "OLE32.DLL" at base 8c0a0000\n "rufus-4.0p.exe" loaded module "SETUPAPI.DLL" at base 8c420000\n "rufus-4.0p.exe" loaded module "SHELL32.DLL" at base 8d5c0000\n "rufus-4.0p.exe" loaded module "SHLWAPI.DLL" at base 8c3c0000\n "rufus-4.0p.exe" loaded module "USER32.DLL" at base 8cbc0000\n "rufus-4.0p.exe" loaded module "RPCRT4.DLL" at base 8c2a0000\n "rufus-4.0p.exe" loaded module "SSPICLI.DLL" at base 8ad90000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\WINTRUST.DLL" at base 8af40000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\CRYPT32.DLL" at base 8afa0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\RSAENH.DLL" at base 8a2d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\BCRYPTPRIMITIVES.DLL" at base 8bd40000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 894d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\VDS_PS.DLL" at base 7b1a0000\n "rufus-4.0p.exe" loaded module "RICHED20" at base 6ee00000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\GPEDIT.DLL" at base 6ec40000\n "rufus-4.0p.exe" loaded module "COMCTL32" at base 7b8b0000\n "rufus-4.0p.exe" loaded module "OLEAUT32.DLL" at base 83960000\n "rufus-4.0p.exe" loaded module "EXT-MS-WIN-RTCORE-NTUSER-WINDOW-EXT-L1-1-0.DLL" at base 8cbc0000\n "rufus-4.0p.exe" loaded module "EXT-MS-WIN-RTCORE-NTUSER-INTEGRATION-L1-1-0.DLL" at base 8cbc0000\n "rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-COM-L1-1-0.DLL" at base 8ceb0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\MSCTF.DLL" at base 8ca50000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\OLE32.DLL" at base 8c0a0000\n "rufus-4.0p.exe" loaded module "WININET" at base 7b4d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\ICONCODECSERVICE.DLL" at base 81ad0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\OLEACC.DLL" at base 78c40000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\EXPLORERFRAME.DLL" at base 76790000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\NETPROFM.DLL" at base 87ef0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\NPMPROXY.DLL" at base 85820000\n "rufus-4.0p.exe" loaded module "ONDEMANDCONNROUTEHELPER.DLL" at base 6f650000\n "rufus-4.0p.exe" loaded module "WINHTTP.DLL" at base 854f0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\ONDEMANDCONNROUTEHELPER.DLL" at base 6f650000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\MSWSOCK.DLL" at base 8a6c0000\n "rufus-4.0p.exe" loaded module "MSISO.DLL" at base 7e860000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\RASADHLP.DLL" at base 83790000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\FWPUCLNT.DLL" at base 83b90000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\WS2_32" at base 8d550000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\SCHANNEL.DLL" at base 8a210000\n "rufus-4.0p.exe" loaded module "MSKEYPROTECT.DLL" at base 7e020000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\EN-US\\SHELL32.DLL.MUI" at base ffc10000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\CRYPTNET.DLL" at base 7a6d0000\n "rufus-4.0p.exe" loaded module "CRYPTNET.DLL" at base 7a6d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\NCRYPTSSLP.DLL" at base 7e0d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\GPEDIT.DLL" at base 6ece0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-4.0p.exe" called "LoadLibrary" with a parameter api-ms-win-core-synch-l1-2-0 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter api-ms-win-core-fibers-l1-1-1 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter api-ms-win-core-localization-l1-2-1 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter kernel32 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter KERNEL32.DLL (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter ADVAPI32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter COMCTL32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter comdlg32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter CRYPT32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter GDI32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter msvcrt.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter ole32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter SETUPAPI.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter SHELL32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter SHLWAPI.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter USER32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter kernel32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter Riched20 (UID: 00000000-00006884)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function addresses', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-4.0p.exe" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "GetProcAddress" with a parameter FlsSe185.199.109.153
2023-05-12 03:10:01Affiliate - Domain NameNoDNS Resolver2050Noneexpressdryclean.grexpressdryclean.gr
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0030Nonehttps://pics.battleb0t.xyz/images/random_4.pnghttps://pics.battleb0t.xyz/
2023-05-12 02:54:22Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8www.ayhu.xyz
2023-05-12 03:00:49Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.69): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:13:49:EC:E1:54)40.2024, 29.0398
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f60483bb94334-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"}
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5c61b40afd1911-FRA"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}188.114.96.1
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.183): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneSR.Mandant (Net ID: 00:01:21:30:6F:34)50.1188, 8.6843
2023-05-12 02:54:51Raw Data from RIRsNoCensys0030None{"last_updated_at": "2023-05-12T02:01:01.392Z", "ip": "34.74.170.74", "location_updated_at": "2023-04-30T03:41:24.176126Z", "autonomous_system_updated_at": "2023-04-30T03:41:24.176335Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.8929, "longitude": -80.0458}, "postal_code": "29418", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"beta.overclockedservices.ca": {"record_type": "CNAME", "resolved_at": "2023-05-08T12:59:35.249032044Z"}, "emvitool-dv.ml": {"record_type": "A", "resolved_at": "2022-10-17T22:18:00.338135487Z"}, "nexter.xande.dev": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:45:28.429344531Z"}, "www.mizan.et": {"record_type": "CNAME", "resolved_at": "2023-03-27T23:59:01.371578440Z"}, "asimto.com": {"record_type": "A", "resolved_at": "2022-10-30T19:18:07.454054467Z"}, "emporas.io": {"record_type": "A", "resolved_at": "2022-10-17T22:16:30.071984024Z"}, "boot.signifly.io": {"record_type": "CNAME", "resolved_at": "2023-01-16T15:34:28.059221703Z"}, "definitionof.org": {"record_type": "A", "resolved_at": "2022-12-08T16:38:56.794905095Z"}, "mouadziani.com": {"record_type": "A", "resolved_at": "2023-01-14T13:37:56.766858379Z"}, "www.503.photos": {"record_type": "CNAME", "resolved_at": "2023-03-19T02:42:12.347086287Z"}, "olufunto.dev": {"record_type": "A", "resolved_at": "2022-12-28T14:48:52.916235421Z"}, "www.isaacsonladders.co.za": {"record_type": "CNAME", "resolved_at": "2023-02-21T21:51:52.146614450Z"}, "www.amateurgame.dev": {"record_type": "CNAME", "resolved_at": "2023-04-12T17:03:48.151599978Z"}, "fullstackforhumans.com": {"record_type": "A", "resolved_at": "2023-04-15T14:31:03.542528095Z"}, "joelofran.co": {"record_type": "A", "resolved_at": "2023-05-11T13:09:36.675248006Z"}, "hostarshosting.ml": {"record_type": "A", "resolved_at": "2023-04-04T19:31:01.779774968Z"}, "www.gmimarkets.info": {"record_type": "CNAME", "resolved_at": "2023-05-01T17:10:25.734198185Z"}, "florentpellegrin.com": {"record_type": "A", "resolved_at": "2022-11-22T13:32:20.879316883Z"}, "savemyspot.ca": {"record_type": "A", "resolved_at": "2022-10-03T12:31:57.921314861Z"}, "polite-axolotl-b38d0e.netlify.app": {"record_type": "A", "resolved_at": "2023-01-29T12:06:11.892515081Z"}, "influencer.infectic.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T20:57:25.580100675Z"}, "portal.healthzen.io": {"record_type": "CNAME", "resolved_at": "2022-12-22T03:10:47.307049488Z"}, "sae105.allanhienne.fr": {"record_type": "CNAME", "resolved_at": "2023-01-02T04:54:16.330119990Z"}, "richardvandermeer.nl": {"record_type": "A", "resolved_at": "2023-04-28T21:50:43.119914774Z"}, "charallah.co.uk": {"record_type": "A", "resolved_at": "2022-11-12T16:28:57.037470462Z"}, "ghosttech.com.br": {"record_type": "A", "resolved_at": "2023-04-22T12:32:16.063889700Z"}, "remedialteaching-detoermalijn.nl": {"record_type": "A", "resolved_at": "2023-03-19T17:49:21.649173911Z"}, "benjaminsilver.xyz": {"record_type": "A", "resolved_at": "2022-10-17T21:16:42.890957577Z"}, "davidsullivan.xyz": {"record_type": "A", "resolved_at": "2023-05-05T20:41:16.868140898Z"}, "app.envisageworldwide.com": {"record_type": "CNAME", "resolved_at": "2023-03-12T13:49:14.045850752Z"}, "grab.stoneltd.co.uk": {"record_type": "CNAME", "resolved_at": "2023-02-02T18:36:47.008063426Z"}, "www.fiveicons.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:15:59.618749237Z"}, "agustin-dev.me": {"record_type": "A", "resolved_at": "2023-02-08T18:09:39.861263846Z"}, "cwt.hiyield.co.uk": {"record_type": "CNAME", "resolved_at": "2022-12-04T17:29:42.136640068Z"}, "dashboard.styledotme.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:45:51.707850435Z"}, "aaa-scaffolding.mctweb.co.uk": {"record_type": "CNAME", "resolved_at": "2022-12-30T17:00:40.939271772Z"}, "l.dcgstaging.co.uk": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:43:36.322757205Z"}, "www.lafabriklocale.fr": {"record_type": "CNAME", "resolved_at": "2022-11-07T14:56:36.811524661Z"}, "www.form2290download.com": {"record_type": "CNAME", "resolved_at": "2022-12-20T13:23:19.027062663Z"}, "hopton.co.uk": {"record_type": "A", "resolved_at": "2023-05-05T20:33:36.106307737Z"}, "kobekoto.com": {"record_type": "A", "resolved_at": "2023-02-14T14:10:07.117039480Z"}, "founders.bemasonic.com": {"record_type": "A", "resolved_at": "2022-10-17T20:38:07.858715677Z"}, "www.kunle.org": {"record_type": "CNAME", "resolved_at": "2022-09-19T22:02:20.340504742Z"}, "nlm.asianlegacylibrary.org": {"record_type": "CNAME", "resolved_at": "2023-03-21T05:49:06.463119331Z"}, "rollinknecht.com": {"record_type": "A", "resolved_at": "2023-03-17T14:52:13.784128416Z"}, "venicehouseyxe.ca": {"record_type": "A", "resolved_at": "2022-12-25T12:28:21.240157263Z"}, "elated-galileo-548c37.netlify.com": {"record_type": "A", "resolved_at": "2023-01-29T13:53:22.914856752Z"}, "foodable.ng": {"record_type": "A", "resolved_at": "2023-02-08T18:51:17.277516369Z"}, "community.livewellandfully.com": {"record_type": "CNAME", "resolved_at": "2022-11-16T13:35:36.116348653Z"}, "timotei.dev": {"record_type": "A", "resolved_at": "2023-03-30T17:27:58.725461848Z"}, "growoil.ng": {"record_type": "A", "resolved_at": "2022-10-17T21:18:12.013899010Z"}, "kpscarwash.com": {"record_type": "A", "resolved_at": "2023-04-25T15:10:32.056226775Z"}, "gli.betdex.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:12:53.933298839Z"}, "www.spiritix.co": {"record_type": "CNAME", "resolved_at": "2023-05-01T13:00:42.786069830Z"}, "gas.red-elvis.net": {"record_type": "CNAME", "resolved_at": "2023-05-11T20:03:54.927976191Z"}, "www.heypartner.io": {"record_type": "CNAME", "resolved_at": "2023-02-15T15:32:42.818151384Z"}, "putikiestate.nz": {"record_type": "A", "resolved_at": "2023-01-12T15:47:09.403699644Z"}, "jobhunttracker.live": {"record_type": "A", "resolved_at": "2023-01-25T15:53:38.230367270Z"}, "www.badguyz.net": {"record_type": "CNAME", "resolved_at": "2023-03-24T18:31:11.356367184Z"}, "medallionproject.org": {"record_type": "A", "resolved_at": "2022-11-21T16:04:40.676151940Z"}, "netlify.vinko.me": {"record_type": "CNAME", "resolved_at": "2023-03-22T18:56:03.306053165Z"}, "hotcode.dev": {"record_type": "A", "resolved_at": "2023-03-10T15:02:16.821390522Z"}, "www.pepoparadise.net": {"record_type": "CNAME", "resolved_at": "2022-10-29T16:20:13.892401780Z"}, "jastudio-tech.com": {"record_type": "A", "resolved_at": "2022-12-07T13:44:28.251191198Z"}, "ragavee.com": {"record_type": "A", "resolved_at": "2022-10-17T21:56:14.004368926Z"}, "admin-beta.zurf.tech": {"record_type": "CNAME", "resolved_at": "2023-05-01T20:41:28.477702343Z"}, "laceylink.me": {"record_type": "A", "resolved_at": "2023-03-22T11:44:45.375753652Z"}, "rodandstaff.info": {"record_type": "CNAME", "resolved_at": "2023-03-16T15:26:30.585215504Z"}, "luming.tk": {"record_type": "A", "resolved_at": "2022-10-17T21:10:19.707786943Z"}, "aos-project.org": {"record_type": "A", "resolved_at": "2023-02-02T11:11:17.166518505Z"}, "www.movimentotransformers.org": {"record_type": "CNAME", "resolved_at": "2023-02-25T19:19:23.124662794Z"}, "johnberry.us": {"record_type": "A", "resolved_at": "2023-03-10T18:01:30.474090850Z"}, "flippening.money": {"record_type": "A", "resolved_at": "2022-10-17T22:27:26.279352799Z"}, "www.doers-square.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:34:03.727776781Z"}, "onemoreonce.net": {"record_type": "A", "resolved_at": "2023-04-22T18:54:42.143545404Z"}, "www.citycitycountry.co.uk": {"record_type": "CNAME", "resolved_at": "2023-02-10T18:39:58.627886479Z"}, "neybapps.com": {"record_type": "A", "resolved_at": "2023-03-16T02:40:39.987675551Z"}, "www.alanmancemitsubishi.com.au": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:25:52.475796029Z"}, "sythen.co": {"record_type": "A", "resolved_at": "2023-04-14T17:03:23.960203603Z"}, "acasune-portfolio.com": {"record_type": "A", "resolved_at": "2023-02-17T12:55:44.912965443Z"}, "aaa-scaffolding.netlify.app": {"record_type": "A", "resolved_at": "2023-03-16T12:05:42.159923059Z"}, "julia.peklak.net": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:30:20.839012221Z"}, "www.socialprogressindex.net": {"record_type": "CNAME", "resolved_at": "2022-12-26T16:02:37.186092694Z"}, "weatherapp.alecpagliarussi.me": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:44:25.184926620Z"}, "v8.azharlihan.com": {"record_type": "CNAME", "resolved_at": "2022-10-05T19:12:08.840985334Z"}, "www.avfmudancasesfretes.com.br": {"record_type": "A", "resolved_at": "2022-09-28T23:34:15.977879819Z"}, "eliteexecscoaching.com": {"record_type": "A", "resolved_at": "2023-03-29T23:32:37.295202060Z"}, "khanh-viet.lpe.gatoreviews.com": {"record_type": "CNAME", "resolved_at": "2023-01-05T13:28:25.250548626Z"}, "nexter-xande.netlify.app": {"record_type": "A", "resolved_at": "2023-02-24T12:07:02.670008211Z"}, "appraum.com": {"record_type": "A", "resolved_at": "2023-04-24T13:52:04.395837318Z"}, "fazardilham.my.id": {"record_type": "A", "resolved_at": "2023-04-10T18:12:12.859667666Z"}, "justinewon.com": {"record_type": "A", "resolved_at": "2023-03-28T15:09:11.753413656Z"}, "dist.usecloudless.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:19:34.494475189Z"}, "canalresponsable.demo.cbiconsulting.es": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:58:56.721660647Z"}, "2omb.finance": {"record_type": "A", "resolved_at": "2023-02-22T13:46:00.762714311Z"}, "tools.iapotheca.com": {"record_type": "CNAME", "resolved_at": "2023-04-11T13:12:22.096803414Z"}, "www.lorenzoligato.com": {"record_type": "CNAME", "resolved_at": "2023-02-15T13:57:08.995428420Z"}, "foothillsauctioneers.com": {"record_type": "A", "resolved_at": "2022-11-16T13:21:59.316737877Z"}, "www.charlie.codes": {"record_type": "CNAME", "resolved_at": "2023-03-02T12:52:28.250578843Z"}, "www.kattronix.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:48:38.360278241Z"}}, "names": ["julia.peklak.net", "www.pepoparadise.net", "remedialteaching-detoermalijn.nl", "www.badguyz.net", "weatherapp.alecpagliarussi.me", "dashboard.styledotme.com", "www.alanmancemitsubishi.com.au", "nexter.xande.34.74.170.74
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget2020None0.crimson-perch.github.io185.199.111.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F2:6F:6D)37.780462,-122.390564
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.193): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None043320 (Net ID: 00:02:2D:04:33:20)37.780462,-122.390564
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonexfinitywifi (Net ID: 00:0D:67:8C:21:AA)39.0469, -77.4903
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneSunshine (Net ID: 00:07:40:87:15:01)33.617190550339146,-111.90827887019054
2023-05-12 03:33:34Raw File Meta DataNoBinary String Extractor0040NoneMiCCPICC Profile U$JLQ clc$1 pHYs iTXtXML:com.adobe.xmp <exif:PixelYDimension>1024</exif:PixelYDimension> <exif:PixelXDimension>1024</exif:PixelXDimension> <tiff:Orientation>1</tiff:Orientation> </rdf:Description> </rdf:RDF> </x:xmpmeta> IDATx :-$oT'/ ykl_\ $GsPUa O3N>RB J"RKn :Y:Dlm2 wLHH2 4<V0q Tbi/O Iy5: @ z0 rSOJ Q8m0Sc BFSvMl :/t@S te's8 'r_$E: t<c:` SxUAn GB:`_3 .?'X$ 0<Zqjyc fTF7g tF`"d uC1o\ uOV`B W9o0/ vXv5q EKjPW \BypB MeTZAtj FdAdi ZVM$\ RK59C WrF.w qadakhZ aWl>E B.G E /2S/yT ?N2If _ZkowDdu ihLaY <q36o \mHTs $Sa!TuVQ `xSkY !FfcGgy Twj c l9nPO O_R@N bW.F`y 9v-lh IDATE SeR'c JS Ik 2.S\D 3@9@h oe1`sf?z 9ud>I mE:Gf7 Tdb0P -uy:Y@BE 3zRHFofBQ g'YtL Lx j8m/J 'A_>dW CJ1eI wIQ!9t d0d'L VLYrd ::vC1 N/38Am 'k!mL zymOhf T'y0l d3o3A1 -IUSN ?rF_3 rvf5EZ Am``"1 fBmM> >f q9c cQ"n!cYQy XBMUx mtc-2 p4va`W Gj6Xz oxCs6 ZSB64https://oldfluid.battleb0t.xyz/logo.png
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.243): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:FD:64:31)33.617190550339146,-111.90827887019054
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBulldog Free internet (Net ID: 00:01:71:0A:05:E5)52.3759, 4.8975
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.144): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.59): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:00:38Affiliate - Email AddressNoE-Mail Address Extractor0040Noneregistrar-abuse@cloudflare.com Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2017-05-24T17:44:01Z Creation Date: 2009-02-17T22:07:54Z Registry Expiry Date: 2024-02-17T22:07:54Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS3.CLOUDFLARE.COM Name Server: NS4.CLOUDFLARE.COM Name Server: NS5.CLOUDFLARE.COM Name Server: NS6.CLOUDFLARE.COM Name Server: NS7.CLOUDFLARE.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2021-09-27T15:18:45Z Creation Date: 2009-02-17T22:07:54Z Registrar Registration Expiration Date: 2024-02-17T22:07:54Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Name Server: ns3.cloudflare.com Name Server: ns4.cloudflare.com Name Server: ns5.cloudflare.com Name Server: ns6.cloudflare.com Name Server: ns7.cloudflare.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonennru (Category: social) https://login.www.nn.rulogin
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneMicrosoft acquisitionscdn-185-199-111-153.github.com
2023-05-12 02:46:35Netblock MembershipNoRIPE1030None35.229.48.0/2035.229.48.116
2023-05-12 02:54:30Raw Data from RIRsNoCensys13030None{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b64.226.81.43
2023-05-12 02:50:30Raw Data from RIRsNoGLEIF0030None[{u'relationships': {u'lei-records': {u'data': {u'type': u'lei-records', u'id': u'54930014QNWWH8OAC930'}, u'links': {u'related': u'https://api.gleif.org/api/v1/lei-records/54930014QNWWH8OAC930'}}}, u'attributes': {u'highlighting': u'<b>GODADDY.COM</b>, <b>LLC</b>', u'value': u'GODADDY.COM, LLC'}, u'type': u'autocompletions'}]GoDaddy.com, LLC
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneCommons-based peer production - Commons-based peer production is a term coined by Harvard Law School professor Yochai Benkler. It describes a model of socio-economic production in which large numbers of people work cooperatively; usually over the Internet.cdn-185-199-111-153.github.com
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:D2:56:1D)33.336199,-111.89446440830702
2023-05-12 03:00:37Affiliate - Email AddressNoE-Mail Address Extractor0060Noneabusecomplaints@markmonitor.com Domain Name: GOOGLEUSERCONTENT.COM Registry Domain ID: 1528918319_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-10-16T09:27:01Z Creation Date: 2008-11-17T15:58:29Z Registry Expiry Date: 2023-11-17T15:58:29Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.GOOGLE.COM Name Server: NS2.GOOGLE.COM Name Server: NS3.GOOGLE.COM Name Server: NS4.GOOGLE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.
2023-05-12 02:55:22Linked URL - InternalNoGoogle0010Nonehttps://ayhu.xyz/ayhu.xyz
2023-05-12 02:44:19IPv6 AddressNoDNS Resolver15030None2600:1f18:2489:8201::c8funny.battleb0t.xyz
2023-05-12 02:44:13Co-Hosted SiteNoSSL Certificate Analyzer0120Nonegithubusercontent.comwww.battleb0t.xyz
2023-05-12 02:53:03Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fanette.wunderlich%40bbs-sachsen.de', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6680:120:WilError_01"\n "Local\\SM0:6680:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6680:304:WilStaging_02"\n "SM0:6680:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"138.91.254.96:443"\n "185.199.109.153:443"\n "172.66.43.150:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "191.101.3.40:443"\n "104.46.162.224:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.salesflare.com"\n "llink.to"\n "self.events.data.microsoft.com"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006836]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6576_1201338111\\Filtering Rules]- [targetUID: 00000000-00006576]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6576_1454671731\\edge_driver.js]- [targetUID: 00000000-00006576]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006836]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6576_1454671731\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00006576]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6576_1201338111\\Filtering Rules-AA]- [targetUID: 00000000-00006576]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006576]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006836]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006836]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006836]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006836]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\6576_2018322271\\edge_autofill_field_data.json]- [targetUID: 00000000-00006576]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006576]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006576]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006576]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\6576_1216152141\\safety_tips.pb]- [targetUID: 00000000-00006576]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006836]\n "Tabs_13328184206781632" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13328184206781632]- [targetUID: 00000000-00006576]\n "1e812de6-ba21-4912-a657-c6c0db9dfd3e.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1e812de6-ba21-4912-a657-c6c0db9dfd3e.tmp]- [targetUID: 00000000-00006576]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "78d7a1c9-5693-428d-9fc6-b7f66687f3bf.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\78d7a1c9-5693-428d-9fc6-b7f66687f3bf.tmp]- [targetUID: 00000000-00006576]\n "8b2d30f7-d78f-400a-9946-770eb1538d9f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8b2d30f7-d78f-400a-9946-770eb1538d9f.tmp]- [targetUID: 00000000-00006576]\n "8a842fff-c60c-4637-8d2c-c71803472375.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8a842fff-c60c-4637-8d2c-c71803472375.tmp]- [targetUID: 00000000-00006576]\n "082c8fb6-a19d-45ef-a529-edaabf95a8e2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\082c8fb6-a19d-45ef-a529-edaabf95a8e2.tmp]- [targetUID: 00000000-00006576]\n "8a35266a-5ab3-4ff3-8644-ef8185.199.109.153
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.171): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:13Physical LocationNoCensys0040NoneSan Francisco, California, 94107, United States, North America2606:4700:3030::ac43:a8fc
2023-05-12 03:08:53Vulnerability - CVE MediumYesTool - Retire.js0040NoneCVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Score: 6.1 Description: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.http://code.jquery.com/jquery-3.2.1.js
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.8234.74.170.74
2023-05-12 03:03:42Internet NameNoDNS Resolver0030Nonenuke.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nuke.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'Title': {u'string': [u'nuke.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'172.64.80.1']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}]
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneitch.io (Category: gaming) https://itch.io/profile/loginlogin
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneAndrea Schwartz Gallery (Net ID: 00:01:9F:3D:4F:68)37.7813933,-122.3918002
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.100): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:56:04Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://startling-sfogliatella-ade5c2.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9dc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_9dc_IESQMMUTEX_0_303"\n "IsoScope_9dc_IESQMMUTEX_0_519"\n "IsoScope_9dc_IESQMMUTEX_0_331"\n "IsoScope_9dc_IE_EarlyTabStart_0xa98_Mutex"\n "IsoScope_9dc_ConnHashTable<2524>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2524"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "34.90.63.227:443"\n "54.177.195.4:443"\n "35.190.72.161:443"\n "104.18.156.225:443"\n "35.190.36.172:443"\n "35.190.13.203:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2A22.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aux.fqtag.com"\n "cdn.fqtag.com"\n "easy.find-your-partner.club"\n "flx808.lporirxe.com"\n "fqtag.com"\n "www.meetukrainianwomen.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "WT0NBVZJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WT0NBVZJ.txt]- [targetUID: 00000000-00003572]\n Dropped file: "ESIOX51V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ESIOX51V.txt]- [targetUID: 00000000-00002524]\n Dropped file: "06P9WVSV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\06P9WVSV.txt]- [targetUID: 00000000-00003572]\n Dropped file: "TW7Y30DW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TW7Y30DW.txt]- [targetUID: 00000000-00003572]\n Dropped file: "OOCMX2SA.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOCMX2SA.txt]- [targetUID: 00000000-00003572]\n Dropped file: "XW6TPSB5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XW6TPSB5.txt]- [targetUID: 00000000-00003572]\n Dropped file: "RV2OG8JU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RV2OG8JU.txt]- [targetUID: 00000000-00002524]\n Dropped file: "DFCSLJSN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DFCSLJSN.txt]- [targetUID: 00000000-00003572]\n Dropped file: "8QJH7RWY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8QJH7RWY.txt]- [targetUID: 00000000-00003572]\n Dropped file: "73YHWE7Q.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\73YHWE7Q.txt]- [targetUID: 00000000-00003572]\n Dropped file: "QT4XHCLB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QT4XHCLB.txt]- [targetUID: 00000000-00003572]\n Dropped file: "3EMEL256.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3EMEL256.txt]- [targetUID: 00000000-00002524]\n Dropped file: "U7KDM2QP.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U7KDM2QP.txt]- [targetUID: 00000000-00003572]\n Dropped file: "5TF9TLHL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5TF9TLHL.txt]- [targetUID: 00000000-00003572]\n Dropped file: "IQ7XDVLA.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQ7XDVLA.txt]- [targetUID: 00000000-00003572]\n Dropped file: "S85IMHP1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S85IMHP1.txt]- [targetUID: 00000000-00003572]\n Dropped file: "5TL5FP3H.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5TL5FP3H.txt]- [targetUID: 00000000-00003572]\n Dropped file: "2J5IT986.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2J5IT986.txt]- [targetUID: 00000000-00003572]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2A21.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab28E6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "WT0NBVZJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WT0NBVZJ.txt]- [targetUID: 00000000-00003572]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003572]\n "jquery.autoComplete_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "logo_3_.png" has type "PNG image data 862 x 94 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "animate_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "ESIOX51V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ESIOX51V.txt]- [targetUID: 00000000-00002524]\n "06P9WVSV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\06P9WVSV.txt]- [targetUID: 00000000-00003572]\n "LibreBaskervilleBold_1_.eot" has type "Embedded OpenType (EOT) LibreBaskervilleBold family"- [targetUID: N/A]\n "bgpure_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 1920x962 components 3"- [targetUID: N/A]\n "Cab2A21.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2A21.tmp]- [targetUID: 00000000-00003572]\n "my_validate_index2_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "TW7Y30DW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TW7Y30DW.txt]- [targetUID: 00000000-00003572]\n "OOCMX2SA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOCMX2SA.txt]- [targetUID: 00000000-00003572]\n "XW6TPSB5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XW6TPSB5.txt]- [targetUID: 00000000-00003572]\n "Tar2A22.tmp" has type "data"- Location: [%TEMP%\\Tar2A22.tmp]- [targetUID: 00000000-00003572]\n "LibreBaskervilleBold_1_.woff" has type "Web Open Font Format TrueType length 33572 version 1.0"- [targetUID: N/A]\n "~DFE2927C1515C3768D.TMP" has type "data"- Location: [%TEMP%\\~DFE2927C1515C3768D.TMP]- [targetUID: 00000000-00002524]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://startling-sfogliatella-ade5c2.netlify.app/"\n Pattern match: "https://startling-sfogliatella-ade5c2.netlify.app"\n Heuristic match: "aux.fqtag.com"\n Heuristic match: "cdn.fqtag.com"\n Heuristic match: "flx808.lporirxe.com"\n Heuristic match: "fqtag.com"\n Pattern match: "www.meetukrainianwomen.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u're104.196.30.220
2023-05-12 02:53:20SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:52:05 2023 GMT Not After : Jun 11 12:52:04 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28: 87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68: c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0: d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d: 57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc: c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42: 4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af: b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24: 39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d: be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93: a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b: ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50: 55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16: 09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d: d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71: 65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67: 46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af: 98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42: ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3: f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e: 45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05: 52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12: 73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63: ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc: 21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d: 64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14: be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c: e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd: 2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1: da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2: 87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39: e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae: 96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b: 5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35: 1b:42:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 13 13:52:05.336 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:57:F9:C2:75:97:36:8B:12:D4:C1:E7:CA: 50:E7:70:49:3E:19:7B:CF:6E:2E:B2:32:0A:7B:AB:5D: 31:9F:A6:29:02:21:00:A5:FD:E1:03:A8:C4:49:20:AF: 46:1D:1E:50:E3:8E:07:43:7A:DC:16:22:84:DD:F5:8B: 28:06:E9:91:CB:AE:41 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 13 13:52:05.327 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:EA:4C:FF:35:E1:97:F0:36:1E:40:22: 0D:44:8D:BA:C6:F1:8F:73:35:1F:B7:67:97:EA:2B:1B: FC:27:7F:33:02:21:00:81:59:F8:29:60:75:D8:8F:00: 60:06:8E:9A:65:C6:5E:93:57:7E:5C:BF:B5:78:29:4F: 6F:C1:3B:97:29:1D:C7 Signature Algorithm: sha256WithRSAEncryption 24:d6:1b:d8:e4:8b:66:d1:df:e9:e2:97:93:78:a9:26:b8:6c: f8:3c:98:90:50:e1:55:d7:91:ae:77:21:2c:40:df:85:16:56: 67:98:1c:b9:14:ca:43:24:bf:39:32:06:c7:fe:42:03:fa:45: 3b:3f:39:c5:26:88:13:e9:3d:1d:bc:bd:a1:0a:08:74:1a:3b: e6:07:80:5b:f5:9a:21:ed:4a:45:40:ac:8a:6d:c1:de:40:12: 47:d5:33:88:6e:06:c5:32:a1:76:01:b1:50:fb:53:29:92:fa: e1:03:af:88:12:00:9a:38:a5:9d:32:3e:46:8b:7c:f6:27:29: ec:fa:85:68:fa:91:a6:95:c5:d7:a0:da:33:eb:03:cf:9c:a6: c0:5c:0d:e8:d8:f8:03:5d:fb:9f:61:df:e1:a0:63:74:01:18: 4c:0d:17:f3:db:74:32:3c:fc:3b:44:24:e7:10:2b:f7:69:d2: 89:35:6f:e7:d7:11:5a:13:0a:a9:83:9e:0f:c2:f2:ea:d8:50: 30:65:9c:16:49:f6:30:d8:a2:e3:83:ff:5d:ff:00:a2:ff:57: de:68:f4:70:90:a3:db:c8:9c:55:ce:ea:f6:4c:08:6a:01:70: 91:f9:f8:91:9d:f2:99:1f:be:06:10:87:53:07:83:04:df:62: 62:3f:1f:52 battleb0t.xyz
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"}
2023-05-12 03:09:58Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.111
2023-05-12 02:46:38BGP AS MembershipNoRIPE0030None13335104.21.0.0/20
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Noneheberlein (Net ID: 00:02:2D:30:2C:33)37.7642, -122.3993
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget2020None00.github.io185.199.111.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:54:10:ED)33.617190550339146,-111.90827887019054
2023-05-12 03:16:26Physical LocationNoipapi.co1020NoneBursa, Bursa, 16, Turkey, TR87.248.157.102
2023-05-12 02:44:14Domain NameNoDNS Resolver0010Nonebattleb0t.xyzbattleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NonePET KLINIK (Net ID: 00:12:BF:30:95:FA)40.2024, 29.0398
2023-05-12 03:18:06URL (Purely Static)NoPage Information0030Nonehttp://kekw.battleb0t.xyz/jar<!DOCTYPE html> <html> <iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> </html>
2023-05-12 03:18:06URL (Form)NoPage Information0060Nonehttps://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '64193', cRay: '7c5f60726fad1912', cHash: '710742417ab72e7', cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE', t: 'MTY4Mzg2MDA2My4xMDMwMDA=', m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=', i1: 'WdeoMAtxqx1knlB7AiLouA==', i2: 'PLvf+P/FOv6sb4wuUck9Eg==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:B1:75:22)39.0469, -77.4903
2023-05-12 02:45:26Raw Data from RIRsNoipapi.co0030None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'104.21.71.14', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'104.21.0.0/17', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}104.21.71.14
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonevsco (Category: social) https://vsco.co/login/gallerylogin
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneBrandis Wifi 5GHz (Net ID: 00:01:9F:20:CA:54)34.0544, -118.244
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATTFhSfWa2 (Net ID: B0:DA:F9:7C:BB:40)37.751, -97.822
2023-05-12 03:24:50CountryNoCountry Name Extractor0050NoneUnited States Domain Name: 001VIET.COM Registry Domain ID: 2685910837_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-10-01T07:27:47Z Creation Date: 2022-03-31T20:18:54Z Registry Expiry Date: 2024-03-31T20:18:54Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:05Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: 001viet.com Registry Domain ID: 2685910837_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-03-31T15:18:54Z Creation Date: 2022-03-31T15:18:54Z Registrar Registration Expiration Date: 2024-03-31T15:18:54Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:44:15SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1185.199.111.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None1620 Guest (Net ID: 00:01:21:30:37:7F)52.3759, 4.8975
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneLifestyle (Net ID: 00:06:25:61:2F:2E)33.336199,-111.89446440830702
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-cache-status: DYNAMIC{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"}
2023-05-12 02:53:35Netblock MembershipNoCensys0020None185.199.110.0/24185.199.110.153
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:04:05)50.8897, 6.0563
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneMGOKCEN (Net ID: 00:14:C1:20:BB:F4)40.2024, 29.0398
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneKircal3 (Net ID: 00:14:C1:15:7B:C1)40.2024, 29.0398
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneDATAVO (Net ID: 00:02:61:19:70:44)34.0544, -118.244
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonemeet me (Category: dating) https://www.meetme.com/loginlogin
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0030Nonehttps://pics.battleb0t.xyz/images/kappi_2.pnghttps://pics.battleb0t.xyz/
2023-05-12 03:31:23Malicious IP on Same SubnetYesblocklist.de0040Noneblocklist.de List [165.232.112.0/20] http://lists.blocklist.de/lists/all.txt165.232.112.0/20
2023-05-12 02:56:57Internet NameNoDNS Resolver0020Nonevscode.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96: 1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75: 40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9: 3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08: 7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1: 5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a: f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29: e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c: 63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5: 7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4: dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63: 1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec: a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2: cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50: 67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41: 68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e: 5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d: f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66: 06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e: 93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9: 3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55: 62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89: c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22: 42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12: 36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90: 99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc: 15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47: b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10: f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40: 29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90: ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4: 1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f: 0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87: 64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e: e2:87:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 6e:81:de:04:94:c9:6d:bc:7e:82:9c:b7:57:2a:31:2b:2a:15: 1b:26:9d:e8:63:d8:bc:24:a9:a0:1e:f4:2d:8e:8b:77:72:e2: 45:09:7d:c4:f4:a1:67:74:5f:b1:6e:e3:d5:7b:46:58:74:af: 3c:f4:7f:f1:57:ba:e5:f5:ca:37:d7:63:02:f4:2b:f0:58:52: 65:e6:f9:34:c3:b2:87:a8:5a:9e:4d:cc:ad:de:a2:88:9a:d9: fb:01:e4:7d:b5:a9:46:4f:bf:42:f8:a7:e0:7c:4b:26:0d:e1: 03:f1:4d:5f:48:bd:93:91:fe:01:c1:d3:33:76:7b:4d:7a:50: 63:0e:b1:b7:18:cd:30:ef:c6:05:90:d5:58:43:01:34:1c:aa: ff:ac:8a:6d:d3:fb:4a:05:f7:40:bc:ca:04:f0:3d:5a:22:8b: 64:c2:7e:01:3e:5c:75:9a:28:80:e0:18:f5:4e:81:da:ad:98: 1b:02:b9:0a:2d:ec:15:e3:8e:9f:22:a4:7c:3a:69:7f:11:1b: f6:07:40:ec:11:96:35:36:ea:3a:5b:21:5e:98:6b:a7:33:3f: 71:d6:80:da:db:36:8a:58:96:45:25:cb:40:f8:9f:e6:4f:1b: 19:eb:29:e3:55:cb:ac:82:21:95:75:58:e6:53:4c:36:8c:6c: 15:08:cf:81
2023-05-12 03:01:03Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.109): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:12:58Malicious Co-Hosted SiteYesOpenPhish0130NoneOpenPhish [netlify.app] https://www.openphish.com/feed.txtnetlify.app
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonekik (Category: social) https://ws2.kik.com/user/ayhuayhu
2023-05-12 02:59:52Affiliate - Email AddressNoE-Mail Address Extractor0030Nonel@allledglobal.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-797251.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "13.227.74.44:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5004:304:WilStaging_02"\n "Local\\SM0:5004:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3416:304:WilStaging_02"\n "Local\\SM0:3416:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "product_page.js" - Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_tracking_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\8096_1032656472\\auto_open_controller.js]- [targetUID: 00000000-00008096]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\8096_1032656472\\shopping_iframe_driver.js]- [targetUID: 00000000-00008096]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\8096_1032656472\\shoppingfre.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\8096_1534272233\\adblock_snippet.js]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00008096]\n "a369bab2-3926-4626-a576-669ff0c25556.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a369bab2-3926-4626-a576-669ff0c25556.tmp]- [targetUID: 00000000-00008096]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00008096]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008096]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n "eaa46630-4898-435c-8b79-12a101475848.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\eaa46630-4898-435c-8b79-12a101475848.tmp]- [targetUID: 00000000-00008096]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\8096_313714830\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00008096]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00008096]\n "cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp]- [targetUID: 00000000-00003416]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00008096]\n "7de6d455-5aa2-4101-812b-70e599317de8.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7de6d455-5aa2-4101-812b-70e599317de8.tmp]- [targetUID: 00000000-00003416]\n "4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp]- [targetUID: 00000000-00008096]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008096]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00008096]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00008096]\n "1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp]- [targetUID: 00000000-00008096]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00008096]\n "6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "jLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'s"\n Heuristic match: "api.telegram.org"\n Heuristic match: "l@allledglobal.com"\n Heuristic match: "german.l@alliedglobal.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description':
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-256-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneConnectionPoint (Net ID: 00:01:E3:08:2F:54)50.1188, 8.6843
2023-05-12 03:32:11Open TCP PortNoPulsedive0030None188.114.97.6:80188.114.97.0/24
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.243): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMy Passport (2.4 GHz) - 084071 (Net ID: 00:00:C0:08:40:71)50.1188, 8.6843
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneChess.com (Category: gaming) https://www.chess.com/member/ayhuayhu
2023-05-12 03:12:41Vulnerability - CVE LowYesTool - testssl.sh0220NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.188.114.97.1
2023-05-12 03:00:48Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.64): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:04CountryNoCountry Name Extractor0020NoneUnited Statesgithubusercontent.com
2023-05-12 03:28:39Open TCP PortNoPulsedive0030None188.114.96.160:80188.114.96.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonex-fastly-request-id: 47e9025f17d9e6e936d804b3c00d7989ec4a827a{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 02:59:57Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemery.robinson@ftb.ca.gov[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://click9.bigmarker.com/links/BY79pHvYX2Z/QPJiO7I68/tMwYeVPDKIXG/IN5CQt3PP-?bu=7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff5125d2b050eecdfd56122f5766da81f9380883c6330281152549d890a090250ca7457e3d6af512de37a44ef72cc832a7cff15e41cb02af8a17863d1d3fd8b23804d4f2277ba16828665e73cb7759a78343309ede93ee8fcceaf565cf60789ea78d923ffa76fe3d', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:2872:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:2872:120:WilError_01"\n "SM0:2872:120:WilError_01"\n "SM0:2872:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.231.70.218:443"\n "138.91.254.96:443"\n "3.235.65.215:443"\n "13.227.21.122:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "151.101.0.176:443"\n "142.251.2.156:443"\n "151.101.2.137:443"\n "162.247.241.14:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "click9.bigmarker.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\favicons"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\636_742791881\\shopping.js]- [targetUID: 00000000-00000636]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000636]\n "Ruleset Data" has type "da
2023-05-12 02:46:49Open TCP PortNoSSL Certificate Analyzer0030None35.229.48.116:44335.229.48.116
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080Noneslideshare (Category: social) https://www.slideshare.net/baptistevautheybaptistevauthey
2023-05-12 03:18:06Externally Hosted JavascriptNoPage Information0030Nonehttp://code.jquery.com/jquery-3.2.1.js<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:23:11Open TCP PortNoPulsedive0030None188.114.96.1:80188.114.96.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-cache: MISS{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0000rgb124.github.io] https://www.openphish.com/feed.txt0000rgb124.github.io
2023-05-12 03:09:41Affiliate - Internet NameNoDNS Resolver0040None125.48.229.35.bc.googleusercontent.com35.229.48.125
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom6FE774 (Net ID: 00:0C:F6:6F:E7:74)50.8897, 6.0563
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider2030Nonehttps://funny.battleb0t.xyz/images/random_3.jpghttps://funny.battleb0t.xyz/
2023-05-12 02:54:23HTTP HeadersNoWeb Spider10050None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0120NoneGitHub.com{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:18:45Raw File Meta DataNoFile Metadata Extractor0040None{'Image ExifOffset': (0x8769) Long=134 @ 90, 'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 78, 'Image XResolution': (0x011A) Ratio=72 @ 98, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 168, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 216, 'Image DateTime': (0x0132) ASCII=2023:01:11 18:24:47 @ 114, 'Image YResolution': (0x011B) Ratio=72 @ 106, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 180, 'EXIF ExifImageLength': (0xA003) Long=2316 @ 204, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 144, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 54, 'EXIF ExifImageWidth': (0xA002) Long=3088 @ 192, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 156}https://pics.battleb0t.xyz/images/carti_1.jpg
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:3C:1A:6D)33.617190550339146,-111.90827887019054
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneLCPS-A (Net ID: 00:0C:E6:02:7D:6E)39.0469, -77.4903
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMastodon-mastodon (Category: social) https://mastodon.social/@loginlogin
2023-05-12 02:55:28Raw Data from RIRsNoURLScan.io0020None[{u'sort': [1679937961810, u'be713cda-cf3f-49bd-91b6-e8517dc017bf'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'tags': [u'falconsandbox'], u'url': u'http://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-27T17:26:01.810Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 0, u'encodedDataLength': 0, u'requests': 1, u'dataLength': 0}, u'screenshot': u'https://urlscan.io/screenshots/be713cda-cf3f-49bd-91b6-e8517dc017bf.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/be713cda-cf3f-49bd-91b6-e8517dc017bf/', u'_id': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'page': {u'url': u'http://kekw.battleb0t.xyz/jar', u'domain': u'kekw.battleb0t.xyz', u'apexDomain': u'battleb0t.xyz'}}, {u'sort': [1679768811151, u'4b027c18-4e16-4bfc-8793-6295946cceb7'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'https://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-25T18:26:51.151Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 84, u'requests': 1, u'dataLength': 11}, u'screenshot': u'https://urlscan.io/screenshots/4b027c18-4e16-4bfc-8793-6295946cceb7.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/4b027c18-4e16-4bfc-8793-6295946cceb7/', u'_id': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'page': {u'mimeType': u'text/plain', u'status': u'502', u'domain': u'kekw.battleb0t.xyz', u'url': u'https://kekw.battleb0t.xyz/jar', u'country': u'DE', u'tlsValidFrom': u'2023-03-23T21:24:09.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'tlsIssuer': u'Easypanel', u'tlsValidDays': 3650, u'ip': u'64.226.81.43', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 1, u'asn': u'AS14061'}}, {u'sort': [1678573216685, u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:20:16.685Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea/', u'_id': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}, {u'sort': [1678573191537, u'd8289b22-dbac-48d2-856a-e99fe632406b'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:19:51.537Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/d8289b22-dbac-48d2-856a-e99fe632406b.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/d8289b22-dbac-48d2-856a-e99fe632406b/', u'_id': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}]kekw.battleb0t.xyz
2023-05-12 03:32:04Open TCP PortNoPulsedive0030None188.114.97.3:443188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Noneeduwifi (Net ID: 00:02:2D:2B:E9:C1)37.7642, -122.3993
2023-05-12 03:22:54Open TCP PortNoPulsedive0020None188.114.97.1:80188.114.97.1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMotokiller (Category: images) https://mklr.pl/user/loginlogin
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:208687.248.157.102
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2096188.114.96.1
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited States+14805058800
2023-05-12 03:21:07Malicious IP on Same SubnetYesEmerging Threats0040Noneemergingthreats.net [165.232.112.0/20] https://rules.emergingthreats.net/blockrules/compromised-ips.txt165.232.112.0/20
2023-05-12 03:23:33Open TCP PortNoPulsedive0030None188.114.96.12:8443188.114.96.0/24
2023-05-12 02:53:00Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://oldfluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://oldfluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]oldfluid.battleb0t.xyz
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c546dd3883829f4-ORD 188.114.97.1
2023-05-12 03:09:47Affiliate - Internet NameNoDNS Resolver0040None70.170.74.34.bc.googleusercontent.com34.74.170.70
2023-05-12 03:00:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.33): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None006f10 (Net ID: 00:02:2D:00:6F:10)37.7642, -122.3993
2023-05-12 02:44:12SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 Validity Not Before: Feb 21 00:00:00 2023 GMT Not After : Mar 20 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f: a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af: ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24: 29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09: 23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a: 5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed: f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99: 4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77: c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2: 38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3: f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57: 77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee: 3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76: b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1: 95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f: 43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97: 2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07: 24:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4 X509v3 Subject Key Identifier: 8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Feb 21 15:03:41.179 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD: F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24: D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25: A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53: A4:D8:EF:86:C7:5C:70:1A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6: 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5 Timestamp : Feb 21 15:03:41.162 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7: 09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3: 74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A: 04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37: AB:35:8B:24:23:B9:2B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Feb 21 15:03:41.130 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09: BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45: 49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98: 13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E: 4F:4E:1C:82:A5:B3 Signature Algorithm: sha256WithRSAEncryption 37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08: 1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79: 13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22: 8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37: 4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0: 4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43: 64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef: 4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c: f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a: fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da: 33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08: e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8: 28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96: d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75: 27:d0:e3:df www.battleb0t.xyz
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007joshie.github.io185.199.111.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneokidoki (Category: misc) https://m.okidoki.ee/ru/users/login/login
2023-05-12 02:49:40Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://swapnildhar.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_be4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_be4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_be4_IESQMMUTEX_0_303"\n "IsoScope_be4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_be4_ConnHashTable<3044>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3044"\n "IsoScope_be4_IE_EarlyTabStart_0xf04_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3044"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"swapnildhar.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"swapnildhar.github.io"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RecoveryStore._56541BDB-B524-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "KDVBE78T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KDVBE78T.txt]- [targetUID: 00000000-00003044]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF2902082A70CBB468.TMP" has type "data"- Location: [%TEMP%\\~DF2902082A70CBB468.TMP]- [targetUID: 00000000-00003044]\n "~DF660FBB2F5FAF54EA.TMP" has type "data"- Location: [%TEMP%\\~DF660FBB2F5FAF54EA.TMP]- [targetUID: 00000000-00003044]\n "SG4BKA73.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SG4BKA73.txt]- [targetUID: 00000000-00002448]\n "51F6C1W2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\51F6C1W2.txt]- [targetUID: 00000000-00003044]\n "_03447F9C-B539-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF608291201A71A7C4.TMP" has type "data"- Location: [%TEMP%\\~DF608291201A71A7C4.TMP]- [targetUID: 00000000-00003044]\n "~DF4685BFF93C1B0012.TMP" has type "data"- Location: [%TEMP%\\~DF4685BFF93C1B0012.TMP]- [targetUID: 00000000-00003044]\n "_4B95C1A6-B526-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003044]\n "GLYP65QM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GLYP65QM.txt]- [targetUID: 00000000-00002448]\n "NQMTP33S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NQMTP33S.txt]- [targetUID: 00000000-00003044]\n "90EJD0O1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90EJD0O1.txt]- [targetUID: 00000000-00003044]\n "_56541BDD-B524-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://swapnildhar.github.io/"\n Pattern match: "http://swapnildhar.github.io"\n Heuristic match: "swapnildhar.github.io"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'13/88 reputation engines marked "http://swapnildhar.github.io/" as malicious (14% detection rate)\n 13/88 reputation engines marked "http://swapnildhar.github.io" as malicious (14% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'13/88 Antivirus vendors marked sample as malicious (14% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-3', u'name': u'Sample was identified as malicious by a large number of Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'13/88 Antivirus vendors marked sample as malicious (14% detection rate)'}], u'threat_level': 2, u'size': None, u'job_id': u'63fa39e4a1c3c405a6029125', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.110.153'], u'sha256': u'4aa7f4ef0c9ad572a6cacbe871a16a638546dd3e9c3b4c52b76bfec2d3daa98b', u'sha512': u'c44b86d89e49a31574adbd55fe572e244529dda3f0d8b76c772412b507662cd526dd777b4a4af97c706ce05cf3ef40ab96d410c86750eaa8374e7baa003a23b9', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://swapnildhar.github.io/', u'submission_id': u'63fa39e4a1c3c405a6029126', u'created_at': u'2023-02-25T16:40:04+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-25T16:40:04+00:00', u'tags': [u'phishing'], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 7, u'machine_learning_models': [], u't185.199.110.153
2023-05-12 02:56:18Netblock MembershipNoRIPE0020None188.114.96.0/24188.114.96.1
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonekrommewaal (Net ID: 00:01:71:0A:07:2B)52.3759, 4.8975
2023-05-12 03:01:16Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.140): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:39Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01.github.io
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.187): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:12:41Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.188.114.97.1
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCMMC (Net ID: 00:02:6F:DF:89:25)32.8608, -79.9746
2023-05-12 02:44:49Company NameNoCompany Name Extractor0020NoneGitHub\, Inc.C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007jedgar.github.io185.199.111.153
2023-05-12 02:58:27Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.dropbox.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /zippy-tapioca-dce411.netlify.app/index.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/index.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/logo.html HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/logo.html HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/att.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/att.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /boards.cdn.greenhouse.io/assets/application-556da0335bb572236cd3aea6c3eeaaae6cf540bff95fe197ff25ae9af312a481.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /boards.cdn.greenhouse.io/assets/application-556da0335bb572236cd3aea6c3eeaaae6cf540bff95fe197ff25ae9af312a481.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /boards.cdn.greenhouse.io/assets/show_init-a1597e28bd287ce9ccfa9f99f287f0c27a5a277e5cb23115af8880da506e57ee.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /boards.cdn.greenhouse.io/assets/show_init-a1597e28bd287ce9ccfa9f99f287f0c27a5a277e5cb23115af8880da506e57ee.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/responsive.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/responsive.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /www.google.com/recaptcha/api.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /www.google.com/recaptcha/api.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /www.dropbox.com/static/api/2/dropins.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /www.dropbox.com/static/api/2/dropins.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/verizon.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nH34.74.170.74
2023-05-12 03:23:21Open TCP PortNoPulsedive0030None188.114.96.6:8443188.114.96.0/24
2023-05-12 03:09:58Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.112
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonetoyhou.se (Category: hobby) https://toyhou.se/loginlogin
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-14n.github.io185.199.111.153
2023-05-12 02:54:18Web ContentNoWeb Spider7020None<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html> pics.battleb0t.xyz
2023-05-12 02:49:31SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:22 2022 GMT Not After : Feb 15 17:26:21 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a: f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8: c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b: dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6: 12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19: e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4: d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49: 42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48: 5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51: 8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60: e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8: ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a: 91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8: c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9: 81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f: e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2: 8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d: 0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7: 36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8: 19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3: 12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a: ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f: 97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f: dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1: 9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd: f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88: be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36: 8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad: df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80: 9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf: c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2: 59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0: 88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc: d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0: b4:f9:c1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 18:26:23.061 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:9F:03:F2:57:29:1C:6C:CA:C4:B6:84: A2:CF:DC:58:71:8F:BE:81:45:60:1F:FF:93:71:3F:A9: CA:BA:3A:50:C4:02:21:00:90:64:F6:9F:F7:D4:4C:D2: FE:1C:A7:11:20:05:5D:56:39:91:0A:7B:4C:62:39:AA: 64:BD:6C:3C:C2:FD:A1:0A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 18:26:23.103 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:4F:62:25:1A:58:98:9D:A9:66:2A:8C:9C: A9:99:81:EC:02:DA:B6:46:5C:1C:8A:B1:7D:3E:50:EB: 79:AD:CA:D4:02:21:00:81:0A:60:C2:7A:18:38:E9:6B: 5A:5E:9B:C3:73:2D:B9:E6:6F:7E:07:33:77:3C:F6:0E: B6:F2:86:95:8C:EA:B2 Signature Algorithm: sha256WithRSAEncryption 0b:32:93:ac:90:bf:47:b0:c4:55:e2:5d:67:21:f0:7b:a7:a4: cd:66:48:4d:2c:f0:72:c8:d2:e0:06:52:3d:5f:5e:f3:6d:c2: a4:d3:6b:9f:de:a7:3e:43:94:31:d9:2a:70:b4:d8:61:f6:f9: 5c:2f:4e:93:c9:e9:4f:53:93:2f:86:7b:1f:c9:8a:15:03:28: 96:52:6d:95:ef:a6:c5:d3:5e:db:a3:1b:da:98:f0:b3:d4:33: b3:0c:25:74:63:ab:88:aa:ca:72:4f:f1:60:47:12:0c:e7:e7: d2:30:3a:7a:16:b2:67:3a:08:9a:8f:2c:01:80:2f:d2:f1:29: 79:da:43:5d:f1:6e:ce:77:99:33:0f:bd:15:e0:aa:92:a8:51: 21:1e:1f:fc:62:be:58:aa:ad:ce:bf:14:e5:e6:0f:6c:ea:61: 2e:ce:4c:21:48:67:57:3a:f8:75:60:b1:d3:01:c6:eb:1e:96: 48:d4:7d:65:31:de:70:bc:f7:3f:bd:89:d2:15:4c:60:09:1a: af:c6:86:cb:88:cd:d5:a5:55:42:cd:bd:22:96:61:43:7d:a3: c6:84:39:52:19:c9:4c:63:fc:ed:7f:7b:3f:3c:68:62:f5:7a: 29:d5:7a:58:55:09:bd:cb:a0:f7:ad:61:48:d5:d6:97:fb:49: c3:ed:97:11 battleb0t.xyz
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0101dd.github.io] https://www.openphish.com/feed.txt0101dd.github.io
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.252): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:17IPv6 AddressNoDNS Resolver0030None2606:50c0:8001::153www.battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneP A L M N E T (Net ID: 00:01:71:0A:04:85)52.3759, 4.8975
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2087188.114.96.1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneWireclub (Category: social) https://www.wireclub.com/users/loginlogin
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES (Net ID: 00:12:BF:4D:A9:54)40.2024, 29.0398
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneIcelandDomain Name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com Updated Date: 2022-10-23T13:11:02.954Z Creation Date: 2022-09-09T13:47:20.593Z Registry Expiry Date: 2023-09-09T13:47:20.593Z Registrar: NAMECHEAP Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Fax: REDACTED FOR PRIVACY Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: wesley.ns.cloudflare.com Name Server: rachel.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<< For more information on domain status codes, please visit https://icann.org/epp The WHOIS information provided in this page has been redacted in compliance with ICANN's Temporary Specification for gTLD Registration Data. The data in this record is provided by Uniregistry for informational purposes only, and it does not guarantee its accuracy. Uniregistry is authoritative for whois information in top-level domains it operates under contract with the Internet Corporation for Assigned Names and Numbers. Whois information from other top-level domains is provided by a third-party under license to Uniregistry. This service is intended only for query-based access. By using this service, you agree that you will use any data presented only for lawful purposes and that, under no circumstances will you use (a) data acquired for the purpose of allowing, enabling, or otherwise supporting the transmission by e-mail, telephone, facsimile or other communications mechanism of mass unsolicited, commercial advertising or solicitations to entities other than your existing customers; or (b) this service to enable high volume, automated, electronic processes that send queries or data to the systems of any Registrar or any Registry except as reasonably necessary to register domain names or modify existing domain name registrations. Uniregistry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. All rights reserved. Domain name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-09T13:47:20.59Z Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Name Server: rachel.ns.cloudflare.com Name Server: wesley.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneCLFPrivate (Net ID: 00:02:6F:B9:C7:0C)33.6170672,-111.90564645297056
2023-05-12 02:54:15Linked URL - InternalNoWeb Spider0020Nonehttps://battleb0t.xyz/www.battleb0t.xyz
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.8334.74.170.74
2023-05-12 02:45:40Raw Data from RIRsNoAbstractAPI0020None{u'city': u'San Francisco (South Beach)', u'security': {u'is_vpn': False}, u'city_geoname_id': 5326621, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -118.244, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:39'}, u'latitude': 34.0544, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.111.153', u'continent': u'North America', u'region_iso_code': u'CA'}185.199.111.153
2023-05-12 02:57:47Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://optus-equifax.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5488:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5488:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7156:120:WilError_01"\n "Local\\SM0:7156:304:WilStaging_02"\n "Local\\SM0:5488:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5488:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5772:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\5488_430541408\\Part-RU]- [targetUID: 00000000-00005488]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00005488]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00005488]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5488_1156268761\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005488]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\5488_430541408\\Part-RU]- [targetUID: 00000000-00005488]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005488]\n "4f160014-68b9-44d4-b7a6-3f79110de750.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4f160014-68b9-44d4-b7a6-3f79110de750.tmp]- [targetUID: 00000000-00005488]\n "8ceb1266-4885-4645-b411-7bc7dd0de9c7.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8ceb1266-4885-4645-b411-7bc7dd0de9c7.tmp]- [targetUID: 00000000-00005488]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00005488]\n "628fc9da-b324-41b9-81c8-5c3463af84f8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\628fc9da-b324-41b9-81c8-5c3463af84f8.tmp]- [targetUID: 00000000-00005488]\n "Part-ZH" has type "data"- Location: [%TEMP%\\5488_430541408\\Part-ZH]- [targetUID: 00000000-00005488]\n "a8e1fd7d-aa4e-4722-b19c-f21bb7f821ad.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a8e1fd7d-aa4e-4722-b19c-f21bb7f821ad.tmp]- [targetUID: 00000000-00005488]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005488]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00005488]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00005488]\n "4a885ded-eb9a-4f27-8dc1-8665d4f15f6c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4a885ded-eb9a-4f27-8dc1-8665d4f15f6c.tmp]- [targetUID: 00000000-00005488]\n "0179aead-0dda-4e52-8e23-8fe040344942.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\0179aead-0dda-4e52-8e23-8fe040344942.tmp]- [targetUID: 00000000-00005016]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.fingerprint]- [targetUID: 00000000-00005488]\n "1355abef-4c0f-45ce-aac0-8be051cd890d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\1355abef-4c0f-45ce-aac0-8be051cd890d.tmp]- [targetUID: 00000000-00005488]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5488_1156268761\\shoppingfre.js]- [targetUID: 00000000-00005488]\n "shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.html]- [targetUID: 00000000-00005488]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://optus-equifax.netlify.app/"\n Pattern match: "https://optus-equifax.netlify.app"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\5488_1156268761\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005488]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\5488_1156268761\\shoppingfre.js]- [targetUID: 00000000-00005488]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\5488_430541408\\adblock_snippet.js]- [targetUID: 00000000-00005488]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\5488_1156268761\\edge_checkout_page_validator.js]- [targetUID: 00000000-00005488]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\5488_1156268761\\shopping_iframe_driver.js]- [targetUID: 00000000-00005488]\n Dropped file: "product_page.js" - Location: [%TEMP%\\5488_1156268761\\product_page.js]- [targetUID: 00000000-00005488]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\5488_1156268761\\auto_open_controller.js]- [targetUID: 00000000-00005488]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\5488_1156268761\\edge_tracking_page_validator.js]- [targetUID: 00000000-00005488]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\5488_430541408\\Part-RU]- [targetUID: 00000000-00005488]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005488-00000BE4-175787744\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\reports" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005488-00000BE4-178660786\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\attachments" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005488-00000BE4-182258197\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data" (Indica34.148.97.127
2023-05-12 02:47:15Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-890240065.html', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\IMM32.DLL" at base 1c030000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 1a0f0000\n "msedge.exe" loaded module "KERNEL32" at base 1c130000\n "msedge.exe" loaded module "C:\\WINDOWS\\TEMP\\VXOLE64.DLL" at base 130d0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 1c130000\n "msedge.exe" loaded module "COMBASE.DLL" at base cc30000\n "msedge.exe" loaded module "OLE32.DLL" at base 1b8a0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base 183e0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base c60000\n "msedge.exe" loaded module "NTDLL.DLL" at base 1da50000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base 1afc0000\n "msedge.exe" loaded module "SHELL32.DLL" at base 1c3e0000\n "msedge.exe" loaded module "USER32.DLL" at base 1b070000'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3108:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:3108:304:WilStaging_02"\n "Local\\SM0:3108:120:WilError_01"\n "SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3108:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.22.58.100:443"\n "65.8.158.45:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Local Storage\\leveldb\\000003.log]- [targetUID: 00000000-00003108]\n "dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp]- [targetUID: 00000000-00003108]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003108]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003108]\n "recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\\3108_988682905\\recovery-component-inner.crx]- [targetUID: 00000000-00003108]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\3108_1946692508\\_metadata\\verified_contents.json]- [targetUID: 00000000-00003108]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42\\Ruleset Data]- [targetUID: 00000000-00003108]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\3108_1946692508\\safety_tips.pb]- [targetUID: 00000000-00003108]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\3108_1321371211\\LICENSE]- [targetUID: 00000000-00003108]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00003108]\n "Tabs_13322050400392718" has type "data"- [targetUID: 00000000-00003108]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\3108_1321371211\\Filtering Rules-AA]- [targetUID: 00000000-00003108]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003108]\n "crl-set" has type "data"- Location: [%TEMP%\\3108_2078777495\\crl-set]- [targetUID: 00000000-00003108]\n "542bbdf5-e20d-490f-b532-dad17c51b430.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\542bbdf5-e20d-490f-b532-dad17c51b430.tmp]- [targetUID: 00000000-00003108]\n "edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp]- [targetUID: 00000000-00003108]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003108]\n "53d044ee-9693-456b-888f-a32a00e16b55.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\53d044ee-9693-456b-888f-a32a00e16b55.tmp]- [targetUID: 00000000-00003108]\n "79c56db7-bc22-4724-af43-440425afe543.tmp" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\79c56db7-bc22-4724-af43-440425afe543.tmp]- [targetUID: 00000000-00003108]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 185.199.111.153 on port 443"\n "HTTPS traffic to 104.22.58.100 on port 443"\n "HTTPS traffic to 65.8.158.45 on port 443"\n "HTTPS traffic to 149.154.167.220 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'HTwmL\',\'FMZIW\',\'YxdVX\',\'UUudk\',\'osUws\',\'\\x22\\x20alt\',\'Vk_o8\',\'bmlnN\',\'JcovJ\',\'MJRMC\',\'bnPFS\',\'t\\x20:\\x20\',\'ZiAVF\',\'gUJej\',\'ABXSa\',\'Count\',\'sendM\',\'UeqSP\',\'LYCIA\',\'ine_a\',\'cETfn\',\'\\x20View\',\'bMiuV\',\'bot59\',\'ZhDfd\',\'nGSWQ\',\'UZgVS\',\'yzTJX\',\'btzqT\',\'#Date\',"\n Heuristic match: "api.telegram.org"\n Heuristic match: "fondon@fondon.org"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Gener185.199.111.153
2023-05-12 02:54:23Physical LocationNoCensys0040NoneSeattle, Washington, 98108, United States, North America2600:1f18:2489:8201::c8
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000panther.github.io] https://www.openphish.com/feed.txt000panther.github.io
2023-05-12 02:49:46Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 30, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://www.executiveadvertising.com/customized-spot-pro-bluetooth-finder-and-key-chain-373749', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.executiveadvertising.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "www.executiveadvertising.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.70.96:80"\n "104.26.10.127:443"\n "104.17.24.14:443"\n "142.250.188.10:443"\n "142.250.189.163:443"\n "172.217.164.110:443"\n "104.16.88.20:443"\n "162.159.138.60:443"\n "185.199.110.153:443"\n "142.250.189.170:443"\n "142.250.189.232:443"\n "142.251.32.46:443"\n "142.250.189.194:443"\n "157.240.22.25:443"\n "172.67.31.34:443"\n "108.138.246.82:443"\n "142.251.2.154:443"\n "142.250.189.206:443"\n "3.5.130.105:443"\n "157.240.22.35:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2024:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:6540:120:WilError_01"\n "Local\\SM0:6540:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:2024:304:WilStaging_02"\n "Local\\SM0:2024:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2024:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3208:304:WilStaging_02"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00002024]\n "f_00024d" has type "gzip compressed data from Unix original size modulo 2^32 471850"- [targetUID: N/A]\n "f_000268" has type "PNG image data 429 x 217 8-bit gray+alpha non-interlaced"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00004876]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002024]\n "f_00023e" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 100" baseline precision 8 500x500 components 3"- [targetUID: N/A]\n "f_000288" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 135640"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000288]- [targetUID: 00000000-00004876]\n "9ac0e6829ca7a18f_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9ac0e6829ca7a18f_0]- [targetUID: 00000000-00002024]\n "f_000284" has type "gzip compressed data from Unix original size modulo 2^32 92360"- [targetUID: N/A]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00002024]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Travel\\1.0.0.2\\manifest.fingerprint]- [targetUID: 00000000-00002024]\n "Part-DE" has type "data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_270139010\\Part-DE]- [targetUID: 00000000-00002024]\n "f_000243" has type "PNG image data 186 x 307 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "25bad0fd-411d-4c1e-849e-122df527ffb6.tmp" has type "JSON data"- [targetUID: N/A]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\110.14679.14647.49\\shopping_iframe_driver.js]- [targetUID: 00000000-00002024]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 97168"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00004876]\n "README.md" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\json\\wallet\\README.md]- [targetUID: 00000000-00002024]\n "super_coupon.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\json\\wallet\\super_coupon.json]- [targetUID: 00000000-00002024]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\json\\i18n-hub\\fr-CA\\strings.json]- [targetUID: 00000000-00002024]\n "8805d9412d05b6b9_0" has type "data"- [targetUID: N/A]'}, {u'category': u'Anti-Detection/Stealthyness', u'origin': u'API Call', u'identifier': u'api-162', u'name': u'Rename files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" renamed original file"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics-spare.pma" to "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics\\BrowserMetrics-63F53077-7E8.pma"\n "msedge.exe" renamed original file"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension Scripts\\LOG" to "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension Scripts\\LOG.old"\n "msedge.exe" renamed original file"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics-spare.pma.tmp" to "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics-spare.pma"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.executiveadvertising.com/customized-spot-pro-bluetooth-finder-and-key-chain-373749"\n Pattern match: "http://www.executiveadvertising.com"\n Pattern match: "www.executiveadvertising.com"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "http5_/t_.__utiv_dve_sing.com/fiee_-_4-hour-N5h"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "110.0.0.0" found in string "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.50"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}], u'threat_level': 2, u'size': None, u'job_id': u'63f52f49a4f069c06e09dff9', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'suspicious_identifiers': [], u'attck_id': u'T1036', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ma185.199.110.153
2023-05-12 02:53:45HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["D718:0A5D:5B243B:873E4F:645D98BE"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100097-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683855551.810015,VS0,VE33"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["c4364b8ebfd36798d0a52940340cb79811a0b765"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}2606:50c0:8002::153
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.34): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:47:44Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://dockeer.space/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /css/e6fea20c42addb734e27fc610f911e9bbcdf079f/styles/dist/styles.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css/e6fea20c42addb734e27fc610f911e9bbcdf079f/styles/dist/styles.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /e278deffc2dc2e5c432309dc70e3af4ccc3c4a8a/dc9c6/font/fontello.eot HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /e278deffc2dc2e5c432309dc70e3af4ccc3c4a8a/dc9c6/font/fontello.eot HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /css?family=Oxygen|Roboto+Mono HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css?family=Oxygen|Roboto+Mono HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /buttons.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /buttons.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nIf-Modified-Since: Thu, 19 Jan 2023 07:14:03 GMT\nIf-None-Match: W/"63c8edbb-4e0b"\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nIf-Modified-Since: Thu, 19 Jan 2023 07:14:03 GMT\nIf-None-Match: W/"63c8edbb-4e0b"\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/lazysizes/5.2.0/lazysizes.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/lazysizes/5.2.0/lazysizes.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0g.woff HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0g.woff HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "mozilla/5.0 (")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "user-agent: ")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nOrigin: https://buttons.github.io\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "mozilla/5.0 (")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nOrigin: https://buttons.github.io\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"188.127.239.132:80"\n "18.155.204.113:443"\n "142.250.191.42:443"\n "185.199.111.153:443"\n "104.17.25.14:443"\n "142.251.46.163:443"\n "192.30.255.117:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dockeer.space"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "dockeer.space"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8a0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_8a0_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_8a0_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_8a0_IE_EarlyTabStart_0x7a4_Mutex"\185.199.111.153
2023-05-12 02:52:17Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 22, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://rtm516.github.io/ConvertJavaTextureToBedrock/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6464:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6464:304:WilStaging_02"\n "SM0:6464:120:WilError_01"\n "SM0:6464:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "138.91.254.96:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "rtm516.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""blingbykey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""boosted-luckey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bowlingmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""burgeonbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""busybeescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\shopping.js]- [targetUID: 00000000-00001500]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001500]\n "Ruleset Data" has type "data"- [targetUID: 00000000-00001500]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\1500_716964329\\edge_driver.js]- [targetUID: 00000000-00001500]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\edge_driver.js]- [targetUID: 00000000-00001500]\n "befed62da3532265_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\CacheStorage\\0f58391e52a89803d09945cd7804d55a50ce4089\\bd10416f-03b7-45e1-866b-dec341d9cdb3\\befed62da3532265_1]- [targetUID: 00000000-00001500]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\1500_547013199\\Filtering Rules]- [targetUID: 00000000-00001500]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00001500]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "befed62da3532265_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\CacheStorage\\0f58391e52a89803d09945cd7804d55a50ce4089\\bd10416f-03b7-45e1-866b-dec341d9cdb3\\befed62da3532265_0]- [targetUID: 00000000-00001500]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00001500]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\product_page.js]- [targetUID: 00000000-00001500]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\edge_checkout_page_validator.js]- [targetUID: 00000000-00001500]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\auto_open_controller.js]- [targetUID: 00000000-00001500]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00001500]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00001500]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\1500_716964329\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00001500]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00001500]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\1500_547013199\\Filtering Rules-AA]- [targetUID: 00000000-00001500]\n "load_statistics.db" has 185.199.108.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneXFINITY (Net ID: 00:0D:67:2F:5E:C5)39.0469, -77.4903
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonewebmail.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1
2023-05-12 02:50:33Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/enterprise/contact', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://github.co/hiddenchars', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6228:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6228:304:WilStaging_02"\n "SM0:6228:120:WilError_01"\n "Local\\SM0:6228:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.43.221.31:443"\n "138.91.254.96:443"\n "192.0.66.2:443"\n "104.17.24.14:443"\n "185.199.108.153:443"\n "192.0.76.3:443"\n "192.0.77.2:443"\n "140.82.112.21:443"\n "185.199.108.154:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"analytics.githubassets.com"\n "api.edgeoffer.microsoft.com"\n "cdnjs.cloudflare.com"\n "collector.githubapp.com"\n "github.blog"\n "github.co"\n "github.githubassets.com"\n "i0.wp.com"\n "pixel.wp.com"\n "stats.wp.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta property="article:publisher" content="https://www.facebook.com/GitHub" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:card" content="summary_large_image" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:site" content="@github" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:label1" content="Est. reading time" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:data1" content="1 minute" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://twitter.com/github" data-ga-click="Blog\n go to Twitter\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<span class="sr-only">GitHub on Twitter</span>" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://www.facebook.com/GitHub" data-ga-click="Blog\n go to Facebook\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://www.youtube.com/github" data-ga-click="Blog\n go to YouTube\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<span class="sr-only">GitHub on YouTube</span>" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://www.linkedin.com/company/github" data-ga-click="Blog\n go to Linkedin\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006628]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6628_34219005\\Ruleset Data]- [targetUID: 00000000-00006628]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6628_723415155\\Filtering Rules]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006628]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00006628]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6628_723415155\\Filtering Rules-AA]- [targetUID: 00000000-00006628]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006628]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\6628_1327490462\\edge_autofill_field_data.json]- [targetUID: 00000000-00006628]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006628]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006628]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006628]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006628]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006628]\n "Tabs_13328299007683854" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13328299007683854]- [targetUID: 00000000-00006628]\n "ed4039f5-9b32-4b23-ad0a-52650dbff6f6.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\ed4039f5-9b32-4b23-ad0a-52650dbff6f6.tmp]- [targetUID: 00000000-00006628]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Diagnostic Data-wal]- [targetUID: 00000000-00006628]\n "urlref_httpsgithub.cohiddenchars" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "f_0004c5" has type "gzip compressed data from Unix original size modulo 2^32 781225"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c5]- [targetUID: 00000000-00003808]\n "b978b9a8-ced7-4dda-94a5-5dbd2c301fa0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b978b9a8-ced7-4dda-94a5-5dbd2c301fa0.tmp]- [targetUID: 00000000-00006628]\n "da1e6743-5e1c-49e6-a14b-642c85423466.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\da1e6743-5e1c-49e6-a14b-642c85423466.tmp]- [targetUID: 00000000-00006628]\n "7ac7762a-375d-4477-b7a7-9b70dd9d8563.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7ac7762a-375d-4477-b7a7-9b70dd9d8563.tmp]- [targetUID: 00000000-00006628]\n "90ea1062-a906-4309-8722-cf3037f4df69.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\90ea1062-a906-4309-8722-cf3037f4df69.tmp]- [targetUID: 00000000-00006628]\n "71b10f44-5b6a-47b3-ae02-aac8dd4cc536.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\71b10f44-5b6a-47b3-ae02-aac8dd4cc536.tmp]- [targetUID: 00000000-00006628]\n "6dd70d2e-23b1-4d9b-bb59-c777ca623037.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6dd70d2e-23b1-4d9b-bb59-c777ca623037.tmp]- [targetUID: 00000000-00006628]\n "c514c718-3835-4f67-921e-d7e847351cd2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\c514c718-3835-4f67-921e-d7e847351cd2.tmp]- [targetUID: 00000000-00006628]\n "02e0acea-ebc0-4e88-8e8a-1e44ce38bd84.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 18692"- Location: [%TEMP%\\02e0acea-ebc0-4e88-8e8a-1e44ce38bd84.tmp]- [targetUID: 00000000-00006628]\n "Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Ne185.199.108.153
2023-05-12 02:54:00Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America104.21.6.166
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None1a0dc2 (Net ID: 0C:EA:C9:15:D9:AF)37.751, -97.822
2023-05-12 03:23:31Open TCP PortNoPulsedive0030None188.114.96.11:80188.114.96.0/24
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7634.74.170.74
2023-05-12 03:43:26Affiliate - Company NameNoCompany Name Extractor0070NoneWorld4You Internet Services GmbH Domain Name: INFLANY.COM Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: http://www.world4you.com Updated Date: 2023-04-13T07:19:32Z Creation Date: 2022-04-12T14:21:11Z Registry Expiry Date: 2024-04-12T14:21:11Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.WORLD4YOU.AT Name Server: NS2.WORLD4YOU.AT DNSSEC: signedDelegation DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:42:43Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: inflany.com Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: https://www.world4you.com Updated Date: 2023-04-13T21:36:05Z Creation Date: 2022-04-12T14:21:11Z Registrar Registration Expiration Date: 2024-04-12T14:21:12Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: abuse@world4you.com Registrar Abuse Contact Phone: +43.73293035 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: AT Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AT Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: https://whoispro.domain-robot.org/whois/inflany.com Name Server: ns1.world4you.at Name Server: ns2.world4you.at DNSSEC: signedDelegation URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp # World4You Internet Services GmbH WHOIS service. # # The data in the World4You WHOIS database is provided to you by # World4You Internet Services GmbH for informational purposes only and # may be used to assist persons in obtaining information about or # related to a domain name registration record. # Except for agreed Internet operational purposes (such as register or # modify existing registrations), no part of this information may be # stored, reproduced or transmitted by any means. # World4You does not guarantee its accuracy. # # By submitting a WHOIS query, you agree that you will use this data # only for lawful purposes and that, under no circumstances, you will # use this data to # (1) allow, enable, or otherwise support the transmission of mass # unsolicited, commercial advertising or solicitations via E-mail # (spam); or # (2) enable high volume, automated, electronic processes that apply # to World4You (or its computer systems). # World4You reserves the right to modify these terms at any time. # By submitting this query, you agree to abide by this policy. # www.world4you.com - Your hostingprovider.at
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:05:5D:F0:3A:5B)33.336199,-111.89446440830702
2023-05-12 02:45:21Raw Data from RIRsNoipapi.co0040None{u'region_code': u'VA', u'country_tld': u'.us', u'ip': u'2600:1f18:2489:8201::c8', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'Ashburn', u'network': u'2600:1f18::/33', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 39.0469, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'AMAZON-AES', u'postal': u'20149', u'asn': u'AS14618', u'country': u'US', u'region': u'Virginia', u'longitude': -77.4903, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}2600:1f18:2489:8201::c8
2023-05-12 02:44:35Software UsedYesTool - Wappalyzer0020NoneHTTP/3fluid.battleb0t.xyz
2023-05-12 03:12:15Affiliate - Domain WhoisNoWhois0060None% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. %ERROR:101: no entries found % % No entries found in source RIPE. % This query was served by the RIPE Database Query Service version 1.106.1 (ABERDEEN) expressdryclean.gr
2023-05-12 02:46:50Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app34.148.97.127
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NonePastebin (Category: tech) https://pastebin.com/u/ayhuayhu
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonewebdisk.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d
2023-05-12 02:44:09Software UsedYesTool - Wappalyzer0010NoneCloudflareayhu.xyz
2023-05-12 02:44:30Software UsedYesTool - Wappalyzer0020NoneHSTSpics.battleb0t.xyz
2023-05-12 02:54:38Software UsedYesCensys0030NoneCloudFlare CloudFlare Load Balancer172.67.168.252
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:24:F2:1A:77)37.7642, -122.3993
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneBossWirelessSitecom (Net ID: 00:0C:F6:9F:57:4C)50.8897, 6.0563
2023-05-12 02:56:26Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.calgarystampede.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "52.85.247.122:443"\n "13.249.139.109:80"\n "65.8.55.54:80"\n "52.85.247.36:443"\n "65.8.55.18:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "35AY2PEO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\35AY2PEO.txt]- [targetUID: 00000000-00003564]\n Dropped file: "I24JX9IM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I24JX9IM.txt]- [targetUID: 00000000-00003564]\n Dropped file: "OC7G5YSO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OC7G5YSO.txt]- [targetUID: 00000000-00002492]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "search-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "calgary-stampede-workmark-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-youtube_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "cs-logo-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-twitter_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "down-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mail-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpswww.calgarystampede.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003564]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002492]\n "_ssgManifest_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Agriculture_adventure_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 progressive precision 8 537x358 frames 3"- [targetUID: N/A]\n "index-c1b82293aeb4d48c_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Super_Wheel_113_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 240x240 segment length 16 progressive precision 8 420x280 frames 3"- [targetUID: N/A]\n "_0C20F077-3DD3-11ED-9C23-080027B2E225_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002492]\n "7ddd681543e5fa52_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /images/icon-twitter.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://www.calgarystampede.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "GET /images/icon-youtube.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://www.calgarystampede.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive"\n "GET /_next/static/css/7ddd681543e5fa52.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.calgarystampede.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAge: 12329\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Length: 379750\nContent-Type: text/html; charset=UTF-8\nDate: Mon, 26 Sep 2022 18:14:59 GMT\nEtag: "ef9f0aca69e5a7ab84d4408dbf4dc83f-ssl-df"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GDXVX21BQQBCED27H862YBAB\n\nJ\'O:u9kk1\\ Hb!F?J=q v |437w_z3bcO>=MM+SS|6Fn4Ko90SG#xxiO[{\'fboOc{?!wh6:~Yo~\n=k3-y<5@}~|4lFcC{<4k1$EsV|/Y5tQy%W$-e B! >>OMvv1YjI?1nx>iVvNjD&9\n_s3&w?7@|Up}V3d5V_%8Grm|>{XqO"]8fjRVH*dyM6z7gmRQtxcyZ#x "i_9M-y^\\u]sX0\'uF-ouh;sp$!~k`~blgK+y^|X[,/&hksHC`<O<ZYs"t3G4s\n$|^k\nq1EdUY\ngcXpns*>C\n<pr", "M8cwx.LuJ8cFVft<{bdc$";inF#q3 1U]+XV}P&|2!ZgsdkP~\'_w_R7DJe}822/9mAz\\XgT5>Zblh4^tQUycYX)F<]m.{nwid_GoEN:F\nam<!Mz8B[&l-D\'&2\n{7\\.gF?R+\nUov8XdL@Wt,A(\\*mI0Ds".Z%VPOZ}rI7>\\(n]X7^l-lsqKy{az?V?Rn<uTV#SG6d]eJ2d^q\'0Q+)4N@0od?.LX/9ZtWVvI5;};vw4>yz@il{wp\\l@**\nh5&"lZQn.@Y2*.*|s97gSimu5_T;~YM&[~lbyS{ypK^~Huw]4UEVEEWEX\n^?N;hJmX\'T\\-Wto&DSew!nB>@*"i<dg :@Pb\'XQLWg@DN|b\nnT,v,<c,ZkQqw.tbnyNqKiY+b8bxJu*H1cIdu@V!(1JH%H]#aMW@pUoUse\n.zJ\nbY+H<+r2Aqo6w}ia+.z(2R[J)*fI*Q*<rR)|%^&AW:VwjZ!\'xLKIj\nt([27l0<!;foqS/AqIU&6\',\nP)5@$\n19R\\JE%BIT".V>~."]Ve^Pf/G]VwqK^Mq<\ny4^~#W33nDmN@1xkSQ5+R$Y#V0xwkjT7ps+P<It6;;_H&8n9J<3k*O\n^m\nm%t@eUUVcXc\nL2|*(<y>{M7&Kk3tFk5UVxSP|)bgt_wjNR7&x\nj\n\nMT\nUDp["\\;+}\\f>;);+E0YWL6h1.8or7;^\nwA5G1@L;kXPY]Tc!|:+AT6F>L`&pfOP}fm:Pvo+{bE.>mJ<vMG)bVrcATql[N$DTE A4jDXU=U?!9{:{$7&::jVB^Vs;0u[H<)+KoQb1OY`EX IP8(\n^a$,|)_X^{\n\'pD^^N|\\/rM)o|{(]boPJ4hoxmain\nJ5T\'p\n!aFs@!5$dQ(aH%Zu}"#]~E.%-W2r8(Yxb>^uUL\\(ftS8E>E4*|g!_3#Cu1lA$GG(xiV>//_sDB^QS>J*Ev-p_\'R.q,ZhSXY|.\nz&\\%lkV$-+<\'\nTECqK(q%3~[PQGBN8=L&_,.,KvOqtTr!WTwR=FU^e@? <Q\nX@3ZSuI\\U78p|U}/5:)d:*3K{L~w`\'vLib@.TnmVZ.N*h2`\\*v,vZ<X",xRYy%3"8 f81N8&\n\'+A9oj|vv\'qh<{7;~ \ni)-c~S(mJxB2+_n_2Kb_akNqkw[>]:gi}@g4BKc!ZHAAKK^;A"(S^^do3s&H[_UWaW_$3b<ZpQd+\nD|O&NKV[6-[I]3*:)78bKy((kni5P$9,{;\'\n\n2 *rf7#YK(j^r{r3yyg.A!zM}0f5Zi1Z}["LiZ:ff>n:HS k^\nkxkjx}g#+;-gDW.jkt_+Qcx_`}?Ua3rF^1A=m?7*d_Q0#sN;}zk`?\\B5_m3lPKkNou}e|BojS"\'2ZOivfX~|kC+:x\'&|UV)epL$\n0t\na\nE9r\')J,rts54^$6Ho+]Otv-Bxp"(fgEbK.L3jqbRvd9r\n{Nca@)Bt\'"+F2A/p,]!K3`hY<K*&#vPSBOD?i/n3zijZcP"|k0k;7;9(TWg?W\n/ry[zcSMT;0^>j&uOt\'E~}R=(%|$\'Z\'dUH_XNJ%9.2\'("9VIK1"3!!V2\\\nJ*R<!L$Hf@@Y2q%%f2)L\\O<|]aeY[#[efE6kO9"u104.196.30.220
2023-05-12 02:59:18Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://188.114.96.1/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"188.114.96.1:80"\n "104.18.31.78:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_db8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3512"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_db8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_db8_IE_EarlyTabStart_0x8c0"\n "IsoScope_db8_IE_EarlyTabStart_0x8c0_Mutex"\n "IsoScope_db8_IESQMMUTEX_0_303"\n "IsoScope_db8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_db8_ConnHashTable<3512>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003252]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003512]\n "0011OCN4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0011OCN4.txt]- [targetUID: 00000000-00003512]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003512]\n "~DFEC9FF18591CF0D57.TMP" has type "data"- Location: [%TEMP%\\~DFEC9FF18591CF0D57.TMP]- [targetUID: 00000000-00003512]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003512]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003512]\n "main_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_71A2FDDC-2FB1-11ED-AFB6-0800275B0CEA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._6747C6ED-2FB1-11ED-AFB6-0800275B0CEA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFFF697D7C0946BAA2.TMP" has type "data"- Location: [%TEMP%\\~DFFF697D7C0946BAA2.TMP]- [targetUID: 00000000-00003512]\n "W9XLKQJM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W9XLKQJM.txt]- [targetUID: 00000000-00003252]\n "~DF082348EE70E6B95F.TMP" has type "data"- Location: [%TEMP%\\~DF082348EE70E6B95F.TMP]- [targetUID: 00000000-00003512]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://188.114.96.1/"\n Pattern match: "http://188.114.96.1"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /beacon.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://188.114.96.1/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: performance.radar.cloudflare.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.18.31.78]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "188.114.96.1" found in string "http://188.114.96.1/"\n Potential IP "188.114.96.1" found in string "http://188.114.96.1"\n "188.114.96.1"\n Potential IP "188.114.96.1" found in string "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: 188.114.96.1\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}], u'threat_level': 0, u'size': None, u'job_id': u'631a665717ba8f2f707e8915', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'188.114.96.1', u'104.18.31.78'], u'sha256': u'5d930bb75d728b31880a4b3fe975a343b4dfd7855f2a943ba94d6c5bb93a8cfa', u'sha512': u'eb35604cd28c8ce0c80d4c981d47a2cb14198c86708d81ff18d682cb3c8f73b6c54a53fb994dfc82e409c43bf662e908899d1a428a9dc656f1068281ac1049e1', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://188.114.96.1/', u'submission_id': u'631a665717ba8f2f707e8916', u'created_at': u'2022-09-08T22:01:59+00:00', u'filename': None}], u'analysis_start_time': u'2022-09-08T22:02:00+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 10, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'0f5534822f97323db2ede42413f1e07d', u'network_mode': u'default', u'processes': [], u'sha1': u'd0e743b56365f07fe0e998a2fe5ecf2c66be6187', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}, {u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'188.114.96.1
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneBaha T|z|ner (Net ID: 00:19:C6:DD:81:11)40.2024, 29.0398
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.141): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"}
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=fluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneBandlab (Category: music) https://www.bandlab.com/ayhuayhu
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneXVIDEOS-profiles (Category: XXXPORNXXX) https://www.xvideos.com/profiles/ayshooayshoo
2023-05-12 03:09:05Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.11287.248.157.102
2023-05-12 03:23:17Open TCP PortNoPulsedive0030None188.114.96.4:8080188.114.96.0/24
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0000cap.github.io] https://www.openphish.com/feed.txt0000cap.github.io
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter0010NoneCN=fluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonen83d (Net ID: 00:06:25:86:4F:31)33.336199,-111.89446440830702
2023-05-12 02:53:33Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://mailvu.co.uk/e/vpNNjoK', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"iexplore.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 76B90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 75170000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 75B00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 756F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-version-l1-1-0.dll" at 750A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\version.dll" at 743A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-user32-l1-1-0.dll" at 74E50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 75220000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 755F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\lpk.dll" at 770B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\usp10.dll" at 75D00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-normaliz-l1-1-0.dll" at 74EB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\normaliz.dll" at 77080000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll" at 77070000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 75CA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 00280000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 75150000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 752F0000\n "iexplore.exe" loaded module "%WINDIR%\\Temp\\VxOle32.dll" at 6D020000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 75490000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 753F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shell32-l1-1-0.dll" at 71F80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 75F40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\comdlg32.dll" at 75A80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcss.dll" at 02250000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 73830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 70530000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\webio.dll" at 704E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 747F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll" at 6E7F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wship6.dll" at 747E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 74380000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winnsi.dll" at 74370000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 75190000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 72FE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 74830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 024C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 745C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\RpcRtRemote.dll" at 74DC0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\ieproxy.dll" at 6D100000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WSHTCPIP.DLL" at 74280000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rasadhlp.dll" at 71640000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\FWPUCLNT.DLL" at 72D00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 74F70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 74E30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 6CC00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaccrc.dll" at 02F80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msimg32.dll" at 73880000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 75DA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 750B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 750F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 74E60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 770C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l1-1-0.dll" at 750E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 75640000\n "iexplore.exe" loaded module "%WINDIR%\\Temp\\VxSSL32.dll" at 6CFD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 75C60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 77090000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\fltLib.dll" at 71650000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-core-synch-l1-2-0.dll" at 72590000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 74CB0000\n "iexplore.exe" loaded module "%WINDIR%\\Globalization\\Sorting\\SortDefault.nls" at 01880000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 74D20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieframe.dll" at 6BC00000\n "iexplore.exe" loaded module "%WINDIR%\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\\comctl32.dll" at 73C20000\n "iexplore.exe" loaded module "%WINDIR%\\WindowsShell.Manifest" at 02230000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\IEShims.dll" at 6CF80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\urlmon.dll" at 75930000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-ole32-l1-1-0.dll" at 75140000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wininet.dll" at 76C70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 74EC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 74E40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 738B0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\sqmapi.dll" at 717E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 74B50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l2-1-0.dll" at 71620000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat" at 02260000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6E8F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6DEF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 73370000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 742D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\srvcli.dll" at 74A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 74190000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wshqos.dll" at 705B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\credssp.dll" at 744F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\schannel.dll" at 74630000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 74960000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 74940000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 74500000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 75110000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dnsapi.dll" at 746B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gpapi.dll" at 74400000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\apphelp.dll" at 74CD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieui.dll" at 6CF00000\n "iexplore.exe" loaded module "%WINDIR%\\Fonts\\StaticCache.dat" at 03A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\user32.dll.mui" at 02A50000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\ow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" at 02D00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WindowsCodecs.dll" at 73460000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ExplorerFrame.dll" at 70A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\duser.dll" at 73910000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dui70.dll" at 735D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\msctf.dll.mui" at 04550000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 72CE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 74290000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mlang.dll" at 6FFA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 73A30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 74340000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Wldap32.dll" at 75BB0000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000030.db" at 046C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 65CE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 64890000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 045B0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db" at 046F0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Wind185.199.109.153
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00tau.github.io185.199.111.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:32:00Open TCP PortNoPulsedive0030None188.114.97.1:8080188.114.97.0/24
2023-05-12 03:03:32Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007jedgar.github.io
2023-05-12 02:53:22IP AddressNoMnemonic PassiveDNS0020None172.67.168.252nwapi2.battleb0t.xyz
2023-05-12 02:54:20HTTP Status CodeNoWeb Spider0120None521nuke.battleb0t.xyz
2023-05-12 03:27:00Web TechnologyNoWeb Server Identifier0030NoneExpress{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX55155D43E (Net ID: 00:01:E3:55:D4:3E)52.3759, 4.8975
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5acc457cc32d9a-ORD Content-Encoding: gzip 188.114.97.1
2023-05-12 02:44:09SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 0c:e3:f4:1c:e8:cb:bb:cf:13:f7:6c:6f:36:5e:c2:eb Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Feb 11 05:22:10 2023 GMT Not After : May 12 05:22:09 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ce:18:28:ee:1e:4b:a0:54:f5:b2:a8:46:72:fa: 7a:1b:b5:83:d9:b7:b9:85:b6:7e:b8:27:ed:42:bb: f5:8d:d9:0c:96:a1:ac:39:e8:ba:ac:6a:f9:9f:0d: 46:7d:1d:65:d4:56:4a:89:c7:ac:f3:42:0e:7d:79: 7a:b0:01:1a:1e:df:5a:64:96:92:41:7b:76:b3:71: 65:05:d4:d3:ac:cb:dd:ed:f6:10:2e:3d:94:bc:fe: b8:5d:9b:af:1f:73:66:41:55:24:91:8f:6a:93:09: c4:a9:4e:cc:3f:db:83:53:92:be:e5:79:63:d7:c0: f2:ad:fb:15:4c:da:cf:26:0f:ae:09:13:32:5e:2f: 61:79:df:43:b7:2e:3e:7a:3f:f1:71:51:6a:d0:2c: 51:14:2b:e5:5a:3a:2a:63:a7:80:69:d6:dd:ff:21: c9:3a:6c:59:b1:94:d7:a0:d6:e0:c5:59:62:0d:45: 33:fc:cc:08:f3:b9:08:a9:ea:24:98:5f:22:3c:5b: 51:7a:ef:2a:db:8c:ca:b6:bd:39:1c:ec:e9:76:19: 54:df:f7:38:11:32:20:7f:02:4a:bb:97:a7:34:fd: a8:8b:36:ea:36:af:62:53:9d:78:4a:b7:98:3a:a9: 07:8f:74:9e:43:31:08:ab:be:62:c0:5e:01:ec:ce: 53:dd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: F7:A7:5E:24:2E:1C:7A:7A:2A:90:36:DF:66:18:6B:A7:17:36:7E:3E X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_NaLKSGSIEY CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/fXbrD094iyQ.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 09:bc:ea:b6:cf:53:d5:18:fa:35:01:f5:1a:84:b4:db:1b:35: a8:21:d4:b0:1c:8c:61:d9:0a:ed:8a:98:0e:ec:59:d1:7e:8a: 57:4f:81:85:21:9d:81:17:a5:6d:50:b7:02:17:30:3f:51:39: 0f:0d:a8:d9:9c:3b:6f:9f:16:6b:f6:f6:71:30:1e:f6:cd:df: 76:28:c1:38:b4:2a:e8:d2:ce:d8:22:7a:dc:2b:32:d6:cb:47: 88:b5:09:84:fa:12:6c:6e:e0:35:16:bb:24:8c:97:ba:91:7e: 45:50:9e:95:dc:7b:ff:96:e1:f9:37:11:30:5c:89:2e:ed:a5: 42:7f:26:b7:5c:84:0f:5f:e0:da:f9:32:fa:e2:bd:aa:52:51: 70:cd:f0:79:e0:2d:8e:67:56:3c:ba:c2:1e:d9:2f:a6:4b:13: 8c:cf:70:85:8b:05:86:ea:ed:7a:8a:75:c4:87:c4:fc:b8:11: 72:8c:37:b1:f0:08:21:35:fa:6a:0a:a7:28:58:06:2e:4b:74: 11:70:1e:20:5f:d2:60:2c:f6:42:ca:fa:2c:6e:50:27:2a:ea: bd:8f:2d:c2:66:e4:e3:0c:69:4a:0b:47:18:a2:29:2b:ca:35: 4e:52:e9:78:dd:08:a8:e2:6b:51:5d:78:d4:f2:8b:19:66:55: d1:aa:21:f5 ayhu.xyz
2023-05-12 03:24:30Affiliate - Company NameNoCompany Name Extractor0070NoneNameCheap, Inc. Domain Name: NETCRAFT.COM Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-12-07T10:43:50Z Creation Date: 1994-10-18T04:00:00Z Registry Expiry Date: 2026-10-17T04:00:00Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: AUTHNS1.NETCRAFT.COM Name Server: AUTHNS2.NETCRAFT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: netcraft.com Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2020-09-21T12:40:37.88Z Creation Date: 1994-10-18T04:00:00.00Z Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Name Server: authns1.netcraft.com Name Server: authns2.netcraft.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneHangar6 (Net ID: 00:02:6F:E9:36:AC)33.617190550339146,-111.90827887019054
2023-05-12 03:32:15Open TCP PortNoPulsedive0030None188.114.97.8:80188.114.97.0/24
2023-05-12 02:44:28Internet NameNoDNS Resolver0020Noneayhu.xyzCN=*.ayhu.xyz
2023-05-12 02:53:35Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-11T23:24:30.410Z", "ip": "185.199.110.153", "location_updated_at": "2023-05-01T12:36:37.024174Z", "autonomous_system_updated_at": "2023-05-06T01:31:22.928187Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "0bs3rver.space": {"record_type": "CNAME", "resolved_at": "2023-04-07T21:20:07.161720197Z"}, "mitori.art": {"record_type": "A", "resolved_at": "2023-04-22T12:20:33.251806348Z"}, "lisihui.com": {"record_type": "CNAME", "resolved_at": "2023-03-06T14:30:11.269509368Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.rohankumar.org": {"record_type": "CNAME", "resolved_at": "2023-03-31T01:25:23.527231408Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "gg349.net": {"record_type": "A", "resolved_at": "2023-04-13T04:51:06.304779399Z"}, "learn.madetech.com": {"record_type": "CNAME", "resolved_at": "2023-04-11T15:40:02.776726856Z"}, "gauravx.me": {"record_type": "A", "resolved_at": "2022-11-26T15:26:54.328782961Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "www.conoredmonds.com": {"record_type": "CNAME", "resolved_at": "2023-03-02T20:18:18.146944734Z"}, "www.floraguo.ca": {"record_type": "CNAME", "resolved_at": "2023-03-17T01:49:53.573471096Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "bbochallenge.com": {"record_type": "A", "resolved_at": "2023-05-08T21:05:49.539576877Z"}, "vortaro.warut.net": {"record_type": "CNAME", "resolved_at": "2023-04-28T21:44:00.274408560Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "www.diogomacedo.com.br": {"record_type": "A", "resolved_at": "2023-05-07T12:29:41.333779966Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "bonnyjain.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T13:34:20.462939696Z"}, "www.richardstrasse.de": {"record_type": "CNAME", "resolved_at": "2023-05-10T16:20:04.253920170Z"}, "www.wwhite13.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:48:58.048294246Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "www.nekopiano.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T14:37:04.668920218Z"}, "www.urovo.co.id": {"record_type": "CNAME", "resolved_at": "2023-03-22T11:28:31.786000006Z"}, "az-media-group.com": {"record_type": "A", "resolved_at": "2023-03-13T21:28:40.572309228Z"}, "afrirpay.com": {"record_type": "A", "resolved_at": "2023-03-20T19:40:07.274096579Z"}, "www.peej.co.uk": {"record_type": "CNAME", "resolved_at": "2023-05-04T06:26:44.450349253Z"}, "www.mmtr.me": {"record_type": "CNAME", "resolved_at": "2023-03-31T02:37:55.288583037Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "xn--net-0y9d003h.net": {"record_type": "A", "resolved_at": "2022-09-30T17:04:55.478194970Z"}, "www.yudongyao.com": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:23:44.312163953Z"}, "suspendedgravity.com": {"record_type": "A", "resolved_at": "2023-03-19T14:58:55.258229106Z"}, "www.liufuwen.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T00:11:36.398875577Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "jackcook.com": {"record_type": "A", "resolved_at": "2023-03-13T22:18:27.163100214Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "flatroofingsussex.github.io": {"record_type": "A", "resolved_at": "2023-03-08T16:27:19.089505234Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "hot-wheelz-of-time.org": {"record_type": "A", "resolved_at": "2023-03-08T19:15:03.099082898Z"}, "scorestar.net": {"record_type": "A", "resolved_at": "2023-01-27T16:37:47.492965822Z"}, "www.vividcivic.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:17:15.398159440Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "dmitrydwhite.com": {"record_type": "A", "resolved_at": "2023-03-22T10:36:00.564584517Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "iramax.plasmic.site": {"record_type": "CNAME", "resolved_at": "2023-02-28T18:47:24.920115614Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "www.tiffanylo.info": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:28:07.161359635Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "www.flatroofingsussex.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:57:33.956373565Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "edwinchoate.com": {"record_type": "A", "resolved_at": "2023-03-10T13:30:14.902307248Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "microngap.io": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:33:09.161837848Z"}, "turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "www.maxn.me": {"record_type": "CNAME", "resolved_at": "2023-03-17T17:01:10.376655200Z"}, "www.uncommonhacks.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:35:06.406550410Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "daniego.github.io": {"record_type": "A", "resolved_at": "2023-03-08T16:27:21.119914909Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "www.sarahmantell.page": {"record_type": "CNAME", "resolved_at": "2023-03-21T05:57:30.087038111Z"}, "aubrielee.com": {"record_type": "A", "resolved_at": "2023-04-27T14:19:58.049894139Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-04-23T17:40:41.917214504Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "laperragorda.es": {"record_type": "A", "resolved_at": "2023-04-11T17:50:04.490005270Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "sslcbok.com": {"record_type": "A", "resolved_at": "2023-03-24T15:56:33.901120743Z"}, "maxn.me": {"record_type": "A", "resolved_at": "2023-03-14T01:02:41.344639104Z"}, "kitroed.com": {"record_type": "A", "resolved_at": "2023-03-18T14:36:48.838056806Z"}, "blog.oneminuter.com": {"record_type": "CNAME", "resolved_at": "2023-05-06T15:46:58.542682829Z"}, "janithpet.com": {"record_type": "A", "resolved_at": "2023-03-07T14:06:16.144562982Z"}, "www.guillermoch.com": {"record_type": "CNAME", "resolved_at": "2023-04-13T00:11:20.615747068Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "www.wishingwellberlin.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:00:16.833241253Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "design.rs.no": {"record_type": "CNAME", "resolved_at": "2023-02-22T20:37:17.445718906Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}}, "names": ["www.wise.fitness", "www.agitator.com", "www.rohankumar.org", "www.liufuwen.com", "cyberfriendscircle.io", "learn.madetech.com", "www.mmtr.me", "xn--net-0y9d003h.net", "kleinsplayground.com", "az-media-group.com", "aubrielee.com", "kitroed.com", "vortaro.warut.net", "www.yudongyao.com", "gauravx.me", "www.conoredmonds.com", "intersolarnft.github.io", "dhanush.is-a.dev", "mitori.art", "gmacd.net", "gg349185.199.110.153
2023-05-12 02:57:14Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://event.chatelet.com/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar47D9.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"\n "184.31.135.120:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e44_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e44_IESQMMUTEX_0_519"\n "IsoScope_e44_IESQMMUTEX_0_303"\n "IsoScope_e44_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_e44_ConnHashTable<3652>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_e44_IE_EarlyTabStart_0xd04_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3652"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab47D8.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "BOPRH2ZO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BOPRH2ZO.txt]- [targetUID: 00000000-00003652]\n "~DF6A3B227269700CE8.TMP" has type "data"- Location: [%TEMP%\\~DF6A3B227269700CE8.TMP]- [targetUID: 00000000-00003652]\n "~DFB95C1DFB9DD9FD62.TMP" has type "data"- Location: [%TEMP%\\~DFB95C1DFB9DD9FD62.TMP]- [targetUID: 00000000-00003652]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002484]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00002484]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00002484]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "VT6JSXYH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VT6JSXYH.txt]- [targetUID: 00000000-00002484]\n "~DF76716775CE99AC80.TMP" has type "data"- Location: [%TEMP%\\~DF76716775CE99AC80.TMP]- [targetUID: 00000000-00003652]\n "Cab47D8.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab47D8.tmp]- [targetUID: 00000000-00002484]\n "_ABE4B9E4-2733-11ED-AAD4-0800272DFF78_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003652]\n "7932565F77E6D5220F4BA594B3E44679" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7932565F77E6D5220F4BA594B3E44679]- [targetUID: 00000000-00002484]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002484]\n "~DF97BD2ECCE82542E3.TMP" has type "data"- Location: [%TEMP%\\~DF97BD2ECCE82542E3.TMP]- [targetUID: 00000000-00003652]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002484]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: event.chatelet.com\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 426\nContent-Type: application/octet-stream\nDate: Mon, 29 Aug 2022 02:12:28 GMT\nEtag: "ed0b712b25ea3f6f62eb5eaeffcc657b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GBKNY98DD98FKFCFBFX86CH5\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-192x192.png",\n "sizes": "192x192",\n "type": "image/png"\n },\n {\n "src": "/android-chrome-512x512.png",\n "sizes": "512x512",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"- [Source: SSL_35.229.48.116]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: event.chatelet.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 15086\nContent-Type: image/vnd.microsoft.icon\nDate: Mon, 29 Aug 2022 02:12:30 GMT\nEtag: "4fb340938722f4a15e9938495b232a9b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GBKNYBDZYTQ6KWADXF4AWFWR\n\n00 %6 % h6(0` $8<$dddAAA000***...>>>aaabbbVVV^^^xxx)111\n\n\n\n\n\n000777\n\n\n\n\n\nPPPXXXTTT<<<\n\n\n\n\n\nOOO4VVV\n\n\n\n\n\nSSS\n\n\nOOO=\n\n\nNNN...<<<hhhrrrbbbAAA\\\\\\fffZZZmmm{{{"- [Source: SSL_35.229.48.116]\n\n "UUU\n\n\nyyyRRR\n\n\n$$$+++bbb[[[\n\n\nUUU|||\n\n\nWWW\n\n\naaa\n\n\n;;;JJJJJJJJJJJJJJJJJJKKK...333\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n333\n\n\n___\n\n\n"- [Source: SSL_35.229.48.116]\n\n "mmm888^^^\n\n\n\n\n\nMMMMMMMMMMMMMMMLLL\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\ntttaaa\n\n\n)))++++++***\n\n\nGGGaaa\n\n\n:::JJJ\n\n\n<<<^^^kkkdddHHH$$$vvv\n\n\n\n\n\nccc^^^"""\n\n\n\n\n\nrrrppp111\n\n\n\n\n\n\'\'\']]]rrrbbb\\\\\\___mmm\\\\\\]]]FFF$$$\n\n\nJJJ;;;---\'\'\'>>>999111444GGG<<<\n\n\nXXXKKK$$$www&&&1mmm9ccc"- [Source: SSL_35.229.48.116]\n, "ZZZxxxTTTkkk$04??( @ dhuuueeejjj(((ZZZ~~~\n\n\n\naeee\n\n\n888h$$$BBB\n\n\n~~~(((888!!!lll---\n\n\n~~~\n\n\n###uuu!!!\n\n\nGGG\n\n\n +++\n\n\n000???@@@@@@@@@:::\n\n\n{{{\n\n\n\n\n\n@@@\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n~~~}}}}}}}}}~~~ppp\n\n\n---\n\n\n+++\n\n\nEEE\n\n\n***XXX&&&<<<RRRKKK)))\n\n\nkkkqqq\n\n\n\n\n\n>>>000\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n]]]qqqUUUKKKNNN```>>>iiiZZZMMM{{{^^^uuu~~~DDDggg]tttXXXd\njjjKKKxxxSSSeee\n]`( ###444GGGzzzbbbxxx;;;zzzPPPBBB\n\n\nPPP777uuuSSS>>> 222333"- [Source: SSL_35.229.48.116]\n, """"SSSUUUNNNOOO///SSSWWW444WWWttt555...(((XXX;;;>>>gggHHHddd666ccc>>>///|||***"- [Source: SSL_35.229.48.116]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://event.chatelet.com/site.webmanifest"- [Source: Input]\n Pattern match: "https://e35.229.48.116
2023-05-12 03:08:43Affiliate - IP AddressNoDNS Look-aside1030None64.226.81.4864.226.81.43
2023-05-12 02:45:42Physical CoordinatesNoAbstractAPI0020None34.0544, -118.244185.199.108.153
2023-05-12 02:44:18SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 Validity Not Before: Feb 21 00:00:00 2023 GMT Not After : Mar 20 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f: a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af: ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24: 29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09: 23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a: 5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed: f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99: 4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77: c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2: 38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3: f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57: 77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee: 3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76: b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1: 95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f: 43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97: 2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07: 24:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4 X509v3 Subject Key Identifier: 8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Feb 21 15:03:41.179 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD: F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24: D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25: A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53: A4:D8:EF:86:C7:5C:70:1A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6: 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5 Timestamp : Feb 21 15:03:41.162 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7: 09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3: 74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A: 04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37: AB:35:8B:24:23:B9:2B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Feb 21 15:03:41.130 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09: BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45: 49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98: 13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E: 4F:4E:1C:82:A5:B3 Signature Algorithm: sha256WithRSAEncryption 37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08: 1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79: 13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22: 8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37: 4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0: 4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43: 64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef: 4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c: f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a: fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da: 33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08: e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8: 28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96: d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75: 27:d0:e3:df 185.199.110.153
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.164): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:48Netblock MembershipNoCensys0030None34.148.96.0/2034.148.97.127
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}104.21.6.166
2023-05-12 02:56:04Blacklisted IP on Same SubnetYesDroneBL0030Nonedronebl.org - HTTP Proxy (87.248.157.123)87.248.157.0/24
2023-05-12 03:00:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.52): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 02:45:04CountryNoCountry Name Extractor0050NoneUnited Statesgoogleusercontent.com
2023-05-12 02:44:27Software UsedYesTool - Wappalyzer0020NoneCloudflarenwapi.battleb0t.xyz
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13534.148.97.127
2023-05-12 02:50:19SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:48:35 2023 GMT Not After : Apr 14 17:48:34 2023 GMT Subject: CN=funny-face-pictures.nom-nom.link Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4: 8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62: 35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7: d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d: 46:7d:03:91:0a ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 14 18:48:35.447 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:23:7B:64:B6:2C:AC:F5:E8:CA:03:17:B5: C8:52:1F:78:4E:9E:45:71:9E:BA:A5:B9:28:E2:F6:98: 5C:9C:55:4D:02:21:00:C5:7A:6D:7B:D9:FC:31:BE:EE: D2:45:60:40:E8:F3:98:F6:00:28:61:5C:51:F5:50:E2: F1:BC:67:67:34:47:34 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 14 18:48:35.442 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:77:EF:CC:3A:63:43:C6:E6:6C:CD:36:4F: 64:00:42:35:30:9C:67:0E:E7:F4:15:29:43:E9:0B:EB: EA:B5:DD:47:02:20:43:3C:D6:F2:D6:6A:25:2C:8C:A9: 19:78:E2:12:1F:E6:13:A2:C8:59:FC:58:1D:CC:B7:3C: FE:5E:08:B2:25:67 Signature Algorithm: sha256WithRSAEncryption 26:53:65:d8:0f:da:9d:5c:c2:89:7f:e9:59:db:82:df:21:01: bc:a3:b0:96:ec:a1:79:53:d3:6d:a2:73:a4:48:f5:f3:60:37: 2f:d6:c2:bc:34:d6:5c:7b:52:5d:a2:86:c6:22:cc:0d:88:a5: 09:9e:b7:e0:33:0e:94:6a:31:dd:1a:ce:0b:4a:1b:35:81:e8: 18:b8:67:35:7b:c5:55:5b:fa:24:e1:61:d8:fc:4c:fb:0b:69: 6d:b7:e9:88:a8:d9:f4:30:10:9e:d7:62:ac:85:d6:f5:b8:e4: d1:e1:dd:33:91:22:79:d9:d1:27:2a:78:63:a1:7e:92:44:93: 5d:7f:b9:50:5b:7c:41:db:0c:39:77:23:a9:bf:96:10:23:77: 56:f9:ce:90:f2:c8:df:fc:44:22:77:ff:3a:73:64:da:f9:9d: 43:b8:69:0a:60:9d:7e:36:25:20:ea:05:1d:9b:94:cd:ee:68: aa:a6:47:3a:63:73:de:dd:31:b0:d6:03:9e:95:3c:99:1c:f5: c1:10:0c:3b:9b:5b:bb:2b:91:5b:f8:0b:8e:c1:0a:80:b1:82: 3c:fb:af:ea:e3:db:58:02:64:c3:ab:7a:c9:4d:e2:fc:10:3c: ec:06:e0:99:ff:1b:90:aa:e6:ba:48:4e:20:e1:c2:59:01:96: cd:48:36:11 battleb0t.xyz
2023-05-12 02:46:38BGP AS MembershipNoRIPE0040None1516934.74.160.0/20
2023-05-12 02:50:29Physical AddressNoGLEIF0030NoneC/O CORPORATION SERVICE COMPANY, 251 LITTLE FALLS DRIVE, WILMINGTON, US-DE, US, 19808Go Daddy, LLC
2023-05-12 02:44:20Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.110.153
2023-05-12 02:44:31Internet NameNoDNS Resolver0020Nonepics.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneThe Batcave (Net ID: 00:11:32:7C:A3:88)50.8897, 6.0563
2023-05-12 03:19:17Web FrameworkNoWeb Framework Identifier0030NoneBootstrap<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}104.21.6.166
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Noneakashpmani.github.io185.199.110.153
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NonexHamster (Category: XXXPORNXXX) https://xhamster.com/users/ayshooayshoo
2023-05-12 02:47:39Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 13, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://riverside.fm/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"edge.fullstory.com"\n "ekr.zdassets.com"\n "js.hs-banner.com"\n "riverside.fm"\n "riversidefm.zendesk.com"\n "rs.fullstory.com"\n "static.zdassets.com"\n "track.hubspot.com"\n "www.comeet.co"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"riverside.fm"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6828:120:WilError_01"\n "Local\\SM0:4116:120:WilError_01"\n "Local\\SM0:4116:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:6828:304:WilStaging_02"\n "Local\\SM0:6828:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6828:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3800:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.134.250:80"\n "172.67.134.250:443"\n "142.251.32.42:443"\n "142.250.191.35:443"\n "99.84.238.172:443"\n "142.251.46.170:443"\n "185.199.111.153:443"\n "172.64.133.15:443"\n "104.18.7.3:443"\n "143.204.130.227:443"\n "142.250.189.206:443"\n "142.251.214.142:443"\n "104.18.70.113:443"\n "99.84.238.190:443"\n "157.240.22.25:443"\n "45.60.121.129:443"\n "99.84.238.103:443"\n "52.216.212.177:443"\n "142.250.189.232:443"\n "13.35.126.71:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Platform Notifications\\000003.log]- [targetUID: 00000000-00006828]\n "f_00024d" has type "Web Open Font Format (Version 2) TrueType length 37716 version 1.0"- [targetUID: N/A]\n "f_000268" has type "ISO Media MP4 v2 [ISO 14496-14]"- [targetUID: N/A]\n "4b022efb3c5a14dc_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4b022efb3c5a14dc_0]- [targetUID: 00000000-00006828]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006828]\n "f_00023e" has type "PNG image data 338 x 732 8-bit colormap non-interlaced"- [targetUID: N/A]\n "f540820f-9f89-412f-923b-51d1f67340a2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "ed03a5b80f066844_0" has type "data"- [targetUID: N/A]\n "14bf4ad036e1a574_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "PNG image data 1200 x 1200 8-bit colormap non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00002580]\n "97a3780cf75de2bb_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 800 x 450 8-bit colormap non-interlaced"- [targetUID: N/A]\n "6f7515d7-b36c-4d00-b122-1a7c8010b099.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\6f7515d7-b36c-4d00-b122-1a7c8010b099.tmp]- [targetUID: 00000000-00006828]\n "83e8ee8deb6b8139_0" has type "data"- [targetUID: N/A]\n "f_00026e" has type "data"- [targetUID: N/A]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "934c5a20edee0f55_0" has type "data"- [targetUID: N/A]\n "12a6f2f66e30a04a_0" has type "data"- [targetUID: N/A]\n "f_000274" has type "data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"rs.fullstory.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://riverside.fm/"\n Pattern match: "http://riverside.fm"\n Heuristic match: "riverside.fm"\n Heuristic match: "edge.fullstory.com"\n Heuristic match: "ekr.zdassets.com"\n Heuristic match: "js.hs-banner.com"\n Heuristic match: "riversidefm.zendesk.com"\n Heuristic match: "rs.fullstory.com"\n Heuristic match: "static.zdassets.com"\n Heuristic match: "track.hubspot.com"\n Pattern match: "www.comeet.co"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63dcded18cdba55a3f42cb19', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'172.67.134.250', u'172.67.134.250', u'142.251.32.42', u'142.250.191.35', u'99.84.238.172', u'142.251.46.170', u'185.199.111.153', u'172.64.133.15', u'104.18.7.3', u'143.204.130.227', u'142.250.189.206', u'142.251.214.142', u'104.18.70.113', u'99.84.238.190', u'157.240.22.25', u'45.60.121.129', u'99.84.238.103', u'52.216.212.177', u'142.250.189.232', u'13.35.126.71', u'142.250.189.214', u'142.250.191.34', u'23.55.103.97', u'13.35.125.16', u'104.17.210.204', u'13.35.125.14', u'157.240.22.35', u'142.251.46.238', u'142.251.214.134', u'13.35.125.69', u'104.17.71.176', u'104.18.33.171', u'44.227.167.233', u'142.251.2.154', u'142.250.188.10', u'142.250.189.161', u'104.16.53.111', u'52.42.126.136', u'35.201.112.186', u'99.84.238.112', u'35.186.194.58', u'151.101.2.110', u'54.213.154.214', u'52.89.127.0', u'35.162.236.93', u'142.250.189.174', u'142.251.46.195', u'142.251.32.46', u'104.19.154.83', u'35.244.218.227'], u'sha256': u'2dd0c093bda9d915f5043f2e827c446b6911c760e46c3e11de607a05c686856b', u'sha512': u'72c6b21776ab594c097dba2585e7c5cabfe3f0a116e6a60e56e8e82be3938b5106a767d0610253d53ed8c500378e47de2de124b42a77a51f8ffcbd03097caa4b', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://riverside.fm/', u'submission_id': u'63dcded18cdba55a3f42cb1a', u'created_at': u'2023-02-03T10:15:45+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-03T10:15:45+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 50, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c56dad5fd0c2962e78335f65f428f5b5', u'network_mode': u'default', u'processes': [], u'sha1': u'77f939fc618403372967a345ca4999fdf36e90a4', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 10 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'edge.fullstory.com', u'ekr.zdassets.com', u'js.hs-banner.com'185.199.111.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneCuriouscat (Category: social) https://curiouscat.live/loginlogin
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom474ABC (Net ID: 00:0C:F6:47:4A:BC)50.8897, 6.0563
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"}
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneCollaborative innovation network - Collaborative innovation is a process in which multiple players contribute towards creating new products with customers and suppliers.battleb0t.github.io
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:03:66:4F)52.3759, 4.8975
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSHE (Net ID: 00:02:6F:3B:09:D3)37.7642, -122.3993
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5de9314c41108c-ORD Content-Encoding: gzip 104.21.71.14
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.11734.148.97.127
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.199): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneP2d8T7f2d$ (Net ID: 00:18:0A:DF:81:10)32.8608, -79.9746
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneDonation Alerts (Category: business) https://www.donationalerts.com/r/loginlogin
2023-05-12 02:46:50SSL Certificate - Issued toNoSSL Certificate Analyzer1030NoneC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app34.74.170.74
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneArmorGames (Category: gaming) https://armorgames.com/user/ayhuayhu
2023-05-12 02:54:41Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://vijayvtrvv.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b08_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b08_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b08_ConnHashTable<2824>_HashTable_Mutex"\n "IsoScope_b08_IE_EarlyTabStart_0xa10_Mutex"\n "IsoScope_b08_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b08_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2824"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_1789619C-BEEA-11ED-BCF0-0800274498C4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "XNIF2NEQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XNIF2NEQ.txt]- [targetUID: 00000000-00002824]\n "ILAV0GWD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ILAV0GWD.txt]- [targetUID: 00000000-00002824]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "AYPRTCQD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AYPRTCQD.txt]- [targetUID: 00000000-00002764]\n "YD44M3BI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YD44M3BI.txt]- [targetUID: 00000000-00002764]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002824]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_0FE65957-BEEA-11ED-BCF0-0800274498C4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF0F7147F21451F5D5.TMP" has type "data"- Location: [%TEMP%\\~DF0F7147F21451F5D5.TMP]- [targetUID: 00000000-00002824]\n "RecoveryStore._0FE65955-BEEA-11ED-BCF0-0800274498C4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "5SKQI1K8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5SKQI1K8.txt]- [targetUID: 00000000-00002824]\n "~DFC76CE97BABDC83A2.TMP" has type "data"- Location: [%TEMP%\\~DFC76CE97BABDC83A2.TMP]- [targetUID: 00000000-00002824]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "D4LFXWPK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D4LFXWPK.txt]- [targetUID: 00000000-00002824]\n "0HR9FPNL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0HR9FPNL.txt]- [targetUID: 00000000-00002824]\n "~DF2006E49898172CAF.TMP" has type "data"- Location: [%TEMP%\\~DF2006E49898172CAF.TMP]- [targetUID: 00000000-00002824]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "MUID0C360FC979EA6DFB10321D1978A66CCEmsn.com/102542014812163109822931516121831019767*"\n Pattern match: "https://vijayvtrvv.github.io"\n Pattern match: "https://vijayvtrvv.github.io/Netflix-clone/"\n Pattern match: "isdomainmigratedtruewww.msn.com/10257999334403105598531500496831019767*"\n Pattern match: "MUIDB095C7AB1B9DC6C63374A6861B8586DD3ieonline.microsoft.com/921641914812163109822931156746831019767*"\n Pattern match: "SUIDMmicrosoft.com/921640589920003101987531156746831019767*MUID095C7AB1B9DC6C63374A6861B8586DD3microsoft.com/102541914812163109822931156746831019767*_EDGE_V1microsoft.com/921641914812163109822931172371831019767*SRCHDAF=NOFORMmicrosoft.com/10243323789440310"\n Pattern match: "SUIDMmicrosoft.com/921640589920003101987531156746831019767*MUID095C7AB1B9DC6C63374A6861B8586DD3microsoft.com/102541914812163109822931156746831019767*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA694"\n Pattern match: "SUIDMmicrosoft.com/921640589920003101987531156746831019767*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=2022013"\n Pattern match: "www.msn.com/"\n Heuristic match: "ijayvtrvv.github.io"\n Pattern match: "vijayvtrvv.github.io/Netflix-clone/"\n Pattern match: "vv.github.io/Netflix-clone/"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuristic match: "geoiptool.com"\n Heuristic match: "getmyip.co.uk"\n Heuristic match: "getmyip.org"\n Heuristic match: "icanhazip.com"\n Heuristic match: "ifconfig.me"\n Heuristic match: "ip-addr.es"\n Heuristic match: "ip-address.domaintools.com"\n Heuristic match: "ip-api.com"\n Heuristic match: "ip-score.com"\n Heuristic match: "ip.jsontest.com"\n Heuristic match: "ip.xss.ru"\n Heuristic match: "ip4.telize.com"\n Heuristic match: "ipchicken.com"\n Heuristic match: "ipecho.net"\n Heuristic match: "ipinfo.info"\n Heuristic match: "ipinfo.io"\n Heuristic match: "ipleak.net"\n Heuristic match: "ipligence.com"\n Heuristic match: "knowmyip.com"\n Heuristic match: "maxmind.com"\n Heuristic match: "meineipadresse.de"\n Heuristic match: "myexternalip.com"\n Heuristic match: "myip.dnsomatic.com"\n Heuristic match: "myip.ht"\n Heuristic match: "myip.nl"\n Heuristic match: "myip.opendns.com"\n Heuristic match: "myipaddress.com"\n Heuristic match: "queryip.net"\n Heuristic match: "showmyip.com"\n Heuristic match: "showmyipaddress.com"\n Heuristic match: "tracemyip.org"\n Heuristic match: "whatismyip.akamai.com"\n Heuristic match: "whatismyip.ca"\n Heuristic match: "whatismyip.com"\n Heuristic match: "whatismyip.everdot.org"\n Heuristic match: "whatismyipaddress.com"\n Heuristic match: "whatsmyip.net"\n Heuristic match: "whatsmyip.org"\n Heuristic match: "whatsmyipaddress.org"\n Heuristic match: "whatsmypublicip.com"\n Heuristic match: "wtfismyip.com"\n Heuristic match: "hispeed.ch"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc.dll/Error_ServiceInfo.htm\'res://wmploc.dll/Offline_InfoCenter.htm&res://wmploc.dll/Offline_AlbumInfo.htm"\n Pattern match: "wmploc.dll/Service_NoFunc.htm%res://wmploc.dll/Service_No_Local.htm"\n Pattern match: "wmploc.dll/RT_IMAGE/ServiceLarge.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png"\n Pattern match: "wmploc.dll/Blocked_AlbumInfo.htm&res://wmploc.dll/Blocked_AlbumInfo.htm,http://go.microsoft.com/fwlink/?LinkId=70183\'res://185.199.109.153
2023-05-12 03:03:42Internet NameNoDNS Resolver0030Noneoldfluid.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://oldfluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://oldfluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}]
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:F7:C5:5E)33.336199,-111.89446440830702
2023-05-12 02:44:35SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:26 2022 GMT Not After : Feb 15 17:26:25 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8: 0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6: 87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77: 89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51: 03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57: 77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6: 6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c: bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4: 7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3: 39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01: 8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3: f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0: ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63: dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40: ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92: 92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9: 16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87: cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef: 92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce: 9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3: 75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa: f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93: ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d: 65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20: 31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5: 33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee: da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed: 36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e: 49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af: 27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11: cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f: 12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35: 9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e: dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13: f8:ae:73 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption ac:60:96:91:2c:ed:62:e3:68:ab:ed:e4:c1:61:0e:e3:90:31: 8e:31:a9:4b:46:c3:8d:c5:e0:8d:6a:1f:71:38:56:82:9c:31: ee:2d:1e:c2:98:27:b8:9a:55:a7:78:ac:42:82:80:5a:1a:3f: 46:90:d5:fc:3f:8e:74:b4:e7:d4:76:72:66:4f:64:e7:54:46: 71:43:bb:42:84:c6:ab:aa:25:38:1c:ad:60:ca:08:fb:2f:af: 6b:e9:0e:62:15:97:73:27:ee:39:ae:11:a2:19:fc:87:93:31: 01:c6:c2:bd:5e:38:b1:3d:e5:5a:62:7e:60:8c:17:d0:3e:6e: 32:57:eb:54:28:cc:4a:0d:97:2a:6c:f6:c3:5d:8d:fc:27:99: db:56:f3:bf:e2:b4:48:94:fb:dc:8e:3d:27:43:4b:4a:90:a7: 5c:68:44:45:9f:de:e6:ec:0b:1d:70:e4:c8:83:60:12:96:7f: ec:53:10:4f:3d:05:06:c8:b9:0f:d6:87:14:c3:ad:47:7e:54: 4f:22:a7:90:86:28:be:cb:1b:db:56:26:75:23:0a:0e:be:e0: 7a:ad:c8:af:3f:81:81:ab:65:ab:91:6f:ac:eb:f0:ed:29:05: 3a:74:6a:ac:41:f3:d3:ea:c7:b8:d2:98:d6:a4:8f:dc:f6:59: 7a:f9:d5:0f battleb0t.xyz
2023-05-12 03:13:02Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00-evan.github.io] https://www.openphish.com/feed.txt00-evan.github.io
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:80172.67.168.252
2023-05-12 03:06:53Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.185.199.111.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneTheCs_Kids (Net ID: 00:02:6F:F8:F3:36)39.0469, -77.4903
2023-05-12 02:59:47Affiliate - Domain WhoisNoWhois3040None Domain Name: KEYUBU.NET Registry Domain ID: 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registry Expiry Date: 2024-07-31T21:39:25Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: ok https://icann.org/epp#ok Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.NET Registry Domain ID : 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registrar Registration Expiration Date: 2024-07-31T21:39:25Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: ok http://www.icann.org/epp#OK Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2 keyubu.net
2023-05-12 03:24:22Web ContentNoWeb Spider2020None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5e7988238a')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="y6.jA_9kQFy3M6YOg.QQj0I7RDwRq_S0_mJGsO_2b80-1683861862-0-AcgqVWkb5rc1wRzq8CruZzqixRf2dFZvnnpeMqPo3y2RR7Jx_-WXovg8bbE5-sP--_UlGfcV7z4_V2dzBcMQgc0YMGe-kEUsKgbTagVXmpUA4ghc-4PKKMUpkHtuZz1pOKMcK0utLj3hccZMUZnWLxuhkTuTIuQG4o4TSyLTO5DkVUoXElS5eAJBZDveAXcM-BMmbtyiS5OZrdIj-mSAmfLaL706pmvV2Fnl5vtOScBdKynAsN6R2sxLPULzhy1STjWMiZSraZ6Ew2wxtjJHN1h4TKQbcQWPXgeC7N8JO4M701hR33k8KGtSEURoh0GVidfXau0xJ5Jr_OGYkw5FwTBNxUlh_dNr8sS8DOR88UaR5CKeXC5a8lA8uHqsSe_vEPdtQ6ldEQsz8iyhLDK-toyNqpISWEaAU-LNzhQYcTSFycIkBAwjz1zpN5j-awjwVXg6RSi8xKpcwkSr--vTKuOd6x5Ta6zVKvVa1ZDb1BUG5hCEGVVAylLih2TiGym6K9ZGtKfmo5uFC383bpOhjywcXyRzMeHVb0-6rTS3z63iX3ajtvlcxXXHBtT7ZYhauWYn6f0gWo9iG78z0gFNWMboZLU8duYgFtCeIooI5W88WdaOwHui00SnK7AZf-I1NO1RlI5CzrcfcBEcVnBP-f_yBVIgGca2GM5pwr7RuguWROnl62QKlF8-RLW3LA5gZmJXKAJZeG1tfcH7m64xxmCx5ACGWrjrUMscOUmz4eHVBUSovlHfs3fcaIk9rIcxhwwBJRVDZ7oKn49L5lwNMgQFGDH_uzu8lK7M31bKNSdUqZK_4nMd7x2dSJvuX6x1f0d5_OcVPHJZxZ3t19Y2v21qYtJUwk_l3orppRJLdYFyIFSiVGRp27InLA-bNsaoFJuYkaXhMvKIRYQcI57Gu9t5UJBJyHfItWPN13CPHmTRR-xesXCsUCGNSlrn27LW82G3vB0LsnqsDVH9D7CmoXk767loN6MRiMM6E9lV7pktIJEgRREZerErCz-Gw9056q07NCPJYQafcy44fhA0Ayu8GVn0zQYz2hW6ho8NtCxWLxQfDeVyMn6PMsg4IcHVBtGEwWH4OhHGTM9Y96fCik0WwBZwbXdS00HiRtlSReGbhDYPFuGYXFHlUkiHUQ8TNNjJwXP8HrnSnr-Tv6HMk8DT21iZM1t8Ws-Z1VPVHIUqMpqoj6bYoJTKdTHCyWVXSoymcDjiiAr_dGcQ70iCvCfjEHAw9_ZFb11mKAVckSFfHs_OhqOxwVZ8fWFWX5CRVYjb8-2Mg4cL3IvIHLOVh97Eo-8uZhAyESkAuV2iGT1_77CGqcRlglDGfKHj9D0j_GrA2lys8V_W4n84xH9sB9BtW8YrWDnEH4r1lV4ZaxbUDArRwxqP9P1FzSMMjtcVzsgzIRpF2ste2ogtL1ku1f750t7TYDkzGvNZnmSp--sTxTZcyZjvZuT-kxIOnFkQudjV92D0dpRia33x6FdgV44_rvGqDtNVBEvpDVRPc5F7iWJTGkpG_0wSt-t0pHAlpnVj5960VNsQ1fIVqzIjyeTRIupoKny56OID3zofBUX9GXMMvftzuBxkvH568kA-nhoghfb5gJUTU4dQVs3R3lvIMsLJW_0OugCzVwa7bbjSi3yNlNTmyyZSUaQHqMOYwEHt04GQZ_JQBpDCQvIGLq1fOLeArqr97ZPrGgk_x7n2c6MIQK0vFFlSI1sI8OS4yi8D0V-GNr2Bt_G2Ue_TKIZGNfQPaWAM0jGlpc1nPWIZS-sYxW-8ui-6eexGBFZ5-zLr2uaHNG_xNol2Di7iRI4TW5JoZOZTUx2wSZVCmafA5viAw12czMeK4Ymm36GiAo0mTnIrrghObXpHRydCjEOD-ie6KdVTajZGWvZP24dk25nzrx7uELmxfIPaAvIALx9AdiYBCbeQ0Yz_UH9uDQF6Eh_AqthmXwQQH1F4IA_32McFzcxir6Txr6Mur3t22mOZF963IcNMqvP7vPcccq_rufb25sF8o6nhmaVg8cgPEKIwNeq8Yai0pVnLlllLMVSWIHePNfLuLOdg9LDG1pq1rafu4Rgb-yc2Aoh4enGvHZkuRe6wlOLCDdREAADDoXkFVowEW_DGLxK1pMON0uU78NiTV9_r2o4osZBaOPn8heMmK90xPpnLokgH3gubppwq1gfmaT0RIIPWt7RVKpJRXQ_wSjLVjILALRXQY6PbelUym6TQ1z5fJfHRmrHxVnQvY6aogsFcFGtQVSrl8OCNEwv9P3oaH1GWxoSabHdrSKZmlLs2m-l9LJf4El9FKIA3NBr09u94xMLRSPmEHb4Ol-KPCw5RJiAwyBy2nrohjehlLLjGIgbGh_hTPi8G-yGwVEOyQB8GJBts_O8-g8mz65tw5NpdS_SbFPOasS6txd-b_DzeOnkkcJgqOwM_x3VH39HvzlVBkxqyTu-7yh1ffXA3EAxe-TkXe6foRnX1wH3iJh2_MCDDGxTOkk8Xj59t6wAawmHCKnU2CvogDUE"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '13063', cRay: '7c5f8c5e7988238a', cHash: 'ba708169066f393', cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'YtLw1r+G4BXsd0FkRMvka85wm7Lw/iR0rXUYENjW5JZbvNWZBYa0q0+Il8LjyNehJabAqUtaWf767wbCNaYgySnBqnpPsMoOa0cKWt1fZp4gdy+C8LU/pGEGRmyTt+1SC3FdTYu6cI8WiDs6EYfaolZ1Q4GzSM9aW8XcriqivgIDXT1BzBjJwTzpAp1U3aRGBhldnftnEosz5IN8cZ/ZfjD59KxZxCk4YJ82hAC/4p5NK53nkqtCB8+yebFdC+eEhhByuy+cDGuW019GQtjFSS9CeSHMkq0X5vvnjvWzUwgZWatWT4cb7H1DRCSbe56JnIW2SqUEUemPQIyx8r8XETw2r/jfEGJaIkWc0xNQcTIwyTo7s7DjvWVDpJZwE8RGlfo+XMla1yJOLJeQ4p8yS62WkxGCezqaUSIRC9W7/EJZB2hizQMBsQ33Qut7vH5/uRFNuCVFUoIv1B6FDgjnGpAfl6VMz5kByy7JL0ytkDTuSpiY63YcvOGMdbIIR3h4udGCBX1zULf54DaAq4yJPJFFrDJ28oS3TKgFFoFGJa2VsTR4xn/6LIYLPcOgI6uz', t: 'MTY4Mzg2MTg2Mi4xNjAwMDA=', m: 'c3pqWAYwgRkhuI1rZgTpwNhg2e/0sRGYZUtHGzVigsI=', i1: 'NNf66iKUbSi3dpVZsq8TXQ==', i2: 'dYlWHTj6TB0dDvgfdZy2xA==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5e7988238a'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5e7988238a'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> http://ayhu.xyz/
2023-05-12 02:44:11Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0110Nonegithubusercontent.combattleb0t.xyz
2023-05-12 02:45:32Malicious IP AddressYesPhishStats0120NonePhishstats [104.21.6.166] 104.21.6.166
2023-05-12 03:05:12Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.fluid.battleb0t.xyz
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.33): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:37Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00ty.github.io
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:16Linked URL - InternalNoWeb Spider4030Nonehttps://oldfluid.battleb0t.xyz/dat.gui.min.jshttps://oldfluid.battleb0t.xyz/
2023-05-12 02:52:56SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:47 2022 GMT Not After : Mar 27 01:46:46 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73: ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3: 24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1: 1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c: 7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75: bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64: 25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35: 82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30: 5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5: 3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91: 70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3: 52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92: e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56: a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64: aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98: 02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b: 8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa: b6:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 27 02:46:47.420 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:5E:6B:E1:80:95:E9:06:B9:64:A1:6D:DC: F7:46:19:D7:44:B3:41:56:D0:CD:B2:17:79:5E:38:01: 98:82:42:B4:02:21:00:BB:82:4F:AE:81:BB:9F:FF:F6: F5:EC:BC:04:24:9F:54:06:50:1B:72:28:CB:B2:D2:B9: F3:82:3C:FB:08:50:07 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 27 02:46:47.434 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:DB:34:C7:60:1E:A0:7B:B4:93:B7:C3: 6F:79:DF:2B:2D:A1:07:F6:E0:3C:66:9E:DB:AB:71:DF: C8:12:FA:43:40:02:20:40:0C:EE:4D:C0:C7:6C:61:B4: C4:4E:15:E2:3B:37:04:6C:A3:AE:DB:A8:2D:9F:6D:D1: 44:F8:EF:BB:53:2D:AA Signature Algorithm: sha256WithRSAEncryption 2d:0d:59:11:7e:bd:11:7c:f4:13:c8:d6:c5:40:47:7f:c1:17: f8:18:85:ad:f5:ee:eb:ca:33:40:d0:80:8a:a2:5e:d9:cb:36: 84:5e:8f:ea:da:80:c0:0f:bc:fb:ed:5d:aa:90:c6:8d:e2:e0: 93:88:ba:dd:b6:40:89:0d:e9:1c:2b:f7:10:55:11:ed:5f:b4: fb:fb:56:28:a1:cf:a8:59:b5:c5:78:e9:54:8e:06:d9:23:af: f2:43:7d:64:52:f1:26:ea:4f:5e:ca:47:af:10:86:bc:07:b5: f9:72:9d:08:e5:af:f4:89:55:6c:58:05:70:62:87:bc:37:3c: b1:7c:29:a6:06:1e:b5:a4:e0:40:13:6d:69:d7:73:91:80:75: 18:3c:5b:0a:7c:a4:ff:05:c7:98:e1:97:78:96:31:ea:08:08: 4a:40:e6:a1:dd:b4:58:50:6f:80:e3:70:72:18:89:1b:9e:32: 1a:ca:dd:a2:a8:e9:74:eb:2c:c4:a6:1c:b7:31:48:b6:e4:67: 9b:a7:9c:a6:df:cd:82:95:8c:31:83:cd:c7:0e:e3:d2:a3:19: 06:a0:13:7b:a7:11:2c:dd:85:53:7f:ff:2c:0f:11:cf:5d:a7: fb:7d:2f:9b:4b:7a:3e:55:04:0b:72:4a:13:4f:26:99:3b:63: 24:f8:e3:2a battleb0t.xyz
2023-05-12 02:54:38Physical LocationNoCensys0030NoneSan Francisco, California, 94107, United States, North America172.67.168.252
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonehhcpa (Net ID: 00:06:25:3B:8E:36)33.336199,-111.89446440830702
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneAndrea Schwartz Gallery 5G (Net ID: 00:01:9F:3D:4F:6C)37.7813933,-122.3918002
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00lt00.github.io185.199.111.153
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.113): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:53:15IP AddressNoMnemonic PassiveDNS0010None185.199.108.153battleb0t.xyz
2023-05-12 03:18:46Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18}https://pics.battleb0t.xyz/images/withat_1.jpg
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:46:38BGP AS MembershipNoRIPE0040None1516935.229.48.0/20
2023-05-12 02:53:39Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 9954:9C3B:20A7B64:2F7931C:645C5074 Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 259 X-Served-By: cache-chi-klot8100161-CHI X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1683771768.574276,VS0,VE2 Vary: Accept-Encoding X-Fastly-Request-ID: 8a09b57cb5993eaa6860d607d298dd9826aef348 185.199.108.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonesetlist.fm (Category: music) https://www.setlist.fm/user/loginlogin
2023-05-12 03:32:17Open TCP PortNoPulsedive0030None188.114.97.9:80188.114.97.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneMHeckmans (Net ID: 00:02:CF:CB:87:99)50.8897, 6.0563
2023-05-12 02:54:19HTTP HeadersNoWeb Spider6040None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"}https://fluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 02:44:12SSL Certificate - Issued toNoSSL Certificate Analyzer0020NoneCN=*.cloudwaysapps.comkekw.battleb0t.xyz
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.202): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:8443104.21.6.166
2023-05-12 03:36:20Open TCP PortNoPulsedive0030None188.114.97.128:8080188.114.97.0/24
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NoneSearch engine optimization metrics - A number of metrics are available to marketers interested in search engine optimization. Search engines and software creating such metrics all use their own crawled data to derive at a numeric conclusion on a website's organic search potential.baffin.netcraft.com
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonexHamster (Category: XXXPORNXXX) https://xhamster.com/users/loginlogin
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonemonks56 (Net ID: 00:06:25:C3:88:45)33.336199,-111.89446440830702
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F0:97:C1)37.7813933,-122.3918002
2023-05-12 02:55:25UsernameNoSocial Network Identifier43040NoneAltpapierhttps://github.com/Altpapier/SkyHelperAPI/issues
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.49): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}172.67.168.252
2023-05-12 02:53:04Open TCP PortNoPulsedive0030None185.199.111.153:443185.199.111.0/24
2023-05-12 02:44:19Co-Hosted SiteNoSSL Certificate Analyzer0020Nonewww.github.com185.199.110.153
2023-05-12 02:47:26Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 8, u'threat_score': 80, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://zaratec.io/assets/img/favicons/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "AcroRd32.exe" (UID: 00000000-00003900) was launched with modified environment variables: "PATH"\n Process "RdrCEF.exe" (UID: 00000000-00001728) was launched with modified environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00001724)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003900)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003152)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /assets/img/favicons/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zaratec.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /assets/img/favicons/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zaratec.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_718_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\LRIEElevationPolicyMutex"\n "IsoScope_718_IE_EarlyTabStart_0x66c_Mutex"\n "IsoScope_718_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_718_ConnHashTable<1816>_HashTable_Mutex"\n "IsoScope_718_IESQMMUTEX_0_303"\n "IsoScope_718_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1816"\n "Local\\VERMGMTBlockListFileMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "SmartScreen_ClientId_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "CommunicationManager_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00001724)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003900)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003152)\n Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (UID: 00000000-00001728)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=7BEE27BC222632A4E79EAB52 ..." (UID: 00000000-00002344)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar889D.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar884D.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1546/015', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1546.015', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" touched "UsersFiles" (Path: "HKCU\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\SHELLFOLDER")\n "rundll32.exe" touched "Adobe Acrobat Document" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{B801CA65-A1FC-11D0-85AD-444553540000}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Computer" (Path: "HKCU\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SHELLFOLDER")\n "rundll32.exe" touched "Enhanced Storage Icon Overlay Handler Class" (Path: "HKCU\\CLSID\\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" (Path: "HKCU\\CLSID\\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\\PROGID")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2 (GFS Stub)" (Path: "HKCU\\CLSID\\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" (Path: "HKCU\\CLSID\\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 3 (GFS Folder)" (Path: "HKCU\\CLSID\\{16F3DD56-1AF5-4347-846D-7C10C4192619}\\INPROCSERVER32")\n "rundll32.exe" touched "Memory Mapped Cache Mgr" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\TREATAS")\n "rundll32.exe" touched "Property System Both Class Factory" (Path: "HKCU\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\\TREATAS")\n "rundll32.exe" touched "Start Menu Cache" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\\INPROCHANDLER")\n "rundll32.exe" touched "Start Menu Pin" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\\INPROCSERVER32")\n "rundll32.exe" touched "Taskband Pin" (Path: "HKCU\\CLSID\\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\\TREATAS")\n "rundll32.exe" touched "Shortcut" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{00021401-0000-0000-C000-000000000046}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Internet Shortcut" (Path: "HKCU\\CLSID\\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "User Pinned" (Path: "HKCU\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\SHELLFOLDER")\n "rundll32.exe" touched "Shell File System Folder" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\\INPROCSERVER32")\n "rundll32.exe" touched "User Assist" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\\PROGID")\n "rundll32.exe" touched "Shared Task Scheduler" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{603D3801-BD81-11D0-A3A5-00C04FD706EC}\\TREATAS")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab889C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab884C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Registry Access', u'identifier': u'registry-25', u'name': u'Reads information about supported languages', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\LOCALE"; Key: "00000409")\n "rundll32.exe" (185.199.111.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None3019fc (Net ID: 00:02:2D:30:19:FC)37.7642, -122.3993
2023-05-12 02:47:46Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'VoiceMailMemo950.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC81A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "207.241.228.150:443"\n "13.227.74.44:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"getbootstrap.com"\n "ia801500.us.archive.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e88_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e88_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_e88_IESQMMUTEX_0_519"\n "IsoScope_e88_IESQMMUTEX_0_331"\n "IsoScope_e88_IE_EarlyTabStart_0xcf0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e88_ConnHashTable<3720>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3720"\n "IsoScope_e88_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e88_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /34/items/7164025490-20221107-091147/7164025490_20221107_091147.mp3 HTTP/1.1\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept: */*\nGetContentFeatures.DLNA.ORG: 1\nPragma: getIfoFileURI.dlna.org\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nHost: ia801500.us.archive.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /34/items/7164025490-20221107-091147/7164025490_20221107_091147.mp3 HTTP/1.1\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept: */*\nGetContentFeatures.DLNA.ORG: 1\nPragma: getIfoFileURI.dlna.org\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nHost: ia801500.us.archive.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "OGFMCCVK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OGFMCCVK.txt]- [targetUID: 00000000-00003720]\n Dropped file: "TFIYPCCB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TFIYPCCB.txt]- [targetUID: 00000000-00003720]\n Dropped file: "S5GOY3AO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S5GOY3AO.txt]- [targetUID: 00000000-00003192]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003720]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003192]\n "signin_1_.css" has type "ASCII text"- [targetUID: 00000000-00003720]\n "_52898875-9CDE-11ED-967C-080027BEA5A3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "~DF942F6CCF20CCC8F3.TMP" has type "data"- Location: [%TEMP%\\~DF942F6CCF20CCC8F3.TMP]- [targetUID: 00000000-00003720]\n "_5CEA68F8-9CDE-11ED-967C-080027BEA5A3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003720]\n "~DF48F06A6EB7E1A5AD.TMP" has type "data"- Location: [%TEMP%\\~DF48F06A6EB7E1A5AD.TMP]- [targetUID: 00000000-00003720]\n "OGFMCCVK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OGFMCCVK.txt]- [targetUID: 00000000-00003720]\n "TFIYPCCB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TFIYPCCB.txt]- [targetUID: 00000000-00003720]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00003720]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003720]\n "~DF3C3963D5684B734E.TMP" has type "data"- Location: [%TEMP%\\~DF3C3963D5684B734E.TMP]- [targetUID: 00000000-00003720]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003720]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003720]\n "S5GOY3AO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S5GOY3AO.txt]- [targetUID: 00000000-00003192]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003192]\n "RecoveryStore._52898873-9CDE-11ED-967C-080027BEA5A3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "TarC81A.tmp" has type "data"- Location: [%TEMP%\\TarC81A.tmp]- [targetUID: 00000000-00003192]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human185.199.111.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneNH-NEW (Net ID: 00:01:21:30:F0:42)37.7642, -122.3993
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c57480ebf7f3732-FRA"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.96.1
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None200WMadison (Net ID: 00:01:21:30:9B:1B)41.8781, -87.6298
2023-05-12 02:55:18Raw Data from RIRsNoCensys13030None{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}46.101.229.70
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonemail.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 18:07:07 2022 GMT Not After : Mar 13 18:07:06 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5: cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40: 8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da: 78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a: 56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00: cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85: b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4: 1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d: 86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9: c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0: 2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f: 7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28: 87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb: 3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9: ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf: fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce: a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1: d3:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 19:07:08.083 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D0:FF:78:AE:C3:62:89:90:F2:A9:F6: CF:41:A5:B6:AB:51:6D:6E:FB:5E:D8:9D:88:9E:50:39: 26:BD:EC:AC:34:02:21:00:BC:89:FB:E2:F1:35:F7:00: 0B:4C:4C:DE:C4:12:88:E0:4F:52:7D:18:21:0D:AC:62: BC:76:DD:A2:F8:3F:5B:1D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 13 19:07:08.583 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:51:94:B0:CF:3C:86:38:A4:D9:80:6F:E3: EC:3D:37:CB:B4:65:E2:35:17:5E:BA:96:76:F4:A6:90: 1D:6A:AE:4B:02:21:00:9D:89:ED:FC:FA:3F:52:5C:6A: FF:DA:D2:C4:54:F3:CB:81:7B:1B:4B:4F:01:26:9F:C1: 04:B7:D6:CE:B9:77:B8 Signature Algorithm: sha256WithRSAEncryption 91:4e:e2:bf:36:57:41:de:a3:6f:91:fb:a2:73:ec:c8:9e:f7: 1f:0d:59:7b:c6:09:e3:fb:bf:a4:c2:8a:32:fa:c4:f6:df:3f: aa:05:e0:24:98:16:08:84:62:26:41:b9:6f:39:f4:71:d6:ee: 5c:b1:36:f4:e8:21:c1:33:ce:b6:3c:af:4d:e7:18:2f:6c:27: 6e:cd:40:66:5d:d7:bd:71:74:93:04:96:39:63:25:d2:be:99: 3b:37:81:f8:a4:eb:0b:81:a4:3b:25:e3:9f:76:85:e0:0f:1a: 92:b6:27:46:71:61:51:3a:f7:5d:72:65:00:9d:09:05:5c:de: c1:d4:54:d5:5a:d7:d7:34:d4:2c:67:0d:f8:a4:f0:c4:3a:47: 80:3c:8b:81:06:a8:34:d6:42:45:55:c8:42:f9:cf:43:4d:ee: bd:e9:55:d7:d8:77:a3:d9:4c:76:08:4a:3c:a8:97:42:30:c9: 07:48:ea:bf:5e:b8:93:d2:56:00:0f:04:1c:00:01:69:ac:de: 20:d1:8a:7a:88:01:7c:94:e0:3d:d3:30:5e:a9:3c:d3:38:56: 5b:30:14:08:f5:b9:a1:f9:56:6c:72:be:02:ce:ad:d8:53:46: 35:20:ba:70:c5:77:bf:fa:4e:08:fb:a6:cd:30:77:f4:dc:52: 90:b6:5b:91
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Noneply.gg185.199.109.153
2023-05-12 02:59:53Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.nwapi2.battleb0t.xyz
2023-05-12 02:44:13Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonegithub.iowww.battleb0t.xyz
2023-05-12 02:59:54Affiliate - Email AddressNoE-Mail Address Extractor0030Nonejdenig@generalatlantic.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://generalatlantic.com/astehnkuhl@generalatlantic.com%20https://site.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fastehnkuhl%40generalatlantic.com%20https%3A%2F%2Fllink.to%2F%3Fu%3Dhttps%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fjdenig%40generalatlantic.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3f4_IE_EarlyTabStart_0xe18_Mutex"\n "IsoScope_3f4_IESQMMUTEX_0_331"\n "IsoScope_3f4_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3f4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "IsoScope_3f4_ConnHashTable<1012>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.43.150:443"\n "104.21.16.120:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://plus.google.com/107971784894043504000/" onclick="window.open(this.href);return false;"><i class="fa fa-google-plus"></i></a>" (Indicator: "plus.google.com")\n "<a href="https://twitter.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-twitter"></i></a>" (Indicator: "twitter")\n "<a href="https://www.facebook.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a href="https://www.linkedin.com/company/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-linkedin"></i></a>" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/user/nexcessnet" onclick="window.open(this.href);return false;"><i class="fa fa-youtube"></i></a>" (Indicator: "youtube")\n "<p>Congrats on launching your new Website! Spread the good news: <a href="https://twitter.com/share" class="twitter-share-button" data-text="Just launched my new website with @Nexcess!" data-count="none">Tweet</a></p>" (Indicator: "twitter")\n "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar102F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1041.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab102E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1040.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "GJU2ZIBE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GJU2ZIBE.txt]- [targetUID: 00000000-00001012]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002472]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF50FE3D0FF9FC6B92.TMP" has type "data"- Location: [%TEMP%\\~DF50FE3D0FF9FC6B92.TMP]- [targetUID: 00000000-00001012]\n "_5CF2F181-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._52546023-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "site_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "FTU5WTPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FTU5WTPF.txt]- [targetUID: 00000000-00001012]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "llink_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_A79A7ACA-C1A9-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "5EL6UQQZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5EL6UQQZ.txt]- [targetUID: 00000000-00002472]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"!1,w)})},u).prototype.cr=function(){},u.prototype.xy=function(){this.mx.g().focus()},u.prototype.tt=function(w,z,u,r,e,z,y){return(r=((z=new a_((e=["api","payload",(u=void 0===u?"":u,y=["p",0,37],2)],f)[29](y[2],e[y[1]],e[1])+u),z.u).set(y[0],w),wx.y()).get(),z.u.set("k",v[7](16,e[2],r)),z&&z.u.set("id",z),z).tostring()},u).prototype.h1=function(){},u.prototype.ia=function(w,z){(((this.su[(z=["qu",30,"sq"],z)[0]](w),this).mx[z[0]](w),this).rr[z[0]](w),this)[z[2]][z[0]](w),this.bi[z[0]](w),v[z[1]](9," [Source: recaptcha__en_1_.js]\n Observed email domain:"z,u){(this[(((((td.prototype.sw[z=["undo-button-holder","image-button-holder","verify-button-holder"],u=["call",1,"sq"],u[0]](this,w),this.su).render(c[41](68,this,"reload-button-holder")),this.mx.render(c[41](52,this,"audio-button-holder")),this.rr).render(c[41](53,this,z[u[1]])),this.bi).render(c[41](84,this,"help-button-holder")),this.xv).render(c[41](68,this,z[0])),f[13](8,!1,this.xv.g()),u)[2]].render(c[41](68,this,z[2])),this).ee?f[13](22,!1,this.mx.g()):f[13](20,!1,this.rr.g())},u).prototype.nu=" [S
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.195): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:54BGP AS MembershipNoCensys0020None133352a06:98c1:3121::1
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0070NoneNAMECHEAP INCDomain Name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2022-06-08T05:38:27Z Creation Date: 2022-06-03T05:37:56Z Registry Expiry Date: 2026-06-03T05:37:56Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-06-03T05:37:56.70Z Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0067ed.github.io] https://www.openphish.com/feed.txt0067ed.github.io
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None20654 (Net ID: 00:0D:3A:27:40:51)39.0469, -77.4903
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/withat_1.jpghttps://funny.battleb0t.xyz/
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMCUUID (Minecraft) (Category: gaming) https://mcuuid.net/?q=loginlogin
2023-05-12 02:44:21Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.110.153
2023-05-12 02:52:56Web TechnologyNoTool - WAFW00F0020NoneNone Nonekekw.battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneFRANZ (Net ID: 00:01:24:F2:7F:35)37.7642, -122.3993
2023-05-12 03:43:29CountryNoCountry Name Extractor0060NoneGermanydomixo-hosting.de
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNet24CE (Net ID: 00:01:36:59:24:CC)37.780462,-122.390564
2023-05-12 02:45:30Physical LocationNoipapi.co0030NoneNorth Charleston, South Carolina, SC, United States, US35.229.48.116
2023-05-12 02:55:15Netblock MembershipNoCensys3030None165.232.112.0/20165.232.113.85
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None00feng00.github.io185.199.111.153
2023-05-12 03:00:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.5): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:32:06Open TCP PortNoPulsedive0030None188.114.97.4:8080188.114.97.0/24
2023-05-12 03:24:48CountryNoCountry Name Extractor0040NoneUnited Stateskeyubu.net
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneReddit (Category: social) https://www.reddit.com/user/Battleb0tBattleb0t
2023-05-12 03:23:27Open TCP PortNoPulsedive0030None188.114.96.9:80188.114.96.0/24
2023-05-12 03:01:03Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.110): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:51Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H06G1NS24K8856E7B6C2JF02 Date: <REDACTED> Content-Length: 0 34.74.170.74
2023-05-12 02:44:29Co-Hosted Site - Domain NameNoDNS Resolver0030Nonecloudwaysapps.comcloudwaysapps.com
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonewilson (Net ID: 00:02:2D:08:06:B3)37.780462,-122.390564
2023-05-12 02:50:30Physical AddressNoGLEIF0030NoneC/O CORPORATION SERVICE COMPANY, 251 LITTLE FALLS DRIVE, WILMINGTON, US-DE, US, 19808GoDaddy.com, LLC
2023-05-12 03:00:01Affiliate - Email AddressNoE-Mail Address Extractor0030Nonesupport@yeulpay.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 33, u'threat_score': 50, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://yeulpay.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5576:304:WilStaging_02"\n "Local\\SM0:5576:120:WilError_01"\n "SM0:5576:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5812:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:49730"\n "68.142.107.4:49733"\n "142.250.191.74:49734"\n "142.251.46.227:49735"\n "142.250.189.232:49736"\n "142.250.191.78:49744"\n "185.199.108.153:49747"\n "23.55.103.80:49749"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.yeulpay.com"\n "yeulpay.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsyeulpay.com" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00005812]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\json\\i18n-shared-components\\zh-Hant\\strings.json]- [targetUID: 00000000-00005812]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00005812]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "PNG image data 1024 x 643 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp]- [targetUID: 00000000-00005812]\n "b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp]- [targetUID: 00000000-00005812]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00005812]\n "4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp]- [targetUID: 00000000-00005812]\n "f_000243" has type "PNG image data 4000 x 2880 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp]- [targetUID: 00000000-00001448]\n "f_00023d" has type "PNG image data 600 x 403 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp]- [targetUID: 00000000-00005812]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00005812]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00005812]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\111.0.1661.54\\WidevineCdm\\manifest.json]- [targetUID: 00000000-00005812]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00005812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"wallet-drawer.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "tokenized-card.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Tokenized-Card\\tokenized-card.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "edge_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "shopping_iframe_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\shopping_iframe_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "notification.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Notification\\notification.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "vendor.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]'}, {u'category': u'Environment Awareness', u'origin': u'API Call', u'identifier': u'api-169', u'name': u'Tries to access recent files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.TEMP"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.temp"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms~RF12dcbc.TMP"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://yeulpay.com/"\n Pattern match: "https://www.googletagmanager.com/gtag/js?id=G-4HDJ19RJFF"\n Pattern match: "https://yeulpay.com"\n Pattern match: "www.yeulpay.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Heuristic match: "yeulpay.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://yeulpay.com,supports_spdy:true},{alternative_servic
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneCCAZ (Net ID: 00:02:6F:EA:D0:4E)33.6170672,-111.90564645297056
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMOT-1-7F (Net ID: 00:18:C0:62:7F:7F)32.8608, -79.9746
2023-05-12 02:46:18Affiliate Description - CategoryNoDuckDuckGo0020NoneInternet securityskip.ns.cloudflare.com
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D4:3E)32.8608, -79.9746
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.201): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:15Linked URL - ExternalNoWeb Spider0030Nonehttps://sky.shiiyu.moehttps://nwapi2.battleb0t.xyz/
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonemyLGNet (Net ID: 00:02:A8:B1:C8:F5)50.1188, 8.6843
2023-05-12 03:33:28Malicious IP AddressYesVirusTotal0030NoneVirusTotal [185.199.111.154] https://www.virustotal.com/en/ip-address/185.199.111.154/information/185.199.111.0/24
2023-05-12 02:54:03BGP AS MembershipNoCensys0020None13335172.67.135.9
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-ray: 7c5f606679610ce9-EWR{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"}
2023-05-12 02:45:42Raw Data from RIRsNoAbstractAPI0020None{u'city': u'San Francisco (South Beach)', u'security': {u'is_vpn': False}, u'city_geoname_id': 5326621, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -118.244, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:41'}, u'latitude': 34.0544, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.108.153', u'continent': u'North America', u'region_iso_code': u'CA'}185.199.108.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:13:49:64:69:8A)40.2024, 29.0398
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.202): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:03Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America172.67.135.9
2023-05-12 03:24:22Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8http://ayhu.xyz/
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneBurfas28 (Net ID: 00:15:6D:7C:EF:0A)40.2024, 29.0398
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonenew network (Net ID: 00:02:2D:08:76:AE)34.0544, -118.244
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomE46DB8 (Net ID: 00:0C:F6:E4:6D:B8)50.8897, 6.0563
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMcDonalds Free WiFi (Net ID: 00:14:6A:5B:53:90)32.8608, -79.9746
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonetradingview (Category: finance) https://www.tradingview.com/u/login/login
2023-05-12 03:00:14Internet NameNoCertificate Transparency0010Nonewww.ayhu.xyzayhu.xyz
2023-05-12 03:10:00Affiliate - Domain NameNoDNS Resolver2050Nonetelleria.comshop.telleria.com
2023-05-12 03:01:00Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.101): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2053104.21.71.14
2023-05-12 02:44:21Internet NameNoDNS Resolver0020Nonenuke.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 13 15:23:51 2023 GMT Not After : May 14 15:23:50 2023 GMT Subject: CN=nuke.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31: ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71: 0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af: 0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a: 5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7: 39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65: 24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59: 71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34: e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9: 0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc: 9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74: 06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3: aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75: 91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79: 73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb: 18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61: 4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26: a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1: d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1: 46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9: 1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01: 80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7: eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de: b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f: e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48: f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99: d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20: 45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86: e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd: 16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9: 1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9: f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8: 73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9: 53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba: 3c:1f:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nuke.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 13 16:23:51.711 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:74:49:47:F4:26:47:0D:47:E2:9A:66:AF: F3:3B:46:53:9D:6A:00:FC:C4:5B:6D:E9:3D:6A:E5:A3: AC:D8:18:26:02:21:00:F0:DF:BE:68:08:A5:73:33:B8: 41:78:C8:F1:1D:97:89:D0:3C:53:99:EC:D3:37:A8:F1: 3C:4D:2D:2A:6D:AA:99 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 13 16:23:51.724 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C5:F1:D7:EC:63:EF:D2:2B:1D:83:7B: 83:54:8D:82:F0:09:7B:86:48:A1:52:8A:D7:9F:9A:A4: 8F:C9:E6:6D:A9:02:21:00:BF:BA:DA:57:96:9F:75:77: 05:96:B4:C2:FA:F6:06:66:B5:84:A9:CC:F1:BA:83:9B: 82:75:E0:63:24:71:36:67 Signature Algorithm: sha256WithRSAEncryption 85:63:54:da:d2:e7:1a:fb:ec:3f:3a:27:f7:a7:67:fe:c8:7b: 01:a2:64:e4:ee:ee:8e:f0:73:aa:5c:d0:77:bb:6f:be:12:26: 63:92:52:2b:90:c5:19:0c:01:d9:fb:68:bc:45:29:22:6d:35: 24:74:65:da:4b:43:d7:65:1a:2d:49:c6:90:fb:fd:df:39:3b: cf:ed:9d:e1:a6:3d:3e:a0:05:2d:c4:03:55:00:85:97:89:e2: 1e:88:22:b2:ee:28:86:0f:c1:b8:e5:17:29:7c:e7:e3:6e:66: 99:6b:e8:89:3f:2e:a5:71:74:a0:b7:70:7a:4e:d4:b2:8a:69: b1:f7:4b:20:bd:fb:7b:d5:07:9a:0c:c6:99:dd:4b:3f:c8:5e: 41:b1:8e:dd:2a:1a:39:aa:08:e2:1e:e6:e3:63:8f:d4:59:98: ae:0a:7d:59:e3:fc:7d:a9:1f:51:9d:83:fc:16:e1:80:20:2f: 21:21:50:dd:de:43:12:b9:29:89:20:37:79:64:39:a0:00:fa: b9:f2:d1:d6:97:d7:a4:ad:65:b2:7e:a9:68:2b:1e:77:25:f0: a5:6a:9b:71:2e:77:c5:cb:51:1f:d8:52:be:f1:4f:2f:03:bf: 1b:74:58:57:b0:dc:c1:17:3e:44:8c:02:67:40:b6:b2:69:3c: 5b:81:25:af
2023-05-12 03:00:57Co-Hosted SiteNoHackerTarget2020None01.github.io185.199.111.153
2023-05-12 02:45:04CountryNoCountry Name Extractor0020NoneBritish Indian Ocean Territorygithub.io
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneRhodeNet (Net ID: 00:02:2D:0F:8E:DF)37.7642, -122.3993
2023-05-12 02:54:23Web ContentNoWeb Spider0040None*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131}html,button{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji"}body{display:flex;flex-direction:column;min-height:100vh}a{transition:color .15s ease;background-color:transparent;text-decoration:none;color:#0051c3}a:hover{text-decoration:underline;color:#ee730a}.hidden{display:none}.main-content{margin:8rem auto;width:100%;max-width:60rem}.heading-favicon{margin-right:.5rem;width:2rem;height:2rem}@media (max-width: 720px){.main-content{margin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;font-size:2.5rem;font-weight:500}.h2{line-height:2.25rem;font-size:1.5rem;font-weight:500}.core-msg{line-height:2.25rem;font-size:1.5rem;font-weight:400}.body-text{line-height:1.25rem;font-size:1rem;font-weight:400}.expandable-title{line-height:1.5rem;font-weight:500}@media (max-width: 720px){.h1{line-height:1.75rem;font-size:1.5rem}.h2{line-height:1.5rem;font-size:1.25rem}.core-msg{line-height:1.5rem;font-size:1rem}}.icon-wrapper{display:inline-block;position:relative;top:.25rem;margin-right:.2rem}.heading-icon{width:1.625rem;height:1.625rem}@media (max-width: 720px){.heading-icon{width:1.25rem;height:1.25rem}}.warning-icon{display:inline-block;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADQAAAA0CAMAAADypuvZAAAAPFBMVEUAAACvDwOyDwKyDwOvEACyDgOyDwKvDwKwDgCyDgKxDgOyDgKvDgKyDwKyDgOxDgKzDgKxDgKxEASyDwMgW5ZmAAAAE3RSTlMAQN+/EJDvMB9wYJ9Qz7CAf6CAtGoj/AAAAcFJREFUSMeVltu2gyAMRLlfBDxt+f9/PTq2VXSwmod2GdhkEoIiiPmYinK1VqXt4MUFk9bVxlTyvxBdienhNoJwoYMY+57hdMzBTA4v4/gRaykT1FuLNI0/j/1g3i2IJ8s9F+owNCx+2UlWQXbexQFjjTjN1/lGALS9xIm9QIXNOoowlFKrFssYTtmvuOXpp2HtT6lUE3f11bH1IQu9qbYUBEr7yq8zCxkWuva8+rtF4RrkP6ESxFPoj7rtW30+jI4UQlZuiejEwZ4cMg65RKjjUDz6NdwWvxw6nnLESEAl230O5cldUAdy8P44hJZTYh40DOIKzFw3QOI6hPk9aDiFHJc3nMirKERgEPd7FKKgiy5DEn3+5JsrAfHNtfjVRLucTPTaCA1rxFVz6AX8yYsIUlXoMqbPWFUeXF1Cyqz7Ej1PAXNBs1B1tsKWKpsX0yFhslTetL4mL8s4j2fyslTbjbT7Va2V7GCG5ukhftijXdsoQhGmzSI4QhHGhVufz4QJ/v6Hug6dK0EK3YuM8/3Lx5h3Z0STywe55oxRejM5Qo4aAtZ8eTBuWp6dl3IXgfnnLpyzBCFctHomnSopejLhH/3AMfEMndTJAAAAAElFTkSuQmCC);background-size:cover}.text-center{text-align:center}.expandable{transition:height,border-left .2s;border-left:.125rem solid #e5e5e5;padding-left:.5rem}.expandable.expanded{border-left-color:#0051c3}.expandable-summary-btn{border:none;background:none;cursor:pointer;padding:0;color:inherit;font:inherit}.expandable-details{display:none;padding:.5rem 0}.expanded>.expandable-details{display:block}.caret-icon{display:inline-block;transition:transform .2s;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgBAMAAACBVGfHAAAAElBMVEUAAAAwMDAxMTEyMjIwMDAxMTF+89HTAAAABXRSTlMAgF9/MMasjJIAAABTSURBVCjPzcq7DcAwDANR5TOAm/Rp0meErBAD3n8VW8DBt4JZUALxYp18vmfWUR2ed9TW7iB7K3muOsGfDRFAABKABCABSAASgAQgAUgAkhKLpwMJmwrD+BDiYwAAAABJRU5ErkJggg==);background-size:contain;width:1rem;height:1rem}.caret-icon-wrapper{position:relative;top:.1rem;margin-left:.2rem}.expanded .caret-icon{transform:rotate(180deg)}.big-button{transition-duration:.2s;transition-property:background-color,border-color,color;transition-timing-function:ease;border:.063rem solid #0051c3;border-radius:.313rem;padding:.375rem 1rem;line-height:1.313rem;font-size:.875rem}.big-button:hover{cursor:pointer}.captcha-prompt:not(.hidden){display:flex}@media (max-width: 720px){.captcha-prompt:not(.hidden){flex-wrap:wrap;justify-content:center}}.pow-button{margin:2rem 0;background-color:#0051c3;color:#fff}.pow-button:hover{border-color:#003681;background-color:#003681;color:#fff}.footer{margin:0 auto;width:100%;max-width:60rem;line-height:1.125rem;font-size:.75rem}.footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.ip-address{margin-left:2.25rem}.clearfix:after{display:table;clear:both;content:""}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (max-width: 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:initial;clear:none;text-align:center;content:none}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative;width:1.875rem;height:1.875rem}.lds-ring div{box-sizing:border-box;display:block;position:absolute;border:.3rem solid #595959;border-radius:50%;border-color:#595959 transparent transparent;width:1.875rem;height:1.875rem;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite}.lds-ring div:nth-child(1){animation-delay:-.45s}.lds-ring div:nth-child(2){animation-delay:-.3s}.lds-ring div:nth-child(3){animation-delay:-.15s}@keyframes lds-ring{0%{transform:rotate(0)}to{transform:rotate(360deg)}}@media screen and (-ms-high-contrast: active),screen and (-ms-high-contrast: none){body,.main-wrapper{display:block}}body.no-js .loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}@media (prefers-color-scheme: dark){body{background-color:#222;color:#d9d9d9}a{color:#fff}a:hover{text-decoration:underline;color:#ee730a}.lds-ring div{border-color:#999 transparent transparent}.font-red{color:#fc574a}.big-button,.pow-button{background-color:#4693ff;color:#1d1d1d}.expandable.expanded{border-left-color:#4693ff}}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{text-decoration:underline;color:#ee730a}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark .expandable.expanded{border-left-color:#4693ff}body.light{background-color:transparent;color:#313131}body.light a{color:#0051c3}body.light a:hover{text-decoration:underline;color:#ee730a}body.light .lds-ring div{border-color:#595959 transparent transparent}body.light .font-red{color:#fc574a}body.light .big-button,body.light .pow-button{border-color:#003681;background-color:#003681;color:#fff}body.light .expandable.expanded{border-left-color:#0051c3}https://www.ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonemessage_me (Category: social) https://mssg.me/loginlogin
2023-05-12 02:54:51Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H06V19Y9J57EVG1E6053DPH4 Date: <REDACTED> Content-Length: 0 34.74.170.74
2023-05-12 03:03:34Co-Hosted Site - Domain NameNoDNS Resolver2030None00ffcc.cn00ffcc.cn
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None00cybermonk00.github.io185.199.111.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx BYOD (Net ID: 00:01:21:26:54:B1)41.8781, -87.6298
2023-05-12 02:59:57Affiliate - Email AddressNoE-Mail Address Extractor0030Nonesheila.christianson@ftb.ca.gov[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=5673cc9137db&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:1480:304:WilStaging_02"\n "SM0:1480:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:1480:120:WilError_01"\n "Local\\SM0:1480:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.136:443"\n "13.227.21.58:443"\n "13.227.74.64:443"\n "185.199.108.153:443"\n "74.125.137.157:443"\n "142.250.191.68:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\edge_autofill_global_block_list.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sync data\\leveldb\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\7c516a82-27f5-4723-be57-30a8336c14b5.tmp"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\service worker\\database\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6236_1468670677\\shopping.js]- [targetUID: 00000000-00006236]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001308]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6236_1265273683\\Ruleset Data]- [targetUID: 00000000-0000623
2023-05-12 03:27:33Open TCP PortNoPulsedive0030None188.114.96.128:8080188.114.96.0/24
2023-05-12 03:24:22Web Content TypeNoWeb Spider0040Nonetext/html;charset=utf-8https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA
2023-05-12 03:10:03Affiliate - Domain NameNoDNS Resolver2050Nonenetcraft.combaffin.netcraft.com
2023-05-12 02:55:18Software UsedYesCensys0030NoneOpenBSD OpenSSH 8.9p146.101.229.70
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5c82adbc7b2323-ORD Content-Encoding: gzip 172.67.168.252
2023-05-12 02:44:49Company NameNoCompany Name Extractor4020NoneCloudflare\, Inc.C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:00:C5:DB:8B:88)37.7642, -122.3993
2023-05-12 03:32:04Open TCP PortNoPulsedive0030None188.114.97.3:8443188.114.97.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneBLINK-6985 (Net ID: 00:03:7F:A1:AE:79)33.6170672,-111.90564645297056
2023-05-12 03:23:19Open TCP PortNoPulsedive0030None188.114.96.5:8443188.114.96.0/24
2023-05-12 02:54:03Netblock MembershipNoCensys0020None172.67.128.0/20172.67.135.9
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:02:05)50.8897, 6.0563
2023-05-12 02:45:32Raw Data from RIRsNoPhishStats1020None[{u'page_text': None, u'domain': u'ecloanmoney.com', u'virus_total': u'Yes', u'n_times_seen_ip': 0, u'abuse_contact': u'abuse@ecloanmoney.com', u'ip': u'104.21.6.166', u'google_safebrowsing': u'Yes', u'threat_crowd': u'Yes', u'n_times_seen_domain': 0, u'alexa_rank_host': None, u'id': 8064681, u'city': u'', u'abuse_ch_malware': u'No', u'countrycode': u'US', u'title': u'Not Acceptable!', u'ssl_subject': None, u'technology': None, u'date_update': u'2022-01-16T13:03:33.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': 4.5, u'vulns': None, u'latitude': u'37.7510', u'regionname': u'', u'hash': u'16279a2e936344880462a47af65885b3a095b205bf036efd2e68751b3aa57f5b', u'threat_crowd_subdomain_count': 0, u'screenshot': None, u'n_times_seen_host': 0, u'ssl_issuer': None, u'domain_registered_n_days_ago': 399, u'regioncode': u'', u'host': u'ecloanmoney.com', u'date': u'2022-01-16T12:11:21.000Z', u'asn': u'AS13335', u'tags': u'cdn', u'bgp': u'104.16.0.0/12', u'url': u'https://ecloanmoney.com/dhl/card.php', u'isp': u'CLOUDFLARENET, US', u'longitude': u'-97.8220', u'ports': u'80, 443, 2086, 2087, 2096, 8080, 8443', u'countryname': u'United States', u'threat_crowd_votes': u'Suspicious', u'http_server': None, u'tld': u'com', u'os': None, u'http_code': 403}]104.21.6.166
2023-05-12 03:24:21Web ContentNoWeb Spider2040None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5a3bb81a1b')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="e35Zj8G5BDk9XldXhqgKMMl4m4jJjyX9hPpRt8lgb3o-1683861861-0-AeRvD12zRrpKT1Vj_NZpuXTYPY0T_C-IsEnAR9u2dCvcdsLy9Sv3iw7wV_fgwkqNl3iHxdj5qFwNZJL3xkB-iwW9vjUdMNxMyhnqv8JlscfNtie9SAcppGbOk7uCBiZIQLa1SBVNw6UUv-_a_FXFD2296FJ4KrNIS6arC6VFPDD30uM_354WVFgyW4mKtrSpYK5InwieJ1Vkv6ZxoCDhBRMhNxgPpigNP0QmWXw8y1_k8lflCwo_Q9K8uZ_qtQFf0Gfd14ZLuORqP0m48rgXZsNXk2d82Mm2SMemmjVviG7PuPUL1CbnB3WfSK2OQGeY4U-Gy7kSdq7i3_ymV00fkl4RBJdkPDOtsR2eeN44cG0QzvhUzJu9a18Wx-JBgeMkCDDp2c6FvebNEOQydvCZrys93XZSGdta0GBiBfCz0DM6AFXJXoguOORHg7MOd62eoxeeua6hY1HFOifFbgHz4R4_F4geEyT8xPiS9kLqmv-8Tv9wFT23J38aRv3VS8KGL7JX_pO7KJv7qjQiIN2XDIN1kP01EuKi5fpoFbmvumK_aQpspEPJd-oYkv6g3z8upJ_i8gMQOJzdPMV462qdkEt72KoSPvIxKpy4bKNXJwJjWy3MhsDm6o8-oFAI7dOznlN5m1idwbZgvsnclXbdkqJhXPQYzxjKdzlT7hyQKmtmMash-U3aTKSIpDEKkTstu-cs5rTf__9DuNB2pVPrKXIFuY7EwlrjB6j_0UJKavfBfT6h3NsKR3qKMg-rGVo2RSQdsEOud7Hh5F0cMs0nCAAWGTq86XwfC81O29W1K2i6OalWYJiW61x1Nv_qs72KoX0_Mpn3amoMA5KS1vGI6mPUPMiOwHSI0cRgqEERjtVjkE3-TwMesGkKvz-Aw2gGE9OL21frfN9JEzkR172OTICxrUfc7caDwzr9D9_NePtArl9cLDKFHEvxIxzgioPuODDLvyAfvi0dPWiWhMq7WkvCuoWovUiUA253wYEf7M9x4gD8lnc3kaUCBX9tFmIajIXhsaHhaKh_ysHvt7SDv4HQuHFmdW_PTHj46eP5odywpuZGDTSuWK7SWH7u71n7C_Ae4KUmVvgKAwroZ_dlv8I2ROpq-QoxjIwoWtmm2DsGljOITbn0msRXnKPyZMK8B7bxqx0Tk0lwfAxw5qFIfx9cKTkyEKNgMaJHKVRsdCxtQMpTYYbYCTs7ecYaFA-cfa8pDUJO-vS3eg6mjgEiRw-8bm1dPWtPUv2T1GYeSsTkWX7p26b8BfAn4XpyF65-516ZnQxFqk_LYA1aiczQzQWdLb1NuFpyAlTJVRij048j5uSY5WFvTrmsh7xjoZ2Z46DkwHtY4crfRZm3SD6Mg_03vOiI68rC6vzz6BqdsamaXqvoFcnUbGnDDjkCNPCk0I7LyG6AFbm_EwgFVB9gZOJPVWeWKxdCcEWIQQOyO_AqVnN-wyzH0S5fWbIjXusPp_qMzz38MsJyGlFbc7GOuh6S4SdpuQewqWPsqFDGHPGtQUEKXIDpP7weMLUYzqItqb4vPv3n4sxn1GsE-qNs3lpwxVrc1SL_ssnb3-_jfGgVSpkOmJliBGGmoH-AatJn35K3t_jno9HyCYJLmz1rZkbI33XoOACdRBNvladuDXSHE4m8J_n-NLMdDcqru4xU65kcr9OibRXR4hHHwc3rYYFV9kMj9KFuctQB10AWFL0_n3yW8Zlh4cik5rYLuGKboFr2i4pY9ykLSq7sms7Qe3oXXbRcmeWxKtL0NlB6gk_PWz-AAqtF3sr5sdva-7sRfyfrgrQxpiH5_wMb5DPqczx1O37xCMTLyF6YhMXn4ABmLQ-mt-EMWYX-tkGM85skgM2leXXJlv6HTAp-riDNoZ3OMVT4KeKIc6AIi8pOLxrJ9jD5oVgtqxZff2ZqlinhLXHPSVtkPU-H6FAHinPrzSf3uH_Q3H0UuvzybBwb61Kz9xfOtHBkP2nWMCU86xpSbO4c6VIi3roOnQLOncMey4LehldRzG60kvAcLOIIzsotkC6A0TzBdXW6h8WnOc98kvqVlyyluYDZoGL2sgBQP5iT8LeZ1GiKa6nuzXWAIZArCXDfvtsaNftRUiJODl-iLsalLmXB287qXlXnC-Sqn-VkYBIG1c0SYjAXzvc-MH1JJfTmtb7X2x-mXdkkqwoy16YRiEGxdDA84vt_3-1PJIVkwQFdJL01areTvrgmeIqm94L-DFciyanQyUBPitgHcxMUsm51YpB6KDWM18BLL4ehHRO7XO7TX_IIKdZiHbwQcPJ8FX04IKxS2S5Y3q_h8S65tynRA7TtY9YDIyDgHWfsgLSoL1L6GRBWm_cX_GqkdNtINyYbvrEjvcbcBhRdYEvzv7ySe_t5eEL9DPxXMRgGUTSk5GXudJNBbnpRMcYsT7qBIns8TOaWZIAFXnDbumx2Yzf2QUY6Xnq_tYLe1hwa_1BstafWXYwwQNC50mTlgJK1S5YWtg1SKoybbC9x5fcZ1N-_oCRgLtaxFqIZMUnOoV0u2hpdcXGPpNrOH3SR"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '70037', cRay: '7c5f8c5a3bb81a1b', cHash: '1cbb584e4678a4a', cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'QLdIKmVk90yEleUYFE8hq2th+l+jM4Uner6m/PqgQtgOm/j9Wu0B6Nwve/VIS31m9W0lb1V8I9RlPI3LD6ZpGikA+cl1xSe9juPQwbg/Khf2e9vfPpLKN0X7UvbusnivZuKA6TGjro8M7MljUWp3taWc0NTFEoxbvZYXtf23gnOsGXD0P3fio4y3xX1t0tyqoIYWkX6yVqHvCXS1I5Mc00CNY00FBcI/7efFMNVH6yXhbtO4DyojjSzFMA05WgLv1NMq/SwjeKgTF2UQjV1ScyP6xlwF4X/SOwW0/jc9ATHtwcZox/DXcQhTbYvzRGwtclm7F8sB4NPhEbop1gXy97S6V5xE84j90At9GihMuWgC3j9pOQviCNo3sewEE1wcCPBex3qLyb9lbO0GI3TZ/lO3ce3eYjSncgsTFzLP72SeeH7Cmkp5RZNQKUNY6KsNqv0SoqAADgpekKlGL1tqVOG6O7u3V3DisK9MR45AkotpTXq8Qr9XZQjfqaCO5Yfbn8lV1zfjI7l05/9wUrB6DYoT7pc7b3AgDm+BZdc44QE9FZKV/xPKQptYvP3Z+ZLT', t: 'MTY4Mzg2MTg2MS40NzgwMDA=', m: 'l9x6fYD43AkOSli+eEX3TiMPXRiBndCq0G/Dpt1PKp4=', i1: 'nuJed/J938+IZsnq9K0k2g==', i2: 'LCpeQRd016F0btwfkm2M8w==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5a3bb81a1b'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5a3bb81a1b'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA
2023-05-12 02:44:15IPv6 AddressNoDNS Resolver0030None2606:4700:3030::ac43:a8fcfluid.battleb0t.xyz
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.116): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.191): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/jcqn.jpghttps://funny.battleb0t.xyz/
2023-05-12 03:03:36Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00nave198.github.io
2023-05-12 03:09:27Co-Hosted SiteNoSSL Certificate Analyzer0020Nonecdnjs.cloudflare.com188.114.97.1
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:00:0B:63:00:0B)41.8781, -87.6298
2023-05-12 02:54:07Physical LocationNoCensys1020NoneRosemont, Illinois, 60018, United States, North America2606:4700:3031::ac43:8709
2023-05-12 03:00:30Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha1-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2095104.21.6.166
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneCross-platform softwarebattleb0t.github.io
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom92EE90 (Net ID: 00:0C:F6:92:EE:90)50.8897, 6.0563
2023-05-12 03:16:31Raw Data from RIRsNoipapi.co0030None{u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'207.154.228.169', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'207.154.224.0/20', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'}207.154.228.169
2023-05-12 03:09:54Open TCP PortNoPulsedive0030None185.199.108.133:443185.199.108.0/24
2023-05-12 03:42:54Affiliate - Domain WhoisNoWhois0060None% Restricted rights. % % Terms and Conditions of Use % % The above data may only be used within the scope of technical or % administrative necessities of Internet operation or to remedy legal % problems. % The use for other purposes, in particular for advertising, is not permitted. % % The DENIC whois service on port 43 doesn't disclose any information concerning % the domain holder, general request and abuse contact. % This information can be obtained through use of our web-based whois service % available at the DENIC website: % http://www.denic.de/en/domains/whois-service/web-whois.html % % Domain: tjdev.de Nserver: ns1.kramer-dns.de Nserver: ns2.kramer-dns.de Nserver: ns3.kramer-dns.de Status: connect Changed: 2023-02-25T19:39:25+01:00 tjdev.de
2023-05-12 02:45:57Physical LocationNoMetaDefender0020NoneSan Francisco, United States172.67.135.9
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00indahouse.github.io] https://www.openphish.com/feed.txt00indahouse.github.io
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:8443188.114.96.1
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMainSurf (Net ID: 00:02:2D:67:EF:5F)50.1188, 8.6843
2023-05-12 03:03:31Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007-liang.github.io
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Noneeminent926 (Net ID: 00:14:5C:86:C4:D6)50.8897, 6.0563
2023-05-12 02:44:32SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:33:43 2023 GMT Not After : Apr 14 17:33:42 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96: e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57: f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f: 0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a: 5c:c8:f0:96:d7 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 14 18:33:43.335 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:F2:1C:95:AC:AF:08:7C:44:9A:42:32: 2C:2F:8A:04:A1:13:F3:46:FA:9D:26:CA:C9:98:C2:1D: 74:69:E4:86:1B:02:21:00:B6:39:78:67:7F:13:7F:74: 50:2A:AE:F8:F3:CD:06:25:FB:E7:4F:A7:FE:B7:C5:D8: 77:35:DE:26:00:5A:58:41 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 14 18:33:43.326 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:98:54:50:30:B1:AC:EB:16:2E:CF:2C: E2:5C:6F:49:73:2D:91:13:E2:7A:C0:23:16:9D:9E:E9: 34:9D:A8:4E:A2:02:21:00:E3:DA:6F:CF:C9:A3:6F:47: 24:1E:42:4E:CB:2C:6D:AC:F1:F2:5C:4B:15:0B:90:2E: FE:19:52:BD:26:73:E2:1D Signature Algorithm: sha256WithRSAEncryption 2f:9e:31:fd:c7:7d:47:cd:fd:01:35:76:75:af:bd:65:15:84: 23:f2:b5:a5:8c:aa:3b:d4:46:ab:0f:e0:6d:fb:3d:ad:16:bd: 71:fe:51:be:c7:6a:78:ea:91:90:3b:63:30:ca:95:ff:ee:9d: 47:eb:f2:5f:85:42:d9:44:d3:72:73:10:be:c7:a2:44:25:dc: 30:6d:25:07:16:5b:55:37:2d:53:15:d4:54:6f:02:56:82:ca: 95:f2:b0:da:05:fe:09:30:21:c9:bf:23:af:eb:66:9c:3c:46: c8:ed:d9:23:0c:31:c4:20:44:6b:a8:53:fc:12:a1:6a:08:26: 66:47:c9:ad:7e:d3:29:01:28:72:f6:e7:00:31:5c:a0:b4:5c: 64:09:26:8a:da:16:e9:1a:8b:b1:d1:3c:b2:df:e5:77:f4:c3: a8:4f:d0:1f:26:99:a7:10:8e:7f:65:a5:5e:cc:0b:70:42:ad: cf:7c:e0:c3:b5:7f:91:07:d9:1f:ba:ef:57:c4:d1:91:9e:a3: 40:93:8d:12:a1:08:bc:b5:cb:35:70:ad:45:f9:4b:fb:c8:74: 0b:37:9e:08:b9:59:0e:0e:55:98:c2:7b:c5:55:28:93:52:3c: ca:41:c2:5e:52:c3:32:1b:c4:d5:a9:18:45:1e:58:3a:fc:ed: c0:69:88:aa battleb0t.xyz
2023-05-12 02:57:22Internet NameNoCertificate Transparency0010Nonevscode.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.44): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None104.21.71.14oldfluid.battleb0t.xyz
2023-05-12 02:46:54Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:50:47 2023 GMT Not After : Jun 11 12:50:46 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a: 3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a: 0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64: 46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17: 93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe: 36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc: 48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59: 03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74: fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53: 3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70: ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59: b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42: ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79: b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b: 32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54: 41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd: 32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4: 25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10: 3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7: 49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62: f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6: 4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5: 97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c: 11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48: bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a: 86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb: 35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5: f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1: 59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee: ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97: a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7: 5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c: 9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f: a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92: a6:63:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3a:9c:49:d5:78:f8:ac:5a:ba:61:60:6a:4f:18:04:e8:71:47: 69:62:76:f2:cc:e1:7a:77:c4:76:2d:14:ad:8a:51:f0:c8:e8: f9:38:53:48:90:b9:69:2e:c4:f1:18:37:86:86:25:90:2d:e5: dd:87:c3:e4:30:76:38:c5:2d:b9:29:35:8f:95:4f:0a:47:25: 94:fe:7d:19:c2:82:cf:f4:d6:6f:2b:05:f9:ef:21:99:a0:d9: 36:83:ad:ba:2a:71:8c:ce:04:55:e9:a3:ae:0f:98:dd:33:3e: 45:9e:26:1e:62:2f:e5:b0:c1:a2:6e:6b:64:03:05:91:c5:ca: 50:6d:e8:c1:41:d8:07:0e:25:58:e8:76:72:9e:b3:02:79:6d: 1c:be:17:b1:a7:32:cd:3e:e0:3c:2c:87:d6:3f:c4:48:c0:a3: 08:59:a0:4e:0f:07:7f:61:15:d7:87:60:df:16:46:c9:31:1c: 35:61:49:d1:30:f6:df:8b:a1:f3:b4:55:7d:23:f2:7e:02:d1: 77:34:24:b1:27:08:2c:2f:5f:8e:75:03:e6:17:9c:33:bc:f3: b6:45:1b:5b:14:7b:ab:6c:5f:cc:d8:bb:78:b2:59:03:74:72: 01:65:2e:6e:c2:e6:b0:7e:32:e9:3b:23:f0:2f:a8:b0:4a:66: 8f:c0:d5:69
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None0047ol.github.io185.199.111.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneTSMD 2.4 (Net ID: 00:02:6F:FD:8B:6E)33.336199,-111.89446440830702
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneGP (Net ID: 00:01:24:F1:7F:54)37.7813933,-122.3918002
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneGalatasaray (Net ID: 00:02:CF:E2:4D:A2)40.2024, 29.0398
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneHeylink (Category: misc) https://heylink.me/ayhu/ayhu
2023-05-12 03:32:11Open TCP PortNoPulsedive0030None188.114.97.6:8443188.114.97.0/24
2023-05-12 02:45:36Affiliate - Internet NameNoDNS Raw Records0020Nonefrabjous-lebkuchen-324004.netlify.appfunny.battleb0t.xyz
2023-05-12 02:54:19Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8fluid.battleb0t.xyz
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.235): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:2E:39:B8)34.0544, -118.244
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.252): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.131): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.76): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom (Net ID: 00:0C:F6:34:4B:10)50.8897, 6.0563
2023-05-12 02:54:12Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 33, u'threat_score': 50, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://yeulpay.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5576:304:WilStaging_02"\n "Local\\SM0:5576:120:WilError_01"\n "SM0:5576:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5812:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:49730"\n "68.142.107.4:49733"\n "142.250.191.74:49734"\n "142.251.46.227:49735"\n "142.250.189.232:49736"\n "142.250.191.78:49744"\n "185.199.108.153:49747"\n "23.55.103.80:49749"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.yeulpay.com"\n "yeulpay.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsyeulpay.com" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00005812]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\json\\i18n-shared-components\\zh-Hant\\strings.json]- [targetUID: 00000000-00005812]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00005812]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "PNG image data 1024 x 643 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp]- [targetUID: 00000000-00005812]\n "b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp]- [targetUID: 00000000-00005812]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00005812]\n "4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp]- [targetUID: 00000000-00005812]\n "f_000243" has type "PNG image data 4000 x 2880 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp]- [targetUID: 00000000-00001448]\n "f_00023d" has type "PNG image data 600 x 403 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp]- [targetUID: 00000000-00005812]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00005812]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00005812]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\111.0.1661.54\\WidevineCdm\\manifest.json]- [targetUID: 00000000-00005812]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00005812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"wallet-drawer.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "tokenized-card.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Tokenized-Card\\tokenized-card.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "edge_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "shopping_iframe_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\shopping_iframe_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "notification.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Notification\\notification.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "vendor.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]'}, {u'category': u'Environment Awareness', u'origin': u'API Call', u'identifier': u'api-169', u'name': u'Tries to access recent files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.TEMP"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.temp"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms~RF12dcbc.TMP"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://yeulpay.com/"\n Pattern match: "https://www.googletagmanager.com/gtag/js?id=G-4HDJ19RJFF"\n Pattern match: "https://yeulpay.com"\n Pattern match: "www.yeulpay.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Heuristic match: "yeulpay.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://yeulpay.com,supports_spdy:true},{alternative_servic185.199.109.153
2023-05-12 02:55:36Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://bouncefitness.precisiongroup.com.au/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base e6440000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base e4ee0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\IMM32.DLL" at base e5c90000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base e4ee0000\n "msedge.exe" loaded module "C:\\WINDOWS\\TEMP\\VXOLE64.DLL" at base d79d0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base e2950000\n "msedge.exe" loaded module "COMBASE.DLL" at base e5890000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base cbc50000\n "msedge.exe" loaded module "NTDLL.DLL" at base e7fc0000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base e57e0000\n "msedge.exe" loaded module "SHELL32.DLL" at base e64f0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base e6440000'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.166:443"\n "142.250.191.67:443"\n "142.251.214.138:443"\n "192.0.77.48:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6648:120:WilError_01"\n "Local\\SM0:7476:304:WilStaging_02"\n "SM0:7476:120:WilError_01"\n "Local\\SM0:7476:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:6648:120:WilError_01"\n "SM0:6648:304:WilStaging_02"\n "Local\\SM0:6648:304:WilStaging_02"\n "Local\\SM0:6648:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6648:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6648:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6648:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"\n "s.w.org"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Session Storage\\000003.log]- [targetUID: 00000000-00006648]\n "4f425c3f3dfe5186_0" has type "data"- [targetUID: N/A]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\crl-set]- [targetUID: 00000000-00006648]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006648]\n "f_00023e" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00006052]\n "f_000243" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 7344x4896 components 3"- [targetUID: N/A]\n "f_00023d" has type "Web Open Font Format (Version 2) TrueType length 30928 version 1.0"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00006052]\n "8b46efee-46c4-4b8c-8098-94cddde924df.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\manifest.json]- [targetUID: 00000000-00006648]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\6648_221812043\\_metadata\\verified_contents.json]- [targetUID: 00000000-00006648]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006648]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006648]\n "Tabs_13321943281147618" has type "data"- [targetUID: N/A]\n "00a31e27ed9e467d_0" has type "data"- [targetUID: N/A]\n "65445c8f0619d12d_0" has type "data"- [targetUID: N/A]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\manifest.json]- [targetUID: 00000000-00006648]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00006648]\n "25e25f713af3e351_0" has type "data"- [targetUID: N/A]\n "ed6a3a53-c5b6-484b-8bb5-d2ee85f07349.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ed6a3a53-c5b6-484b-8bb5-d2ee85f07349.tmp]- [targetUID: 00000000-00006648]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://bouncefitness.precisiongroup.com.au/"\n Pattern match: "https://bouncefitness.precisiongroup.com.au"\n Heuristic match: "bouncefitness.precisiongroup.com.au"\n Heuristic match: "s.w.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/90 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'63fc26ad86a713231f0ec51d', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'suspicious_identifiers': [], u'attck_id': u'T1129', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Shared Modules', u'informative_identifiers': [], u'tactic': u'Execution', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u104.21.6.166
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBiggerPockets (Category: finance) https://www.biggerpockets.com/users/loginlogin
2023-05-12 02:54:19Linked URL - InternalNoWeb Spider4030Nonehttps://fluid.battleb0t.xyz/./script.jshttps://fluid.battleb0t.xyz/
2023-05-12 02:53:14Raw Data from RIRsNoHybrid Analysis2020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://goo.gl/uqaWYa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1736"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6c8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6c8_ConnHashTable<1736>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"74.208.236.106:80"\n "74.208.236.106:443"\n "172.217.12.106:443"\n "104.18.10.207:443"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.251.214.131:443"\n "142.250.189.206:443"\n "142.251.214.130:443"\n "142.251.46.230:443"\n "142.251.46.170:443"\n "52.155.62.95:443"\n "172.217.12.118:443"\n "172.217.12.97:443"\n "142.250.189.238:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"chrisfixed.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "chrisfixed.com"\n "fe0.google.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "goo.gl"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "play.google.com"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "static.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "trenta.media"\n "www.chris-fix.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "VISITOR_INFO1_LIVEziB5upP7Wiwyoutube.com/214749286534253099523106746390550359831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "5O0LJ4LH.txt")\n Found string "VISITOR_INFO1_LIVEDU_B5bFhQnkyoutube.com/214749286534253099523106746390472234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "DQKYX181.txt")\n Found string "VISITOR_INFO1_LIVEi1ZA35yJPt8youtube.com/214749286534253099523106746390597234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7JFMJ9XY.txt")\n Found string "VISITOR_INFO1_LIVE-bsB1yN3wW0youtube.com/214749286534253099523106746390784734831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7E6JY8J0.txt")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "function bz(a,b){var c=this;return b}bz.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),cz=["www.youtube.com","www.youtube-nocookie.com"],dz,ez=!1;" (Indicator: "dir "; File: "js_2_.js")\n Found string "www.youtube.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")\n file/memory contains long string with (Indicator: "dir "; File: "base_1_.js")\n Found string "{Bo:"r",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("gam_native_web_video")?{Bo:"n",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("admob_interstitial_video")?{Bo:"int",Do:Eo()}:{Bo:"j",Do:null}};" (Indicator: "dir "; File: "base_1_.js")\n Found string "By=function(a){a=g.Si(a);a=null!==a?a.split(".").reverse():null;return null===a?!1:"com"==a[0]&&a[1].match(/^youtube(?:kids|-nocookie)?$/)?!0:!1};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Uy=function(a,b,c,d,e){Sy||Ty.set(""+a,b,{IG:c,path:"/",domain:void 0===d?"youtube.com":d,W8:void 0===e?!1:e})};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Wy=function(a,b,c){Sy||Ty.remove(""+a,void 0===b?"/":b,void 0===c?"youtube.com":c)};" (Indicator: "dir "; File: "base_1_.js")\n Found string "sna=function(){this.j=g.hy("ALT_PREF_COOKIE_NAME","PREF");this.u=g.hy("ALT_PREF_COOKIE_DOMAIN","youtube.com");var a=g.Vy(this.j);a&&this.parse(a)};" (Indicator: "dir "; File: "base_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"insta-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "twitter-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "fb-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "sddefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "sddefault_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "yt-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "unnamed_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 Exif Standard: [TIFF image data little-endian direntries=1 software=Google] baseline precision 8 68x68 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'infor185.199.109.153
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.153): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomC3D648 (Net ID: 00:0C:F6:C3:D6:48)50.8897, 6.0563
2023-05-12 03:24:30Affiliate - Company NameNoCompany Name Extractor0070NoneNAMECHEAP INC Domain Name: NETCRAFT.COM Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-12-07T10:43:50Z Creation Date: 1994-10-18T04:00:00Z Registry Expiry Date: 2026-10-17T04:00:00Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: AUTHNS1.NETCRAFT.COM Name Server: AUTHNS2.NETCRAFT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: netcraft.com Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2020-09-21T12:40:37.88Z Creation Date: 1994-10-18T04:00:00.00Z Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Name Server: authns1.netcraft.com Name Server: authns2.netcraft.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonetyphoon (Net ID: 00:14:C1:39:FA:69)40.2024, 29.0398
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonehelena (Net ID: 00:06:25:90:14:E1)33.336199,-111.89446440830702
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5bc4bf4f0229c3-ORD Content-Encoding: gzip 188.114.97.1
2023-05-12 02:59:09SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 17:51:43 2022 GMT Not After : Mar 13 17:51:42 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e: d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22: e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c: dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65: eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87: 63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79: 63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96: 79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c: 81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f: c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9: e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e: 7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8: 77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13: b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9: 37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1: b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa: 98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71: 67:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 18:51:43.785 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:E2:3A:9E:51:10:7B:4C:32:13:F1:5A: 6A:72:5F:B6:48:D3:B8:D4:7D:48:A2:D1:1B:9F:EB:E7: 11:FF:38:46:00:02:21:00:D3:77:1A:17:F1:84:6D:6C: D3:83:45:FF:8A:32:05:10:85:83:2B:14:0A:F5:20:00: 0A:C7:41:FB:1B:F5:B4:74 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 13 18:51:43.756 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:A6:36:07:C7:E6:2A:25:82:42:12:4D: 3F:F8:74:7A:85:A6:64:36:C2:59:78:48:20:18:36:E7: 26:72:A3:D3:2A:02:21:00:CE:BD:F6:83:26:75:28:EF: BF:A1:B5:32:8B:FB:88:31:3E:85:D6:30:F1:F3:D4:9D: 92:CD:06:30:FD:39:59:E8 Signature Algorithm: sha256WithRSAEncryption a9:06:04:95:e2:ce:64:b2:f3:1c:fd:0a:94:52:d2:fb:cc:c9: bb:ab:0e:16:c4:1c:35:3d:b4:77:7c:ef:d6:ce:15:8a:5b:9e: 15:7d:14:b0:74:3a:46:24:d1:6f:34:39:94:aa:e4:7f:b3:c9: dd:04:77:c5:ed:88:f9:56:f6:b2:da:16:f2:de:95:4d:ae:cc: c8:8f:2c:fe:b6:1f:27:28:b2:fe:3a:41:41:5e:a9:6f:ac:34: 59:b2:f1:77:96:18:6e:7d:12:a0:7b:52:1d:2d:59:87:c8:35: 17:48:37:92:0d:56:c5:76:a2:4a:4c:44:69:ac:a7:c0:72:d3: f1:3c:5f:67:11:8b:f4:4a:b6:30:14:01:f3:f3:67:9a:5c:2e: 68:09:32:e8:4e:f1:3c:d1:09:b1:a6:43:2f:3e:bb:09:66:13: cc:5d:ab:f8:25:f6:78:95:33:b3:b2:17:2b:15:e6:77:00:0d: a1:3e:62:fc:76:b4:f3:f1:09:99:3e:08:aa:64:da:d8:5e:3a: 0f:1e:07:1c:09:b4:d2:9f:70:f7:12:f8:0a:19:e8:db:b1:ab: d6:b6:c1:9f:ab:18:be:a8:46:0e:6f:9c:06:b3:0d:0a:44:0f: f9:65:04:25:ce:38:c1:7b:7d:87:a9:b5:0f:1d:54:1a:8b:7d: b8:c2:59:33 ayhu.xyz
2023-05-12 03:09:30Co-Hosted Site - Domain NameNoDNS Resolver2030Noneply.ggply.gg
2023-05-12 03:28:39Open TCP PortNoPulsedive0030None188.114.96.160:8080188.114.96.0/24
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneStreamLabs (Category: finance) https://streamlabs.com/Altpapier/tipAltpapier
2023-05-12 03:23:35Open TCP PortNoPulsedive0030None188.114.96.13:8080188.114.96.0/24
2023-05-12 03:32:23Open TCP PortNoPulsedive0030None188.114.97.12:8443188.114.97.0/24
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneBandlab (Category: music) https://www.bandlab.com/ayshooayshoo
2023-05-12 03:16:28Physical LocationNoipapi.co0030NoneFrankfurt am Main, Hesse, HE, Germany, DE165.232.113.85
2023-05-12 03:04:14Malicious AffiliateYesabuse.ch0130Noneabuse.ch URLhaus (Domain) [cdn-185-199-111-153.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-111-153.github.com
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007us.github.io185.199.111.153
2023-05-12 02:57:13Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 65, u'compromised_hosts': [u'34.196.254.27', u'34.196.254.27'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://www.finops.org/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.finops.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_992"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_IE_EarlyTabStart_0xfe4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_ConnHashTable<992>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_3e0_ConnHashTable<992>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_3e0_IESQMMUTEX_0_519"\n "IsoScope_3e0_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_992"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.196.254.27:80"\n "34.196.254.27:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1485.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1484.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00000992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000604]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._54909F69-387D-11ED-9389-080027B1E0B5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000992]\n "EPBU3KIU.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\EPBU3KIU.txt]- [targetUID: 00000000-00000604]\n "~DF0A8636DE63BD2D47.TMP" has type "data"- Location: [%TEMP%\\~DF0A8636DE63BD2D47.TMP]- [targetUID: 00000000-00000992]\n "GCFEQE6O.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GCFEQE6O.txt]- [targetUID: 00000000-00000992]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00000604]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "Cab1484.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab1484.tmp]- [targetUID: 00000000-00000604]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00000604]\n "~DF8765436AF976415F.TMP" has type "data"- Location: [%TEMP%\\~DF8765436AF976415F.TMP]- [targetUID: 00000000-00000992]\n "Tar1485.tmp" has type "data"- Location: [%TEMP%\\Tar1485.tmp]- [targetUID: 00000000-00000604]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00000992]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.finops.org/"\n Pattern match: "http://www.finops.org"\n Pattern match: "www.finops.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/92 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.196.254.27": ...\n\n URL: https://nauvesneper1987.netlify.app/ (AV positives: 3/88 scanned on 09/20/2022 02:10:15)\n URL: http://keen-kitsune-bbdc6c.netlify.app/ (AV positives: 5/88 scanned on 09/20/2022 01:48:45)\n URL: http://spincats-mint.xyz/ (AV positives: 1/88 scanned on 09/20/2022 01:39:48)\n URL: http://guileless-piroshki-66ded8.netlify.app/ (AV positives: 8/89 scanned on 09/20/2022 01:00:01)\n URL: http://candid-moxie-ca3d19.netlify.app/ (AV positives: 6/89 scanned on 09/20/2022 00:18:36)\n File SHA256: 78552f5436b9bf8f079510592f7d61c991abc31f687db116c76cda7b3d1de8dd (AV positives: 3/74 scanned on 09/16/2022 23:21:30)\n File SHA256: 8a18b93b6700b5d9608bdab276c73e2ad97d2d7db16de798d4f35bf99e1feb8b (AV positives: 10/75 scanned on 09/16/2022 23:59:21)\n File SHA256: 9855d6610d262f5c5ac33a4824ce6d6aff9434181e2925d2e8502f55e0f4ccc2 (AV positives: 9/75 scanned on 09/13/2022 23:52:30)\n File SHA256: 6fbdf58ac0a20649648d8b3f171ad22b5a0f75015f17f61cd9b7097a86841671 (AV positives: 22/75 scanned on 09/10/2022 23:18:07)\n File SHA256: 10eb6a8b65dc19a76287d777aa59dd82975f4af0a30f3493a4c67e21c064d0ad (AV positives: 19/75 scanned on 09/08/2022 20:19:43)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-33', u'name': u'Malicious artifacts seen in the context of the input URL', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 7, u'description': u'Found malicious artifacts related to the input domain "http://www.finops.org" (IP: 34.196.254.27): ...\n\n URL: https://nauvesneper1987.netlify.app/ (AV positives: 3/88 scanned on 09/20/2022 02:10:15)\n URL: http://keen-kitsune-bbdc6c.netlify.app/ (AV positives: 5/88 scanned on 09/20/2022 01:48:45)\n URL: http://spinca35.229.48.116
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None" (Cloaked) (Net ID: 00:01:36:59:CB:CF)37.780462,-122.390564
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2082172.67.135.9
2023-05-12 02:56:21SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 09:cc:cb:40:35:8f:10:16:7b:c7:37:cb:94:7e:31:1a Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 Validity Not Before: Mar 23 00:00:00 2023 GMT Not After : Mar 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:c7:e0:ee:e2:73:a9:c6:66:6e:30:ed:fc:ae:52: d4:ca:18:2f:13:3b:72:ab:38:92:54:46:c1:4d:8e: 47:44:3c:fd:42:6f:de:16:4a:26:42:38:ad:e6:91: f4:0b:0b:51:3f:e6:50:3a:4c:ca:ea:9e:3d:ae:a2: 1a:21:17:88:b9 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F X509v3 Subject Key Identifier: ED:98:C9:DB:21:9F:40:A3:B3:0F:A1:47:F2:8D:C0:DD:DA:EB:C7:D1 X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz, DNS:sni.cloudflaressl.com X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl Full Name: URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt X509v3 Basic Constraints: critical CA:FALSE CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA256 30:46:02:21:00:f0:9f:8d:f6:d4:d5:c9:85:3d:e1:3b:e8:89: 39:bb:cd:62:6f:8c:ee:3f:e9:ac:78:6c:9b:85:17:ee:a9:64: 05:02:21:00:e4:53:28:da:31:66:f2:dc:34:6e:1b:42:2d:d7: 79:d3:ee:4b:3d:8a:1c:37:ce:37:5d:dc:4f:bf:b9:94:32:b3 battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet92D6 (Net ID: 00:01:36:5B:92:D4)34.0544, -118.244
2023-05-12 02:44:14IPv6 AddressNoDNS Resolver15010None2606:50c0:8002::153battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None2WIRE514 (Net ID: 00:02:2D:8C:DC:7C)34.0544, -118.244
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneFlickr (Category: images) https://www.flickr.com/photos/login/login
2023-05-12 03:17:44Account on External SiteNoAccount Finder0010NoneReddit (Category: social) https://www.reddit.com/user/_BattleB0t__BattleB0t_
2023-05-12 03:09:31Co-Hosted Site - Domain NameNoDNS Resolver2030Nonescoop.shscoop.sh
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.232): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:00Malicious IP on Same SubnetYesCINS Army List0040Nonecinsscore.com [207.154.224.0/20] http://cinsscore.com/list/ci-badguys.txt207.154.224.0/20
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget2020None0-ye.github.io185.199.111.153
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007hyno.github.io] https://www.openphish.com/feed.txt007hyno.github.io
2023-05-12 02:45:26Physical LocationNoipapi.co0030NoneToronto, Ontario, ON, Canada, CA104.21.71.14
2023-05-12 03:32:11Open TCP PortNoPulsedive0030None188.114.97.6:8080188.114.97.0/24
2023-05-12 03:19:22Open TCP PortNoPulsedive0030None185.199.109.153:80185.199.109.0/24
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2053188.114.97.1
2023-05-12 02:58:11Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.148.97.127', u'172.67.191.224'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://earnest-meringue-443870.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarDD5A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "172.67.191.224:80"\n "34.236.97.106:443"\n "142.250.72.168:443"\n "35.190.72.161:443"\n "142.250.217.131:80"\n "104.18.156.225:443"\n "35.190.36.172:443"\n "142.250.189.14:80"\n "192.124.249.24:80"\n "35.190.13.203:443"\n "192.124.249.41:80"\n "142.250.188.238:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb4_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bb4_IESQMMUTEX_0_303"\n "IsoScope_bb4_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_bb4_ConnHashTable<2996>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bb4_IE_EarlyTabStart_0xd98_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2996"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2996"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ml-trk.com"\n "ocsp.pki.goog"\n "crls.pki.goog"\n "crl.pki.goog"\n "ocsp.godaddy.com"\n "crl.godaddy.com"\n "aux.fqtag.com"\n "cdn.fqtag.com"\n "flx808.lporirxe.com"\n "fqtag.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabDD18.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "CabDD59.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "5GYBJR85.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5GYBJR85.txt]- [targetUID: 00000000-00003196]\n "ncvp_1_.js" has type "data"- [targetUID: N/A]\n "regular_1_.png" has type "PNG image data 70 x 70 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3538626A1FCCCA43C7E18F220BDD9B02" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\3538626A1FCCCA43C7E18F220BDD9B02]- [targetUID: 00000000-00003196]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003196]\n "jquery.autoComplete_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003196]\n "B46PLW8Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B46PLW8Z.txt]- [targetUID: 00000000-00003196]\n "70DAE932E3BCB3C00656A27B544BA9CA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\70DAE932E3BCB3C00656A27B544BA9CA]- [targetUID: 00000000-00003196]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003196]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00002996]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00002996]\n "logo_3_.png" has type "PNG image data 647 x 80 8-bit/color RGBA interlaced"- [targetUID: N/A]\n "CabDD18.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabDD18.tmp]- [targetUID: 00000000-00003196]\n "CabDD59.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabDD59.tmp]- [targetUID: 00000000-00003196]\n "EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D]- [targetUID: 00000000-00003196]\n "67F6625BC22310D5C99DDE12020DBD90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\67F6625BC22310D5C99DDE12020DBD90]- [targetUID: 00000000-00003196]\n "TarDD5A.tmp" has type "data"- Location: [%TEMP%\\TarDD5A.tmp]- [targetUID: 00000000-00003196]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"crl.godaddy.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-20', u'name': u'HTTP request contains Base64 encoded artifacts', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1132/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1132.001', u'relevance': 7, u'threat_level': 0, u'type': 7, u'description': u'"i$Cj&){akj-{%"\n "P`<1"\n "_|~wmmm|w;"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://earnest-meringue-443870.netlify.app/"- [Source: Input]\n Pattern match: "https://earnest-meringue-443870.netlify.app"- [Source: Input]\n Heuristic match: "ml-trk.com"- [Source: PCAP]\n Heuristic match: "ocsp.godaddy.com"- [Source: PCAP]\n Heuristic match: "GET //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.godaddy.com"- [Source: PCAP]\n Heuristic match: "crl.godaddy.com"- [Source: PCAP]\n Heuristic match: "GET /gdroot-g2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.godaddy.com"- [Source: PCAP]\n Heuristic match: "GET //MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.godaddy.com"- [Source: PCAP]\n Heuristic match: "aux.fqtag.com"- [Source: PCAP]\n Heuristic match: "cdn.fqtag.com"- [Source: PCAP]\n Heuristic match: "flx808.lporirxe.com"- [Source: PCAP]\n Heuristic match: "fqtag.com"- [Source: PCAP]\n Pattern match: "www.ukrainiangirldating.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: http://junglefreaks.store/ (AV positives: 1/88 scanned on 08/23/2022 08:36:00)\n URL: http://imrn.dev/ (AV positives: 1/88 scanned on 08/23/2022 08:234.148.97.127
2023-05-12 02:44:48Raw Data from RIRsNoCRXcavator0010None[{"platform": "Chrome", "extension_id": "mdcffelghikdiafnfodjlgllenhlnejl", "name": "GayHub", "icon": "https://lh3.googleusercontent.com/rZ8V_inU3Be2PxnPEyV9srR3G_5mJ_618v81YKqluedhhRG1boWeD5rZHFFN4VI0_7dmWXBueXjQBFnTN4kAfCmNbQ=w128-h128-e365-rj-sc0x00ffffff"}, {"platform": "Chrome", "extension_id": "ppaeilehlbalfblndppebfpgikeodlaj", "name": "Aliexpress Ebay DropShipping - Ebayhunt", "icon": "https://lh3.googleusercontent.com/NzJqQYrT2UL825AQ1yg79_gtXND1L0CSo0J9AZpMiqonPLiAlckkEKy_UTvkE8T_pr0zXKykXV--eedN26HQTPNl8g=w128-h128-e365-rj-sc0x00ffffff"}, {"platform": "Chrome", "extension_id": "agjliddikiapkkpacaacecphgdoplfop", "name": "ReplayHub YouTube Looper", "icon": "https://lh3.googleusercontent.com/8hLe0teq-FvENQnMGTH5hbKoAgfgd5YttifZdgjiDupvDj0k9qP7enO7qNry3CWBXmZtrms-qMTbQk7rL--uibGNuA=w128-h128-e365-rj-sc0x00ffffff"}, {"platform": "Chrome", "extension_id": "fcnbnbmppjiehikhcaalfjmopkpfaeji", "name": "DayHub", "icon": "https://lh3.googleusercontent.com/v78saLETMsfToP0i6U9zZo4gg6OjGyRw-VmkftOIrIhRyAsqH79lO7JoC5e6S5lrwbbqFRZxCrnAAZagk0kSEqfnJA=w128-h128-e365-rj-sc0x00ffffff"}]ayhu.xyz
2023-05-12 02:58:44Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://mweb0-80901e.netlify.app/', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://mweb0-80901e.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2072"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_IE_EarlyTabStart_0xca0_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_ConnHashTable<2072>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_818_IESQMMUTEX_0_519"\n "IsoScope_818_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"mweb0-80901e.netlify.app"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"mweb0-80901e.netlify.app"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "YQ5SEDTB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ5SEDTB.txt]- [targetUID: 00000000-00001620]\n Dropped file: "AROYBRGH.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AROYBRGH.txt]- [targetUID: 00000000-00002072]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_7B887D42-4986-11ED-AB02-0800276C7FB6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002072]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "down_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002072]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "YQ5SEDTB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ5SEDTB.txt]- [targetUID: 00000000-00001620]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001620]\n "~DF86DCA3C105E64A15.TMP" has type "data"- Location: [%TEMP%\\~DF86DCA3C105E64A15.TMP]- [targetUID: 00000000-00002072]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFFC6806C45B651F0F.TMP" has type "data"- Location: [%TEMP%\\~DFFC6806C45B651F0F.TMP]- [targetUID: 00000000-00002072]\n "~DF7E185BA9CDCD7E04.TMP" has type "data"- Location: [%TEMP%\\~DF7E185BA9CDCD7E04.TMP]- [targetUID: 00000000-00002072]\n "RecoveryStore._72EB1E11-4986-11ED-AB02-0800276C7FB6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search_1_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "~DF138D1E12921648C6.TMP" has type "data"- Location: [%TEMP%\\~DF138D1E12921648C6.TMP]- [targetUID: 00000000-00002072]\n "AROYBRGH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AROYBRGH.txt]- [targetUID: 00000000-00002072]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://mweb0-80901e.netlify.app/"\n Pattern match: "http://mweb0-80901e.netlify.app"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}], u'threat_level': 0, u'size': None, u'job_id': u'6345bb9d4e344208ff5110da', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'fb77b9fcfedf278c3a95dd022207815d527f6c39672b7d4bb735ccbd564c337b', u'sha512': u'4f7bd48309dcc7b5917de449f1e56343cb22f52f61225dbede044a11aadf97d927952fb16869bc2fd5018d15bfef91c65cfe530a71e476536d6495bd366a6c20', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://mweb0-80901e.netlify.app/', u'submission_id': u'6345bb9d4e344208ff5110db', u'created_at': u'2022-10-11T18:53:17+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-11T19:00:12+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 9, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'37c65a44456d2f754ced9db60a31d03d', u'network_mode': u'default', u'processes': [], u'sha1': u'f379a65fd9d21e0d17f0afce1b5ba3000bda7c23', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'mweb0-80901e.netlify.app'], u'extracted_files': [], u'type_short': []}]34.74.170.74
2023-05-12 02:45:38Physical LocationNoMetaDefender0020NoneSan Francisco, United States185.199.108.153
2023-05-12 02:46:49Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app35.229.48.116
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020NoneGitHub (Category: coding) https://github.com/patrickpogodapatrickpogoda
2023-05-12 02:50:03Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 9, u'threat_score': 80, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.pgupta.info/favicon/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d40_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d40_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d40_IESQMMUTEX_0_519"\n "SmartScreen_ClientId_Mutex"\n "IsoScope_d40_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d40_ConnHashTable<3392>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "_SHuassist.mtx"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3392"\n "IsoScope_d40_IE_EarlyTabStart_0xd6c_Mutex"\n "CommunicationManager_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "SmartScreen_AppRepSettings_Mutex"\n "Local\\LRIEElevationPolicyMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00002788)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003052)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002568)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002672)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "AcroRd32.exe" (UID: 00000000-00002568) was launched with modified environment variables: "PATH"\n Process "RdrCEF.exe" (UID: 00000000-00000132) was launched with modified environment variables: "PATH"\n Process "AcroRd32.exe" (UID: 00000000-00002672) was launched with modified environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00002788)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003052)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002568)\n Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (UID: 00000000-00000132)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=B4A00A12D81E18D5F5C2C768 ..." (UID: 00000000-00002736)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002672)'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1546/015', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1546.015', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" touched "UsersFiles" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\SHELLFOLDER")\n "rundll32.exe" touched "Adobe Acrobat Document" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{B801CA65-A1FC-11D0-85AD-444553540000}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Computer" (Path: "HKCU\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SHELLFOLDER")\n "rundll32.exe" touched "Enhanced Storage Icon Overlay Handler Class" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\\TREATAS")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" (Path: "HKCU\\CLSID\\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2 (GFS Stub)" (Path: "HKCU\\CLSID\\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" (Path: "HKCU\\CLSID\\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 3 (GFS Folder)" (Path: "HKCU\\CLSID\\{16F3DD56-1AF5-4347-846D-7C10C4192619}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" (Path: "HKCU\\CLSID\\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\\INPROCSERVER32")\n "rundll32.exe" touched "Memory Mapped Cache Mgr" (Path: "HKCU\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\INPROCSERVER32")\n "rundll32.exe" touched "Property System Both Class Factory" (Path: "HKCU\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\\TREATAS")\n "rundll32.exe" touched "Start Menu Cache" (Path: "HKCU\\CLSID\\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\\TREATAS")\n "rundll32.exe" touched "Start Menu Pin" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\\PROGID")\n "rundll32.exe" touched "User Pinned" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\INPROCSERVER32")\n "rundll32.exe" touched "Shell File System Folder" (Path: "HKCU\\CLSID\\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\\INPROCSERVER32")\n "rundll32.exe" touched "User Assist" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\\PROGID")\n "rundll32.exe" touched "Shared Task Scheduler" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{603D3801-BD81-11D0-A3A5-00C04FD706EC}\\TREATAS")\n "rundll32.exe" touched "Internet Shortcut" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Shortcut" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{00021401-0000-0000-C000-000000000046}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Taskband Pin" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\\TREATAS")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC7AF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC75F.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Registry Access', u'identifier': u'registry-25', u'name': u'Reads information about supported languages', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\LOCALE"; Key: "00000409")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "ES-ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "PT")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "PT")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "PT-BR")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "PT-BR")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "UK")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "UK-UA")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "UK-UA")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "BE")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "BE")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "EU-ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "EU-ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDED185.199.110.153
2023-05-12 03:00:56Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.93): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:25Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0000magda0000.github.io
2023-05-12 02:44:13Co-Hosted SiteNoSSL Certificate Analyzer0120Nonewww.github.comwww.battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATTaFmrKmS (Net ID: 78:23:AE:39:B2:90)37.751, -97.822
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NonePDI (Net ID: 00:06:25:FE:34:4D)33.617190550339146,-111.90827887019054
2023-05-12 03:23:09Open TCP PortNoPulsedive0030None188.114.96.0:8080188.114.96.0/24
2023-05-12 03:43:57URL (Purely Static)NoPage Information0030Nonehttps://kekw.battleb0t.xyz/jar<!DOCTYPE html> <html> <iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> </html>
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneRoom 208 (Net ID: 00:02:2D:66:D4:6B)33.617190550339146,-111.90827887019054
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ad40179b8e20f-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.168.252
2023-05-12 02:44:05SSL Certificate ExpiringYesCertSpotter0010None2023-05-14 15:23:50battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneCapsmanagement (Net ID: 00:01:21:1C:AD:40)41.8781, -87.6298
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneMCName (Minecraft) (Category: gaming) https://mcname.info/en/search?q=ayshooayshoo
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes256-gcm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.223): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:19IPv6 AddressNoDNS Resolver0030None2600:1f18:2489:8201::c8pics.battleb0t.xyz
2023-05-12 03:14:48Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2016-6329 https://nvd.nist.gov/vuln/detail/CVE-2016-6329 Score: 5.9 Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.www.ayhu.xyz
2023-05-12 02:44:22Physical LocationNoipstack0020NoneUnited States185.199.109.153
2023-05-12 02:45:34Affiliate - Internet NameNoDNS Raw Records1010Noneroute2.mx.cloudflare.netbattleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan11 (Net ID: 00:02:6F:08:21:EE)37.7642, -122.3993
2023-05-12 03:21:44Account on External SiteNoAccount Finder0020NonePinkBike (Category: hobby) https://www.pinkbike.com/u/dawid.sulej/dawid.sulej
2023-05-12 02:51:43SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 03:43:01 2023 GMT Not After : Jul 23 03:43:00 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78: 80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3: 3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f: 0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca: 83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd: bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e: 97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13: 69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39: 20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52: 01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51: 3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a: 29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0: 67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b: 4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11: bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06: 09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50: 68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25: 6b:ff Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 24 04:43:01.703 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:B5:F3:29:BD:A0:20:09:5F:ED:BA:FE: 7D:4D:29:A6:16:28:D4:3D:6D:9D:84:56:4B:24:03:17: F8:9F:1F:43:94:02:20:37:6C:63:6A:C8:C5:31:F7:F8: 33:84:21:F6:22:36:21:51:10:1E:BA:F6:84:58:81:0F: 85:70:0D:79:E6:82:79 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Apr 24 04:43:01.703 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:3C:77:99:EE:DE:DA:A2:24:43:1C:AD:EC: 69:6F:50:53:78:A5:D6:06:2E:44:C5:18:AE:9E:8D:2C: AE:F9:60:A7:02:20:7C:67:55:E9:15:15:6F:0B:C0:6C: 03:77:3B:85:8A:11:43:C9:26:F4:1A:B8:01:95:2B:3D: D3:07:79:D2:22:0E Signature Algorithm: sha256WithRSAEncryption 0c:76:65:e5:fc:42:37:1e:b5:d9:a4:86:ff:e5:cd:2e:ec:b9: 8b:1a:2f:85:2b:80:24:2f:8a:38:f7:2f:90:da:4b:59:72:ac: 50:00:d6:f8:be:ee:24:3b:97:1d:9e:48:b2:ab:16:91:7b:75: 8f:65:64:9a:36:23:e5:c7:78:a7:ca:89:1e:c3:f6:bc:f0:7a: 00:a4:96:0d:2f:d5:7c:15:b8:30:04:f0:6e:7a:7a:c2:72:48: 1b:96:01:fb:1c:d6:83:0a:db:4d:dd:29:ab:01:f5:bb:4a:29: 4c:39:51:33:13:62:6b:bf:71:ac:1a:0c:bd:96:7a:89:44:b0: a2:59:75:22:e1:9f:be:29:7e:a6:58:6f:00:c7:ed:a0:96:03: 62:21:81:04:3c:b2:c5:64:f6:c6:bf:6d:dc:6c:2b:eb:42:0d: 12:26:44:7a:6c:18:03:83:8a:20:96:54:35:04:94:b3:1c:97: ef:43:37:f9:66:94:3d:0c:c6:25:ff:59:cf:19:e0:84:45:73: 0c:a3:7b:29:a2:ae:7b:74:86:0e:3b:cb:c9:a4:5d:a4:7c:ff: 46:b0:a1:64:c6:83:24:a3:95:75:fa:60:2b:1c:df:c0:09:f6: 0a:8b:24:73:9a:7e:de:fe:0d:e4:ae:f5:fc:b8:f6:0c:9f:a5: 7e:82:4c:c8 battleb0t.xyz
2023-05-12 02:44:15Open TCP PortNoSSL Certificate Analyzer0020Nonefunny.battleb0t.xyz:443funny.battleb0t.xyz
2023-05-12 03:09:12Affiliate - IP AddressNoDNS Look-aside1030None207.154.228.160207.154.228.169
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneCanyon Crossing WiFi-scanning (Net ID: 00:18:0A:51:68:AC)37.751, -97.822
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:99387.248.157.102
2023-05-12 03:03:29Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io001wwang.github.io
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneQUEER (Category: social) https://queer.pl/user/loginlogin
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-6922 (Net ID: 00:1D:D4:19:69:20)32.8608, -79.9746
2023-05-12 02:53:45Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: D718:0A5D:5B243B:873E4F:645D98BE Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100097-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683855551.810015,VS0,VE33 Vary: Accept-Encoding X-Fastly-Request-ID: c4364b8ebfd36798d0a52940340cb79811a0b765 2606:50c0:8002::153
2023-05-12 02:58:46Vulnerability - CVE MediumYesTool - testssl.sh0210NoneCVE-2016-6329 https://nvd.nist.gov/vuln/detail/CVE-2016-6329 Score: 5.9 Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.ayhu.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneInsaneJournal (Category: social) https://login.insanejournal.com/profilelogin
2023-05-12 03:23:23Open TCP PortNoPulsedive0030None188.114.96.7:8080188.114.96.0/24
2023-05-12 02:44:23Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:50:47 2023 GMT Not After : Jun 11 12:50:46 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a: 3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a: 0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64: 46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17: 93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe: 36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc: 48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59: 03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74: fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53: 3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70: ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59: b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42: ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79: b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b: 32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54: 41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd: 32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4: 25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10: 3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7: 49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62: f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6: 4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5: 97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c: 11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48: bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a: 86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb: 35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5: f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1: 59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee: ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97: a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7: 5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c: 9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f: a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92: a6:63:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 13 13:50:48.097 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:CF:17:8C:E7:5C:85:D2:35:C0:73:1C: DD:DC:CB:6A:69:22:6C:11:CA:4A:7A:70:E6:41:98:64: C2:D6:EB:16:05:02:21:00:BB:55:01:DF:9D:AA:0D:1D: 85:02:D9:76:FB:4F:6B:D6:D8:8F:94:82:00:A7:D0:65: 5A:13:BE:6C:BF:BD:5B:9D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Mar 13 13:50:48.131 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AF:43:46:DF:38:C8:21:CA:47:16:D3: 84:F0:B4:A9:1B:09:0F:BB:55:58:89:44:1F:3A:9E:8A: 3C:22:70:0D:03:02:21:00:8B:39:10:8E:8A:36:DF:3F: E7:32:3D:76:7C:AB:60:E8:18:70:D5:6D:0E:33:7A:97: F4:0A:88:2E:3A:2E:C4:71 Signature Algorithm: sha256WithRSAEncryption 7c:6a:76:1d:db:1c:de:c2:19:6d:98:57:99:25:b4:5e:0f:bf: 95:8c:45:a2:25:ed:32:95:f2:0a:78:4e:ff:62:f4:67:48:31: 90:2b:e2:3c:d5:1d:db:e1:60:6a:0f:17:23:34:71:35:8b:95: 4d:73:cd:e3:a3:52:97:93:84:37:a2:ed:c5:7c:91:2b:0a:f9: 83:c1:eb:81:7e:88:34:cd:f0:88:f8:df:18:16:ef:ca:7e:49: f2:a7:b7:0e:a3:4b:4e:4f:92:f3:51:0f:2b:4e:c0:52:1c:18: 2a:c7:b7:9d:09:65:0e:50:64:7a:7d:02:f3:86:ed:28:2c:cd: 4a:55:5f:32:f3:f6:3f:13:34:34:14:d8:2b:1d:6d:73:a0:41: 90:ec:31:52:17:e6:2f:8b:58:c6:fb:86:38:bb:08:6b:2a:fc: 64:0a:2b:2e:0f:f6:06:a5:76:85:8b:81:7c:0b:e7:7d:41:98: 29:67:65:9c:a3:5e:54:d7:42:a2:ca:57:e3:ed:40:b5:6b:e7: 20:ae:3b:11:70:76:c2:da:cf:31:f0:ab:ca:10:28:73:4e:36: 4a:79:71:99:ba:fe:41:29:e0:de:27:f3:42:87:08:d7:24:fe: 2c:3e:d4:01:c9:17:cd:e7:bc:a6:c4:72:63:d4:a6:ab:14:ea: 33:96:20:50
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None2WIRE522 (Net ID: 00:01:E6:93:CB:2D)37.780462,-122.390564
2023-05-12 03:03:35Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00lt00.github.io
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0030Nonehttps://pics.battleb0t.xyz/images/random_5.pnghttps://pics.battleb0t.xyz/
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00088.github.io] https://www.openphish.com/feed.txt00088.github.io
2023-05-12 03:00:26Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64-etm@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneSpotify (Category: music) https://open.spotify.com/user/loginlogin
2023-05-12 02:53:32Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: E278:52F1:2384BF1:3304643:645CBD7D Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100155-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683799422.885849,VS0,VE32 Vary: Accept-Encoding X-Fastly-Request-ID: 2755bc270974a8f69ac639a54e3259fa11be8083 185.199.111.153
2023-05-12 03:22:42Similar DomainYesTLD Searcher1010Noneayhu.com.brayhu.xyz
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010Noneslideshare (Category: social) https://www.slideshare.net/ayshooayshoo
2023-05-12 02:45:32Physical LocationNoipapi.co0030NoneNorth Charleston, South Carolina, SC, United States, US34.148.97.127
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:05:5D:EC:9E:68)33.336199,-111.89446440830702
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:A3:7E:2A)33.336199,-111.89446440830702
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneart_vacation5.0 (Net ID: 00:01:9F:30:06:7C)33.6170672,-111.90564645297056
2023-05-12 02:53:12Raw Data from RIRsNoTool - WAFW00F1030None[{"url": "https://panel.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://panel.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]panel.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:92:82:51)41.8781, -87.6298
2023-05-12 03:01:05Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.113): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:14IP AddressNoDNS Resolver59010None104.21.6.166ayhu.xyz
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.163): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:59:59Affiliate - Email AddressNoE-Mail Address Extractor0030Noneinfo@cndglobelogistics.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.57): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:0B:05)50.8897, 6.0563
2023-05-12 02:46:20Netblock MembershipNoRIPE10020None185.199.111.0/24185.199.111.153
2023-05-12 02:46:26Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url6314.mail.nmacc.com/ls/click?upn=8UUcZfoU9ErRYP5rNGtgbirLN8xfc6bsTdjhpYE9O-2B6oIJCVLBVNxEMl4-2FlyZEXgpIcvOIsLdFwMmNMQ6pyipe-2BlH6ndePI6TegprE8-2FJ5TmwBSGqtoSQiQZMd1uQY0F6EMbvgZh-2FB54nRmur1hYZXb9DpD9Uaqar8AQBxXE9ZjEMEh9pj-2FNvjiSungY8Q-2BcGAEny7iKKiiOMOE4TVnhf8f7XNNG4vkRAhHBxDpFamm0IUZWV3z-2BlJLtiqNZocaeHRbn9q5OE4HMTBuJibaMxdHmJJ9cRGPg-2BIJz-2B-2F91yqQCKhq-2FDCeLChTKA7jVwK1Ouq-2FKIU-2FYhbkgDECGCTTIYKgHXPh2b3OYH9i7a6eI-2FAKkoa5wVpo9vtL32nYWta9ahz5vfUQqJE7rCOt9gGu6vQWShZJVtaDn-2FX0jLeh5IgiUHxe3oW8VqyzM8ypTZLDWj1E59I1JQ-2FktSv0rVnoCoiAb7P30xuBJWLqQ5lH4zPSwzQWh3Y6TkFHvj3cGgCyLHEq7_-2BOt3qy6nPPD-2BvPBT7bVtLrj9wxQ6PC4uiKPO00-2BGDcq4vCUL9jBCG2rzUktFCBBsWM9VDFDukFJsAvP5a2wlNm-2B1xvIYADajgidXgITH2clnmESRV-2BBkImikTYnjRiXwX9u5aj8UOixtxqSLd-2FknigE7ztnUTNb3Hm824FaNuRAjgM7w7tvQQ-2FLlxjpwO7cilXlMlvOUXGvEp4LRn9miTC4WQr-2FP80gqygKVr2Fvg-2F0JMdrNJ9JhF-2BavQqh-2F-2FWWK6tHbATUsKwjMalzZjASsgacGT9IwTW20bAz3NvT70G-2Be6bq15tVuvaeOKAiaoD-2B-2BGHYAAjoEMPIehIdac8BFr1v89Rh5h21H4kub2usLmqC3yC76UJPWE-2FAg-2FkbKljLX7rc5p70-2BTWNNS0fqLYZDnQPX9DQ4opuM2QB21j2WThAg-2Fa6lCRxasFq-2FKDHL-2BKRb', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a1c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a1c_IESQMMUTEX_0_519"\n "IsoScope_a1c_IESQMMUTEX_0_303"\n "IsoScope_a1c_ConnHashTable<2588>_HashTable_Mutex"\n "IsoScope_a1c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2588"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a1c_IE_EarlyTabStart_0x9e8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "108.139.1.6:443"\n "116.50.97.93:443"\n "185.199.111.153:443"\n "142.251.46.174:443"\n "172.217.12.106:443"\n "18.155.181.57:443"\n "172.217.12.104:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "142.251.214.130:443"\n "142.250.191.78:443"\n "142.250.191.66:443"\n "116.50.93.136:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nmacc.com"\n "pchen66.github.io"\n "tickets.jioworldcentre.com"\n "url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"":signuphost:":"https://plus.google.com",ratingbadge:{url:"https://www.google.com/shopping/customerreviews/badge?usegapi=1"},appcirclepicker:{url:":socialhost:/:session_prefix:_/widget/render/appcirclepicker"},follow:{url:":socialhost:/:session_prefix:_/widget/render/follow?usegapi=1"},community:{url:":ctx_socialhost:/:session_prefix::im_prefix:_/widget/render/community?usegapi=1"},sharetoclassroom:{url:"https://classroom.google.com/sharewidget?usegapi=1"},ytshare:{params:{url:""},url:":socialhost:/:session_prefix:_/widget/render/ytshare?usegapi=1"}," (Indicator: "plus.google.com")\n "* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "b,"vert.pix");break;case "PERCENT":Fy(d.verticalThresholds,b,"vert.pct")}Ev("sdl","init",!1)?Ev("sdl","pending",!1)||J(function(){return Gy()}):(Cv("sdl","init",!0),Cv("sdl","pending",!0),J(function(){Gy();if(Hy()){var e=Iy();qc(z,"scroll",e);qc(z,"resize",e)}else Cv("sdl","init",!1)}));return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}," (Indicator: "youtube")\n "function My(a,b){var c=this;return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "l=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gf:d,Ef:e,Ff:f,lg:g,mg:h,gd:l,Xa:b},p=z.YT,q=function(){Vy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Yy(w,"iframe_api")||Yy(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Py&&Wy(x[A],n.gd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "person:{url:":socialhost:/:session_prefix:_/widget/render/person?usegapi=1"},savetodrive:{url:"https://drive.google.com/savetodrivebutton?usegapi=1",methods:["save"]},page:{url:":socialhost:/:session_prefix:_/widget/render/page?usegapi=1"},card:{url:":socialhost:/:session_prefix:_/hovercard/card"}}},h:"m;/_/scs/abc-static/_/js/k=gapi.lb.en.zUi2Oiqh0cQ.O/d=1/rs=AHpOoo-VnflFHGTzk3OsaVpWbqz0Ysb2Jw/m=__features__",u:"https://apis.google.com/js/api.js",hee:!0,dpo:!1,le:["scs"],glrp:false},platform:"backdrop blogger comments commentcount community donation family_creation follow hangout health page partnersbadge person playemm playreview plus plusone post ratingbadge savetoandroidpay savetodrive savetowallet sharetoclassroom shortlists signin2 surveyoptin visibility youtube ytsubscribe zoomableimage".split(" ")," (Indicator: "youtube")\n "Py=!0,b});return b}Zy.M="internal.enableAutoEventOnYouTubeActivity";var $y;function az(a){var b=!1;return b}az.M="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},R(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Hh.ia+"&cx=c";hs()&&(f+="&sign="+Hh.se);var g=Qh||Zh?gs(b,f):void 0;g||(g=So("https://","http://",Hh.Gd+f));Cl().destination[a]={state:1,context:c};mc(g)}};function is(){if(xl()){return!0}return!1};var ls=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ms={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ns={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Yv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,l){var n=a(),p=n.Lf,q=void 0!==l?Math.round(l):void 0!==h?Math.round(n.Lf*h):Math.round(n.Uh),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Hk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Av(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "main.4a45304c_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "api_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QA70RK48.txt" has type "ASCII text"- Location: [%APPDATA%\\Mic185.199.111.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneKFA (Net ID: 00:00:CB:07:81:0E)50.1188, 8.6843
2023-05-12 02:54:19Linked URL - InternalNoWeb Spider0020Nonehttp://nuke.battleb0t.xyznuke.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:5D:5F:35)33.336199,-111.89446440830702
2023-05-12 02:50:17Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:22 2022 GMT Not After : Feb 15 17:26:21 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a: f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8: c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b: dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6: 12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19: e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4: d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49: 42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48: 5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51: 8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60: e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8: ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a: 91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8: c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9: 81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f: e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2: 8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d: 0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7: 36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8: 19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3: 12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a: ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f: 97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f: dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1: 9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd: f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88: be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36: 8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad: df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80: 9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf: c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2: 59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0: 88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc: d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0: b4:f9:c1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 18:26:23.061 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:9F:03:F2:57:29:1C:6C:CA:C4:B6:84: A2:CF:DC:58:71:8F:BE:81:45:60:1F:FF:93:71:3F:A9: CA:BA:3A:50:C4:02:21:00:90:64:F6:9F:F7:D4:4C:D2: FE:1C:A7:11:20:05:5D:56:39:91:0A:7B:4C:62:39:AA: 64:BD:6C:3C:C2:FD:A1:0A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 18:26:23.103 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:4F:62:25:1A:58:98:9D:A9:66:2A:8C:9C: A9:99:81:EC:02:DA:B6:46:5C:1C:8A:B1:7D:3E:50:EB: 79:AD:CA:D4:02:21:00:81:0A:60:C2:7A:18:38:E9:6B: 5A:5E:9B:C3:73:2D:B9:E6:6F:7E:07:33:77:3C:F6:0E: B6:F2:86:95:8C:EA:B2 Signature Algorithm: sha256WithRSAEncryption 0b:32:93:ac:90:bf:47:b0:c4:55:e2:5d:67:21:f0:7b:a7:a4: cd:66:48:4d:2c:f0:72:c8:d2:e0:06:52:3d:5f:5e:f3:6d:c2: a4:d3:6b:9f:de:a7:3e:43:94:31:d9:2a:70:b4:d8:61:f6:f9: 5c:2f:4e:93:c9:e9:4f:53:93:2f:86:7b:1f:c9:8a:15:03:28: 96:52:6d:95:ef:a6:c5:d3:5e:db:a3:1b:da:98:f0:b3:d4:33: b3:0c:25:74:63:ab:88:aa:ca:72:4f:f1:60:47:12:0c:e7:e7: d2:30:3a:7a:16:b2:67:3a:08:9a:8f:2c:01:80:2f:d2:f1:29: 79:da:43:5d:f1:6e:ce:77:99:33:0f:bd:15:e0:aa:92:a8:51: 21:1e:1f:fc:62:be:58:aa:ad:ce:bf:14:e5:e6:0f:6c:ea:61: 2e:ce:4c:21:48:67:57:3a:f8:75:60:b1:d3:01:c6:eb:1e:96: 48:d4:7d:65:31:de:70:bc:f7:3f:bd:89:d2:15:4c:60:09:1a: af:c6:86:cb:88:cd:d5:a5:55:42:cd:bd:22:96:61:43:7d:a3: c6:84:39:52:19:c9:4c:63:fc:ed:7f:7b:3f:3c:68:62:f5:7a: 29:d5:7a:58:55:09:bd:cb:a0:f7:ad:61:48:d5:d6:97:fb:49: c3:ed:97:11
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS (Net ID: 00:00:C5:D7:63:F4)41.8781, -87.6298
2023-05-12 02:55:15Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: <REDACTED> Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip 165.232.113.85
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWir (Net ID: 00:01:E3:51:05:D5)50.1188, 8.6843
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:07:50:41)52.3759, 4.8975
2023-05-12 02:58:34Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://texassuntexasmoon.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dd8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dd8_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_dd8_IESQMMUTEX_0_303"\n "IsoScope_dd8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3544"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dd8_ConnHashTable<3544>_HashTable_Mutex"\n "IsoScope_dd8_IE_EarlyTabStart_0xf18_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"texassuntexasmoon.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"texassuntexasmoon.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarDD29.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:80"\n "34.74.170.74:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabDD18.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "ZR04WK0P.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZR04WK0P.txt]- [targetUID: 00000000-00003544]\n Dropped file: "QMOFOY6E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QMOFOY6E.txt]- [targetUID: 00000000-00003544]\n Dropped file: "2CHG6PLE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2CHG6PLE.txt]- [targetUID: 00000000-00003544]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httptexassuntexasmoon.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002684]\n "ZR04WK0P.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZR04WK0P.txt]- [targetUID: 00000000-00003544]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "CabDD18.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabDD18.tmp]- [targetUID: 00000000-00002684]\n "QMOFOY6E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QMOFOY6E.txt]- [targetUID: 00000000-00003544]\n "2CHG6PLE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2CHG6PLE.txt]- [targetUID: 00000000-00003544]\n "NSPIFVH3.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\NSPIFVH3.txt]- [targetUID: 00000000-00002684]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFE4194B9B6BD734DD.TMP" has type "data"- Location: [%TEMP%\\~DFE4194B9B6BD734DD.TMP]- [targetUID: 00000000-00003544]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_6C8601C4-5EA4-11ED-B0C0-080027B94385_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._61F8B973-5EA4-11ED-B0C0-080027B94385_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF8E353882B4B5390.TMP" has type "data"- Location: [%TEMP%\\~DFF8E353882B4B5390.TMP]- [targetUID: 00000000-00003544]\n "~DF0028BFD212D71DC5.TMP" has type "data"- Location: [%TEMP%\\~DF0028BFD212D71DC5.TMP]- [targetUID: 00000000-00003544]\n "_61F8B975-5EA4-11ED-B0C0-080027B94385_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003544]\n "~DFC34CEF82F4E6D534.TMP" has type "data"- Location: [%TEMP%\\~DFC34CEF82F4E6D534.TMP]- [targetUID: 00000000-00003544]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://texassuntexasmoon.com/"\n Pattern match: "http://texassuntexasmoon.com"\n Heuristic match: "texassuntexasmoon.com"\n Heuristic match: "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/93 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63691cbfbd04344cc75ae66e', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck34.74.170.74
2023-05-12 02:55:05Netblock MembershipNoCensys334020None188.114.97.0/24188.114.97.1
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c575ea9e94610e1-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.135.9
2023-05-12 03:03:16Internet Name - UnresolvedNoDNS Resolver0020Nonewebdisk.ayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None001wwang.github.io185.199.111.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneRock Chalk (Net ID: 00:01:95:08:D8:04)37.780462,-122.390564
2023-05-12 03:09:42Affiliate - Internet NameNoDNS Resolver0040None118.97.148.34.bc.googleusercontent.com34.148.97.118
2023-05-12 02:44:23SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1185.199.109.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.205): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NonePronouns.Page (Category: social) https://pronouns.page/api/profile/get/battleb0t?version=2battleb0t
2023-05-12 02:46:49Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app35.229.48.116
2023-05-12 02:44:29Co-Hosted Site - Domain NameNoDNS Resolver0020Nonegithub.iogithub.io
2023-05-12 02:45:02Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8002::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}2606:50c0:8002::153
2023-05-12 02:45:11Raw Data from RIRsNoipapi.co0020None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'172.67.135.9', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'172.67.0.0/16', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}172.67.135.9
2023-05-12 03:36:20Open TCP PortNoPulsedive0030None188.114.97.128:80188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneGood Times (Net ID: 00:02:2D:29:A2:94)34.0544, -118.244
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:26Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 23 20:32:58 2023 GMT Not After : Jun 21 20:32:57 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc: 59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01: 7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be: 0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa: 26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8: 92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd: c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed: 95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5: c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4: 72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c: 13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce: 3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6: be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1: ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14: 9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31: 9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02: ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60: db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23: 66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d: 1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29: 9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46: 76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb: 5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2: c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87: 99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1: d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e: cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6: 3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7: 6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e: 4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4: 1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e: 5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40: 7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71: 68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94: 83:4a:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 23 21:32:58.351 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:F9:02:68:04:DD:BD:03:2E:AE:18:AA: AF:0D:3B:37:54:0B:65:42:08:02:43:59:39:EA:4E:E4: 74:9E:81:C9:7F:02:21:00:A3:06:40:AE:98:69:3E:CB: 1F:F6:11:FA:78:DC:13:53:6B:E1:77:75:9F:C2:16:A0: DB:C3:04:86:97:E4:3C:C0 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Mar 23 21:32:58.367 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:7A:A2:EB:6D:CE:11:7A:04:E7:47:C4:C2: 44:9A:BB:45:2B:47:3C:26:06:C5:A4:73:04:05:59:C0: EA:D7:C9:86:02:21:00:96:12:0C:16:C7:15:09:8E:8E: 23:55:5D:FF:D3:4D:29:B3:21:12:6C:94:18:E0:30:4E: 4A:D0:D6:81:62:80:25 Signature Algorithm: sha256WithRSAEncryption 54:a4:7f:41:90:b7:5a:58:4b:b5:6b:68:ea:db:5a:92:b3:b2: 5b:7b:19:af:8a:ab:f1:af:c0:c8:97:4c:34:bf:3f:32:11:7b: ef:8b:7e:76:7a:87:16:2c:1f:d0:41:d1:c1:02:b1:37:57:af: 4c:2b:b8:7b:75:a1:66:6d:db:db:ab:82:a1:fd:0c:b1:09:1f: f6:3b:6f:e4:40:6a:6c:5b:ef:1d:46:ef:b3:b7:e2:09:40:10: a0:d1:48:3e:99:ab:85:a3:c4:4c:9c:38:4c:86:5d:05:6c:1b: 02:ea:8a:b9:cd:33:f5:2b:4f:92:81:81:2f:e1:d6:b3:a5:e1: b8:f6:e8:c6:e4:af:f3:a4:96:e9:02:f8:de:c5:31:3b:03:6b: a3:c1:43:ea:01:84:7b:d7:65:c2:7b:26:5b:45:8b:c9:00:4a: bf:64:80:db:bc:e4:35:f5:31:8b:1a:49:c1:a9:b6:8d:8f:59: 62:4e:f9:b9:59:d2:7d:9b:3a:75:2f:82:0e:77:1f:fa:cc:3b: 4e:90:c2:ba:e9:1d:4c:b0:a0:53:8e:4b:72:4b:e7:12:e4:36: 5a:97:fc:6e:97:fc:a5:f5:76:de:6f:cd:f5:6d:3f:07:f6:75: e6:97:55:45:a3:14:55:0c:ff:89:33:2c:76:5f:49:b1:2d:bb: 1e:69:4c:4d
2023-05-12 03:12:55Physical LocationNonumverify0030NonePhoenix, US+14806242598
2023-05-12 02:44:15Software UsedYesTool - Wappalyzer0020NoneOpen Graphnwapi2.battleb0t.xyz
2023-05-12 02:50:19Physical LocationNoipstack0030NoneUnited States34.148.97.127
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0060Nonecloudflare{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:21 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:21 GMT", "cf-ray": "7c5f60688e300ce1-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 02:55:18Open TCP Port BannerNoCensys0130NoneSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.146.101.229.70
2023-05-12 02:45:31Raw Data from RIRsNoPhishStats0020None[{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.111.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2293641, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Payment request', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'9ee11d071cac91169efe1c0a71aadc337743e7b1dbe899b003476c340ed7ecf3', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'binance-btc.github.io', u'date': u'2018-06-28T12:07:20.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'https://binance-btc.github.io/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}]185.199.111.153
2023-05-12 02:53:42BGP AS MembershipNoCensys0020None54113185.199.109.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:02:2D:03:10:83)37.780462,-122.390564
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"}
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonebsbmuh (Net ID: 00:08:5C:F1:78:3B)40.2024, 29.0398
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2086104.21.71.14
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0060NoneNics Telekomunikasyon Ltd. Domain Name: KEYUBU.COM Registry Domain ID: 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registry Expiry Date: 2023-07-31T21:39:32Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.COM Registry Domain ID : 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registrar Registration Expiration Date: 2023-07-31T21:39:32Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneWaveLAN Network (Net ID: 00:02:2D:1B:7E:B1)34.0544, -118.244
2023-05-12 02:46:17Affiliate Description - AbstractNoDuckDuckGo0030NoneGitHub, Inc. is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018. It is commonly used to host open source software development projects. As of January 2023, GitHub reported having over 100 million developers and more than 372 million repositories, including at least 28 million public repositories. It is the largest source code host as of November 2021.cdn-185-199-111-153.github.com
2023-05-12 03:09:49Affiliate - Internet NameNoDNS Resolver0040None79.170.74.34.bc.googleusercontent.com34.74.170.79
2023-05-12 02:44:17Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.111.153
2023-05-12 03:03:25Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000000014286.github.io
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:01:24:F2:E2:35)37.780462,-122.390564
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2052172.67.135.9
2023-05-12 03:31:32Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@namecheap.comDomain Name: battleb0t.wtf Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2023-02-15T17:41:17Z Creation Date: 2023-02-10T17:40:28Z Registry Expiry Date: 2024-02-10T17:40:28Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:15:08Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: battleb0t.wtf Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2023-02-10T17:40:28.99Z Registrar Registration Expiration Date: 2024-02-10T17:40:28.99Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T13:15:09.13Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:45:25Physical LocationNoMetaDefender0020NoneSan Francisco, United States185.199.111.153
2023-05-12 03:31:32Affiliate - Email AddressNoE-Mail Address Extractor0060Noneabuse@namecheap.com Domain Name: ECASH-PAY.COM Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15Z Creation Date: 2021-04-26T06:58:38Z Registry Expiry Date: 2024-04-26T06:58:38Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: ecash-pay.com Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15.08Z Creation Date: 2021-04-26T06:58:38.00Z Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:03:42Internet NameNoDNS Resolver0030Nonenwapi.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}]
2023-05-12 03:00:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.31): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.195): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:41:52Netblock MembershipNoCensys0030None45.131.109.0/2445.131.109.53
2023-05-12 02:44:59Similar DomainYesSimilar Domain Finder1010Nonetayhu.xyzayhu.xyz
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00feng00.github.io] https://www.openphish.com/feed.txt00feng00.github.io
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneGP (Net ID: 00:01:24:F1:7F:54)37.780462,-122.390564
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.251): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:16HTTP Status CodeNoWeb Spider0040None200https://oldfluid.battleb0t.xyz/./script.js
2023-05-12 02:46:35Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://ikerguerrero.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3036"\n "IsoScope_bdc_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bdc_IE_EarlyTabStart_0xf40_Mutex"\n "IsoScope_bdc_ConnHashTable<3036>_HashTable_Mutex"\n "IsoScope_bdc_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "142.250.191.74:443"\n "172.64.132.15:443"\n "151.101.1.229:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/iguerrerog/" target="_blank"><img class="intro-logo" src="assets/img/logoLinkedin.png"></a>" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FFE.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FFD.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003220]\n "RXSS1QAB.htm" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\RXSS1QAB.htm]- [targetUID: 00000000-00003220]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVtaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25724 version 1.1"- [targetUID: N/A]\n "isokoban_1_.png" has type "PNG image data 1320 x 791 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "9F12WOLK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9F12WOLK.txt]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvao7CIPrc_1_.woff" has type "Web Open Font Format TrueType length 24716 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25428 version 1.1"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25916 version 1.1"- [targetUID: N/A]\n "~DFE3DB26A7977220AD.TMP" has type "data"- Location: [%TEMP%\\~DFE3DB26A7977220AD.TMP]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25360 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25996 version 1.1"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF5B01A6D2E18F9376.TMP" has type "data"- Location: [%TEMP%\\~DF5B01A6D2E18F9376.TMP]- [targetUID: 00000000-00003036]\n "P04A7CBK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P04A7CBK.txt]- [targetUID: 00000000-00003036]\n "cubam_1_.png" has type "PNG image data 1920 x 1080 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "styles_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "GBYF66MA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GBYF66MA.txt]- [targetUID: 00000000-00003220]\n "bandera_mexico_1_.png" has type "PNG image data 2203 x 1240 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_1D3EFA78-C97D-11ED-A555-08002718A46F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/StartBootstrap/startbootstrap-business-casual/blob/master/LICENSE"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "https://startbootstrap.com/theme/business-casual"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://use.fontawesome.com/releases/v6.1.0/js/all.js"\n Pattern match: "https://www.linkedin.com/in/iguerrerog/"\n Pattern match: "https://play.google.com/store/apps/details?id=com.StickyGames.PLCEmulatorProject"\n Pattern match: "https://fonts.googleapis.com/css?family=Lora:400,400i,700,700i"\n Pattern match: "https://fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFoq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg.woff"\n Pattern match: "MUID06AC37517CFB670117FF258C7DB766BBmsn.com/1025424501094431100936425263449231022473*"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://ikerguerrero.dev/Accept-Language"\n Pattern match: "https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy"\n Pattern match: "http://ikerguerrero.dev"\n Pattern match: "http://ikerguerrero.dev/"\n Pattern match: "isdomainmigratedtruewww.msn.com/102584346316831058692425247824231022473*"\n Pattern match: "MUIDB1EE4D163B6736F882F96C3BEB73F6EBEieonline.microsoft.com/9216424501094431100936424779074231022473*"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787z5vBJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Coq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4bbLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4ejLDrMf185.199.111.153
2023-05-12 03:23:38Open TCP PortNoPulsedive0030None188.114.96.14:8080188.114.96.0/24
2023-05-12 02:54:13Web Content TypeNoWeb Spider0030Nonetext/css;charset=utf-8https://battleb0t.xyz/./src/style.css?4
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-fog.github.io] https://www.openphish.com/feed.txt0-fog.github.io
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/random_1.jpeghttps://pics.battleb0t.xyz/
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneGitea - Gitea is a forge software package for hosting software development version control using Git as well as other collaborative features like bug tracking, code review, kanban boards, tickets, and wikis. It supports self-hosting but also provides a free public first-party instance.battleb0t.github.io
2023-05-12 02:46:02Physical CoordinatesNoAbstractAPI0030None32.8608, -79.974635.229.48.116
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:FD:45:77)33.336199,-111.89446440830702
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00jew.github.io] https://www.openphish.com/feed.txt00jew.github.io
2023-05-12 03:09:47Affiliate - Internet NameNoDNS Resolver0040None69.170.74.34.bc.googleusercontent.com34.74.170.69
2023-05-12 02:44:38Software UsedYesTool - Wappalyzer0020NoneHTTP/3nuke.battleb0t.xyz
2023-05-12 03:24:21HTTP Status CodeNoWeb Spider0020None403https://ayhu.xyz/lol.html
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"}
2023-05-12 03:37:23Physical LocationNoMetaDefender0030NoneFrankfurt Am Main, Germany46.101.229.70
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneFlipboard (Category: tech) https://flipboard.com/@loginlogin
2023-05-12 02:50:19Physical LocationNoipstack0030NoneUnited States34.74.170.74
2023-05-12 03:22:54Open TCP PortNoPulsedive0020None188.114.97.1:8080188.114.97.1
2023-05-12 02:46:53Internet Name - UnresolvedNoDNS Resolver0020Noneteamcity.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 18:58:42 2023 GMT Not After : Apr 2 18:58:41 2023 GMT Subject: CN=teamcity.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14: 5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b: 41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b: 33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24: ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01: 86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a: 0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a: 65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c: 6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17: e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6: 98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8: 23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab: 09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a: c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d: d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98: 24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6: 92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04: 34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91: 0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09: 06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a: 1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f: 89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff: 51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d: f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98: 01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0: 57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e: ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11: 80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a: 7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03: 7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47: 4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d: bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d: be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33: 70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58: 32:f9:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:teamcity.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Jan 2 19:58:42.072 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:C3:06:C6:C9:50:41:7A:D7:6C:70:98: 51:7B:09:5D:89:5F:4F:70:26:E1:F3:55:05:EB:4B:EB: 4E:9B:F0:F2:88:02:20:0D:25:66:1C:2B:B5:DD:05:53: 30:99:F3:B4:0E:BD:C7:CD:B0:F0:5C:10:43:36:86:5F: 33:1B:1F:4F:B8:11:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 2 19:58:42.586 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:B0:57:94:1E:8F:52:58:AA:CA:03:15: 81:F7:97:21:F9:28:45:54:DF:F1:77:F6:A5:EC:58:76: D4:E4:12:AD:72:02:20:01:EE:79:67:15:46:B5:E0:30: 01:5F:EC:EA:1F:02:05:AC:32:1E:71:83:9E:36:A7:78: 3E:88:36:4C:5A:59:65 Signature Algorithm: sha256WithRSAEncryption 00:08:62:12:2d:66:22:5c:b5:95:b3:65:a0:38:13:b2:e8:94: fc:c1:f0:43:eb:c7:1d:b0:f8:81:fa:e3:8a:ff:5b:71:ba:c9: f0:8c:f7:2d:1c:f7:06:60:a9:cc:2b:a3:6a:74:56:5c:cc:ee: dd:59:f1:89:1a:b3:64:77:7a:c3:42:25:ce:6f:ac:00:39:8c: a8:ce:ab:de:74:9d:af:21:0a:8f:b8:da:c8:3a:34:04:13:53: 15:9a:a4:d4:ed:01:76:22:4f:b2:ec:9f:6d:03:d3:fa:18:6c: 67:6c:d6:b6:ce:7c:21:a4:1d:31:9c:0b:67:28:45:a7:ef:50: 97:79:ef:ba:a7:08:97:43:77:c8:c9:14:ff:92:90:23:36:be: 38:39:aa:a3:93:44:43:ea:01:c8:6f:d8:16:59:02:23:ab:26: 37:6a:12:88:93:b7:fe:c2:0d:03:0c:53:22:d8:37:25:ad:01: bc:05:a2:c1:63:10:a5:01:dc:4e:2b:3f:07:57:03:2b:c0:d6: 50:e4:e1:65:6d:4b:fd:e0:d9:56:40:77:bf:53:f8:f8:15:43: 95:2f:e5:cc:d5:7e:3a:08:ae:5e:a2:25:e0:3f:95:7a:61:d1: 0e:7f:79:5b:19:24:0a:bf:5f:bd:78:ba:c9:ea:6b:b8:bc:16: 32:d8:03:9b
2023-05-12 03:24:21Web Content TypeNoWeb Spider0030Nonetext/html;charset=utf-8https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU
2023-05-12 03:41:36Physical CoordinatesNoAbstractAPI100030None50.8897, 6.056345.131.109.53
2023-05-12 03:16:29Raw Data from RIRsNoipapi.co0030None{u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'46.101.229.70', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'46.101.192.0/18', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'}46.101.229.70
2023-05-12 02:44:49Company NameNoCompany Name Extractor0020NoneDomain Names REG.RU LLCDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneAGTLinksys (Net ID: 00:0C:41:75:B6:62)39.0469, -77.4903
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeensGroep (Net ID: 00:01:21:1F:B1:90)52.3759, 4.8975
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NonePHILIPS_B81A7F (Net ID: 00:0B:3B:D9:1B:59)50.8897, 6.0563
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATT639BrM3 (Net ID: 38:3B:C8:ED:A2:0A)37.751, -97.822
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePokerstrategy (Category: gaming) http://www.pokerstrategy.net/user/login/profile/login
2023-05-12 03:03:36Co-Hosted Site - Domain NameNoDNS Resolver2030None00rz.com00rz.com
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneBlogspot (Category: blog) http://Altpapier.blogspot.comAltpapier
2023-05-12 03:03:34Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00feng00.github.io
2023-05-12 02:46:55Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:54:05 2023 GMT Not After : Apr 27 17:54:04 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67: cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd: e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8: eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c: 24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb: 60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb: c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68: 44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3: 2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18: 80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e: 56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de: 27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef: 5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32: a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36: 4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68: 6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20: a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68: 7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52: c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db: 33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee: 82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb: 57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73: d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43: a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7: 6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e: 2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81: d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b: 69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92: c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b: 3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6: ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd: f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5: 32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78: 94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4: ad:de:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 27 18:54:05.304 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:2E:CD:16:75:5B:83:CE:34:DE:4E:0B:A5: 8F:CD:7C:C7:A7:A6:A9:11:C3:23:E1:0B:2A:31:9F:95: 73:C3:42:80:02:20:7B:D0:4F:D2:8B:72:CA:32:B2:4D: CC:40:AA:8E:75:E9:77:4A:4F:D1:BA:D8:AE:0C:6B:30: 9E:04:63:28:D1:A8 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 27 18:54:05.294 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:F1:66:52:35:FF:56:8B:1D:79:47:47: A7:1C:C3:D5:F7:A4:62:11:6E:72:13:33:6A:75:28:8C: 74:B2:4C:10:76:02:20:1B:97:A6:E2:6C:65:7B:C8:CD: 9F:BB:59:01:45:C5:3A:6B:BD:4B:C8:1B:69:3F:61:01: 38:DF:1A:9C:5B:33:60 Signature Algorithm: sha256WithRSAEncryption ae:79:f7:6d:1b:71:32:86:32:db:2a:16:1c:43:90:9b:83:62: 0f:e8:c8:45:a2:74:39:9e:47:95:60:f9:a9:0f:5f:8f:26:9e: 6a:cb:48:fc:28:9f:be:95:de:3f:18:f2:a2:6b:df:e9:ed:0e: 0c:fe:77:c0:f9:43:13:cf:28:62:3e:eb:89:e6:eb:03:ba:b6: 65:d3:6f:26:2f:e2:cd:15:59:82:3c:0e:ae:d9:44:2e:69:94: 35:68:67:b8:2a:60:2d:04:59:19:48:8b:a7:19:32:be:3f:d4: 97:45:fa:e8:74:5a:8f:72:87:86:27:6f:fd:8c:2b:a4:50:d9: 22:2e:d0:5b:e8:25:5b:f1:50:e7:fa:72:45:0e:76:e9:66:71: c9:e1:a7:8b:e8:5b:83:ac:a2:bc:89:be:14:a7:12:48:15:b7: d6:1e:fe:ad:98:76:3e:16:2c:cf:38:d6:a3:13:69:b2:c3:42: 11:42:e6:c6:c6:df:61:d7:1c:e4:ca:7f:bc:9e:71:30:82:fe: d4:6f:58:81:ab:0e:55:97:bb:c1:5d:e3:30:ef:17:60:9b:37: 2f:f7:be:34:13:0e:a6:78:95:12:19:fc:1f:5c:b8:e7:4a:08: f6:f1:db:51:99:1c:e2:4d:5a:42:03:0e:eb:74:29:12:8b:42: 4a:ad:db:87
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMaingau (Net ID: 00:02:2D:66:94:56)50.1188, 8.6843
2023-05-12 02:51:31SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:23:04 2022 GMT Not After : Feb 15 13:23:03 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a: ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73: 1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1: f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00: 78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39: 10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7: b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3: 5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39: 57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08: 2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a: 22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d: c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26: f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87: e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a: 2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70: bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e: 32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03: a2:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 14:23:04.766 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D4:53:59:2F:EB:FF:FB:09:BA:76:BB: E9:A4:81:C3:B1:93:13:10:22:54:A7:54:1C:46:19:3B: 6F:1B:01:CB:65:02:21:00:BB:AD:59:07:F2:64:D8:C4: FA:7C:E2:49:2B:E4:9B:86:A7:0D:4A:BE:2B:43:0F:BA: C2:73:EA:C3:69:47:E2:C3 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 14:23:04.781 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:97:4D:DC:2F:D1:9B:1A:BE:09:EC:A2: 59:20:1E:95:7C:4B:C9:87:AC:96:9A:C3:4F:C0:0E:23: 4F:BC:16:AA:14:02:21:00:B1:07:3B:2C:0B:51:21:34: 74:50:BD:8C:B3:BE:A9:50:07:9B:F0:85:AB:3F:69:A1: 3D:6A:46:9D:88:A6:9A:89 Signature Algorithm: sha256WithRSAEncryption ad:f7:33:43:81:f3:8d:21:44:85:e2:84:76:49:bc:87:f0:51: 96:b7:88:05:55:85:b8:e1:90:97:3e:c1:69:16:a8:c5:f1:39: 0d:d1:5f:8d:38:e4:0d:8b:e6:47:2a:f6:40:63:03:2b:f0:1f: be:f8:b1:82:61:91:3b:03:b0:69:20:b4:dc:30:8c:89:f3:1c: 58:10:34:d9:81:b9:21:67:93:a8:46:92:4c:c7:e9:dc:76:7f: 5b:fc:b0:d2:dc:de:8d:94:c5:6b:c4:40:90:a8:e8:74:62:d2: e6:1b:be:60:7f:96:01:c1:48:4a:c7:bd:8c:53:d2:a6:cf:88: fa:4c:5d:6b:ed:42:b0:75:30:19:73:a0:d5:65:1d:45:1e:70: 23:da:e7:c5:31:6f:12:d3:54:2e:a3:91:e2:56:46:67:fd:10: 01:29:6e:69:67:d8:1f:99:c8:35:4f:2e:14:20:7c:c8:7b:86: d6:ea:ed:96:56:81:0a:9f:3d:c7:d8:52:97:ea:0d:0a:ae:e6: ce:93:f5:1e:0e:18:81:98:ef:d7:e3:a1:ab:63:09:30:4f:8f: f5:0c:92:d0:84:ce:09:f8:71:10:dd:91:6b:72:67:70:ee:47: d4:69:c2:95:9e:55:af:5a:cf:d9:19:cf:5f:f9:37:c3:6b:53: ee:53:f7:4b battleb0t.xyz
2023-05-12 03:24:47CountryNoCountry Name Extractor0030NoneUnited StatesChantilly, Virginia, 20151, United States, North America
2023-05-12 02:54:22Web Content TypeNoWeb Spider0030Nonetext/htmlpanel.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonemyLGNet (Net ID: 00:02:A8:96:B6:F1)50.1188, 8.6843
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020None* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 87.248.157.102
2023-05-12 03:03:42Internet NameNoDNS Resolver0030Nonefunny.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://funny.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'Netlify']}, u'RedirectLocation': {u'string': [u'https://funny.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'x-nf-request-id']}, u'IP': {u'string': [u'34.148.147.18']}}}, {}]
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-256-etm@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 02:45:17Physical LocationNoipapi.co0040NoneToronto, Ontario, ON, Canada, CA2606:4700:3037::6815:470e
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCableWiFi (Net ID: 00:0D:67:66:08:16)32.8608, -79.9746
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneISHLT-Corp (Net ID: 00:01:21:30:59:78)41.8781, -87.6298
2023-05-12 03:09:37Affiliate - Internet NameNoDNS Resolver0040None225.30.196.104.bc.googleusercontent.com104.196.30.225
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelogitec-99c005 (Net ID: 00:01:8E:99:C0:04)50.1188, 8.6843
2023-05-12 02:59:34Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.kekw.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneok.ru (Category: social) https://ok.ru/loginlogin
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.71): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.177): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:25Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0000rgb124.github.io
2023-05-12 03:25:09Internet NameNoDNS Brute-forcer0010Nonewww.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:09:34Affiliate - Internet NameNoDNS Resolver0040None210.30.196.104.bc.googleusercontent.com104.196.30.210
2023-05-12 02:53:45Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America2606:50c0:8002::153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:EE:43:99)33.617190550339146,-111.90827887019054
2023-05-12 02:44:35Software UsedYesTool - Wappalyzer0020NoneOpen Graphfluid.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:02:DD:85:3E:34)33.6170672,-111.90564645297056
2023-05-12 02:56:58Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:44:09 2022 GMT Not After : Mar 13 15:44:08 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a: e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b: 2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d: 80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63: d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28: 06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0: 09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7: 79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57: 0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97: a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6: fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3: 69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96: 80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64: 8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94: 42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d: ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff: 0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7: 48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab: 78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44: cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86: 24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e: 70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80: a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0: 36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23: 0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f: ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07: 72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36: 1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f: 13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63: 54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2: e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3: 0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25: 1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35: be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db: 56:15:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 13 16:44:09.315 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:EB:B2:4A:B8:57:10:D6:3B:2F:B5:2A: 89:BA:32:85:1C:16:28:E8:45:62:3E:AC:5F:C1:A7:01: D5:8E:30:E3:17:02:20:27:39:6A:04:D2:61:CC:BD:8C: 4F:C5:13:6E:02:18:EB:24:BE:73:9E:F1:B4:F7:D8:89: 3A:CF:69:2B:AA:1C:75 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 13 16:44:09.312 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:73:42:08:21:4C:2B:6E:54:89:A5:9F:6C: 27:A0:E3:7D:5D:89:06:32:EB:1E:21:D3:16:0C:E5:9D: AB:38:FC:69:02:20:6E:F0:01:D9:C1:A2:AD:6E:65:26: 28:CF:30:5D:77:85:32:E7:53:E7:81:77:F5:0B:21:74: 83:B6:A0:E7:EA:52 Signature Algorithm: sha256WithRSAEncryption 32:8d:f0:fd:98:aa:6b:67:8b:fd:50:1f:a3:82:12:f7:96:0e: 20:1c:fd:bd:65:b3:76:ea:7d:e7:8e:de:49:56:5d:75:39:27: 85:12:91:b5:c9:aa:a8:98:14:b1:0b:89:0c:69:e2:0c:9e:47: 2e:8e:21:a5:d8:33:ba:43:8f:1a:0f:2c:6a:f9:b8:67:f2:5f: 5c:7a:06:bd:b7:ef:55:c1:6f:51:6b:fa:6b:09:ef:8b:fb:80: 49:8f:ee:cc:90:25:a6:9f:27:ae:ce:25:a8:cb:20:f2:07:c4: 43:8f:46:e1:64:24:94:30:c9:cf:5b:53:42:96:1a:a8:a3:26: 9e:e0:4f:a8:90:5b:82:db:4d:1c:ca:70:31:76:0c:bb:6c:d1: c9:02:ca:92:68:04:3a:5e:ff:d1:9c:cc:9d:29:99:f7:9f:50: 63:8c:bd:09:15:13:aa:10:8a:fe:a4:7b:38:d1:de:50:78:a9: f5:b9:42:b6:a4:a3:92:70:93:b5:82:12:31:84:1f:7a:4e:c1: b5:6e:db:bb:40:e0:59:4d:30:89:d2:e6:e9:ce:d5:19:06:a3: 10:65:96:34:86:38:78:b2:8f:41:76:5c:48:0c:dd:1e:50:46: 64:18:01:03:0a:cf:fb:4b:6e:47:08:59:20:26:e3:b6:52:18: 5b:fb:b5:4a
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/ein_1.pnghttps://pics.battleb0t.xyz/
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None00d2.github.io185.199.111.153
2023-05-12 02:46:04Physical LocationNoAbstractAPI0030NoneNorth Charleston, South Carolina, 29415, United States, North America34.74.170.74
2023-05-12 02:44:29SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 13:27:58 2022 GMT Not After : Mar 18 13:27:57 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e: aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9: 19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3: 5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c: ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e: 9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14: 1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3: e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15: 68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c: 7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3: 43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4: 23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0: 7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75: 8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09: cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b: 9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d: 8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73: 3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1: ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a: 80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66: 3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a: b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45: 0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b: 87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2: fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c: cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e: 26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be: ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2: ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32: 1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03: 33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29: 15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67: 2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20: 7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5: 3c:bf:e5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 18 14:27:58.330 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:5D:91:A5:EC:4A:FC:74:A1:CB:A1:43:42: 98:62:F0:F5:48:D8:59:AD:3A:BF:07:84:B7:A0:B8:FB: F5:7F:02:9D:02:20:12:51:01:88:30:77:0C:12:2D:94: E1:FC:28:63:C7:64:51:4C:7A:14:F6:58:60:D3:18:55: AA:0B:5F:BF:83:CC Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 18 14:27:58.947 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:D5:B1:CF:FB:EB:66:58:C1:7C:1F:B7: 27:25:02:E3:9E:12:C4:74:28:D8:27:C6:B7:CB:84:D4: 7D:B7:00:1E:10:02:20:0C:56:3E:2A:0C:E4:D2:75:F2: E0:99:5F:A7:32:B4:86:4A:7F:09:D3:E9:8B:5E:F2:A9: 78:DC:08:7A:AD:C8:9D Signature Algorithm: sha256WithRSAEncryption 56:f1:41:e3:6f:ab:da:37:be:d4:6d:55:43:59:14:33:ac:42: 61:99:54:b2:cc:68:3b:12:68:7c:14:63:9a:e3:c7:2d:28:07: ac:4e:8c:b4:88:4d:80:ce:91:c9:a5:4d:dd:f1:2e:8e:58:cd: 80:0c:46:fa:23:e4:c8:e8:14:61:72:93:e1:44:e8:c3:77:c0: aa:ee:7c:6f:ea:e8:70:f4:d2:e3:e8:1b:8a:39:ca:f5:73:f4: 96:02:3b:a3:36:c0:cb:29:b2:45:5f:f0:82:fc:84:4a:6e:b5: 8b:1c:4a:0e:46:1e:66:a9:10:39:d1:75:3c:a8:c4:57:7f:9f: 62:b2:b2:a2:ec:e6:f3:84:e9:0c:f9:be:3e:3f:3f:98:a2:49: b7:f8:ec:62:7a:a6:69:6f:94:d9:c6:a1:e0:cd:b8:20:3a:ae: 44:80:7f:ac:d9:a3:54:24:56:5d:f1:bf:01:6e:fe:df:0c:62: 2d:77:e4:5c:18:4d:90:25:51:13:68:40:ac:f8:0c:fc:86:c6: 34:50:55:8e:da:35:b1:44:f3:0d:df:99:4c:2f:5a:3f:d4:52: 8d:52:80:94:14:ff:5b:30:58:13:05:5b:9a:df:d5:d4:32:40: 69:ff:dd:82:79:46:62:09:c8:ab:58:69:3f:2e:57:89:60:f9: 31:9d:86:6b battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneangelique (Net ID: 00:0B:6C:C7:12:D8)39.0469, -77.4903
2023-05-12 02:45:36Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://nabarun101.github.io/mynetflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://nabarun101.github.io/Mynetflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e04_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_e04_IE_EarlyTabStart_0x894_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3588"\n "IsoScope_e04_IESQMMUTEX_0_331"\n "IsoScope_e04_ConnHashTable<3588>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e04_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "104.18.22.52:443"\n "172.64.101.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nabarun101.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "nabarun101.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<p class="text-dark">Watch right on Netflix.com</p>" (Indicator: "dir "; File: "Mynetflix_2_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003588]\n "~DFFA2460BF0619E6A5.TMP" has type "data"- Location: [%TEMP%\\~DFFA2460BF0619E6A5.TMP]- [targetUID: 00000000-00003588]\n "~DF3C66DECFD1719D57.TMP" has type "data"- Location: [%TEMP%\\~DF3C66DECFD1719D57.TMP]- [targetUID: 00000000-00003588]\n "~DF11E03E1F26AC0C90.TMP" has type "data"- Location: [%TEMP%\\~DF11E03E1F26AC0C90.TMP]- [targetUID: 00000000-00003588]\n "urlref_httpnabarun101.github.ioMynetflix" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._B3D1C4BF-E888-11ED-8ED0-08002750FF42_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_BBFF638A-E888-11ED-8ED0-08002750FF42_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B3D1C4C1-E888-11ED-8ED0-08002750FF42_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /Mynetflix/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://nabarun101.github.io/Mynetflix/"\n Pattern match: "http://nabarun101.github.io"\n Pattern match: "http://nabarun101.github.io/Mynetflix"\n Pattern match: "MUID089815D4E5BB620D23EC06D1E43F63D8msn.com/102523667231108893306123338431030421*"\n Pattern match: "SUIDMmicrosoft.com/9216415271475231030538305717088431030421*MUID3E7917FF718064A210F604FA700465BDmicrosoft.com/1025428520396831108892305732713431030421*_EDGE_V1microsoft.com/9216428520396831108892305732713431030421*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "SUIDMmicrosoft.com/9216415271475231030538305717088431030421*MUID3E7917FF718064A210F604FA700465BDmicrosoft.com/1025428520396831108892305732713431030421*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "https://kit.fontawesome.com/d83bab02e7.js"\n Pattern match: "MUIDB3E7917FF718064A210F604FA700465BDieonline.microsoft.com/9216428520396831108892305732713431030421*"\n Pattern match: "isdomainmigratedtruewww.msn.com/102589365619231066648306107713431030421*"\n Pattern match: "www.msn.com/"\n Pattern match: "SUIDMmicrosoft.com/9216415271475231030538305717088431030421*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Heuristic match: "nabarun101.github.io"\n Heuristic match: "ka-f.fontawesome.com"\n Heuristic match: "kit.fontawesome.com"\n Pattern match: "https://nabarun101.github.io/Mynetflix/Accept-Language"\n Heuristic match: "GET /Mynetflix/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: nabarun101.github.io"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"'}, {u'category'185.199.111.153
2023-05-12 02:54:29Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://rebrand.ly/altbdsakong', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://rebrand.ly/altbdsakong', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://rebrand.ly/promobdsakong', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://sakong88.cfd/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_3f0_IESQMMUTEX_0_303"\n "IsoScope_3f0_IESQMMUTEX_0_519"\n "IsoScope_3f0_ConnHashTable<1008>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_3f0_IE_EarlyTabStart_0xdc0_Mutex"\n "IsoScope_3f0_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1008"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1008"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.62.177:80"\n "104.21.62.177:443"\n "172.217.12.104:443"\n "104.17.25.14:443"\n "172.67.178.49:443"\n "184.106.10.72:443"\n "142.251.46.174:443"\n "185.199.109.153:443"\n "151.101.24.193:443"\n "142.250.189.234:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sakong88.cfd"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"100tst.sbs"\n "sakong88.cfd"\n "www.livehelpnow.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ve.ca+"&cx=c";Fo()&&(f+="&sign="+ve.Td);var g=Ee||Ge?Eo(b,f):void 0;g||(g=ql("https://","http://",ve.kd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Go(){if(Zh()){return!0}return!1};var Jo=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Ko={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Lo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "require-2.1.15.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "UX285OWR" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\UX285OWR]- [targetUID: 00000000-00002624]\n "~DFF8A3E5E5181D3E63.TMP" has type "data"- Location: [%TEMP%\\~DFF8A3E5E5181D3E63.TMP]- [targetUID: 00000000-00001008]\n "deposit-bg_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] progressive precision 8 1005x274 components 3"- [targetUID: N/A]\n "daftar_1_.png" has type "PNG image data 110 x 44 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "aes-handler_1_.js" has type "UTF-8 Unicode (with BOM) text"- [targetUID: N/A]\n "Q5BD73BH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q5BD73BH.txt]- [targetUID: 00000000-00002624]\n "_74374BB3-BF3B-11ED-9D36-080027B3A16B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "login_1_.png" has type "PNG image data 110 x 44 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "livechat_1_.png" has type "PNG image data 300 x 108 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "analytics_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_73FA66E3-BF3C-11ED-9D36-080027B3A16B_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "slide3_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] progressive precision 8 772x273 components 3"- [targetUID: N/A]\n "AES-3.1.2_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "menu_1_.png" has type "PNG image data 1005 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"sakong88.cfd" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "http://www.w3.org/1999/xhtml"\n Pattern match: "http://schema.org"\n Pattern match: "https://sakong88.cfd/img/assets/image/logo.png"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://sakong88.cfd/"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "v3.1.2code.google.com/p/crypto-js(c)"\n Pattern match: "http://github.com/jrburke/requirejs"\n Pattern match: "https://100tst.sbs/bdsakong/slide1.jpg"\n Pattern match: "https://100tst.sbs/bdsakong/slide2.jpg"\n Pattern match: "https://100tst.sbs/bdsakong/slide3.jpg"\n Pattern match: "https://rebrand.ly/promobdsakong"\n Pattern match: "https://rebrand.ly/web-liga138"\n Pattern match: "https://api.whatsapp.com/send?phone=85569313520"\n Pattern match: "https://t.me/bdsakong"\n Pattern match: "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"\n Pattern match: "https://i.imgur.com/PVD22l6.png"\n Pattern match: "https://rebrand.ly/altbdsakong"\n Pattern match: "https://www.googletagmanager.com/gtag/js?id=UA-110460148-7"\n Pattern match: "www.livehelpnow.net/lhn/widgets/chatbutton/lhnchatbutton-current.min.js"\n Pattern match: ".2.2001229779.1678449772sakong88.cfd/108879072409631166699103678149231019848*_gidGA1.2.1487777423.1678449772sakong88.cfd/1088174468249631020049103709399231019848*"\n Pattern match: ".2.2001229779.1678449772sakong88.cfd/108879072409631166699103678149231019848*_gidGA1.2.1487777423.1678449772sakong88.cfd/1088174468249631020049103709399231019848*_gat_gtag_UA_110460148_71sakong88.cfd/1088163310899231019848103725024231019848*"\n Pattern match: ".2.2001229779.1678449772sakong88.cfd/108879072409631166699103678149231019848*_gidGA1.2.1487777423.1678449772sakong88.cfd/1088174468249631020049103709399231019848*langidsakong88.cfd/1088307940019231093273106244555531019848*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?op(R(c,gaFunctionName)):op();if(pa(k)){var"\n Pattern match: "https185.199.109.153
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0030Nonehttps://pics.battleb0t.xyz/images/jonas.PNGhttps://pics.battleb0t.xyz/
2023-05-12 02:46:49Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonecloudwaysapps.com64.226.81.43
2023-05-12 02:53:06Raw Data from RIRsNoHybrid Analysis4020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66185.199.109.153
2023-05-12 02:54:17Physical LocationNoCensys0040NoneSan Francisco, California, 94107, United States, North America2606:4700:3037::6815:470e
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.156): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D1:54)32.8608, -79.9746
2023-05-12 02:54:00BGP AS MembershipNoCensys0020None13335104.21.6.166
2023-05-12 02:55:21BGP AS MembershipNoCensys0030None14061207.154.228.169
2023-05-12 02:44:24SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Jan 23 21:31:46 2023 GMT Not After : Apr 23 21:31:45 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85: 67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9: c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8: 12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6: c7:25:79:67:99 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA384 30:65:02:30:7d:70:13:0d:8c:86:f5:d2:71:80:52:b0:81:9f: d1:36:dd:fc:cb:3b:22:94:33:e2:be:58:b6:3f:ed:5d:35:71: fe:92:a5:53:e0:f1:36:f0:a2:e7:eb:a2:ad:86:80:be:02:31: 00:b4:75:e4:7e:fc:a0:b6:34:ee:54:89:8a:b5:86:bf:2b:19: a0:d9:77:ee:64:10:e8:70:df:08:20:8e:21:54:dc:0c:9d:83: c5:fb:9a:5e:61:df:01:60:14:be:f2:93:65 battleb0t.xyz
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13334.148.97.127
2023-05-12 02:47:27Open TCP PortNoPulsedive0020None185.199.109.153:80185.199.109.153
2023-05-12 02:53:42Netblock MembershipNoCensys0020None185.199.109.0/24185.199.109.153
2023-05-12 02:45:14Raw Data from RIRsNoipapi.co0020None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3031::6815:6a6', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3030::/46', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}2606:4700:3031::6815:6a6
2023-05-12 03:00:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.49): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:23Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.109.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneaysegul (Net ID: 00:1A:2A:02:80:43)40.2024, 29.0398
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5e4de1db49291f-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.6.166
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.87): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.29): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:53Physical CoordinatesNoAbstractAPI0040None37.751, -97.8222606:4700:3037::6815:470e
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None6562 7451 (Net ID: 00:00:C5:D7:2F:EC)37.780462,-122.390564
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None000hen.github.io185.199.111.153
2023-05-12 02:44:28Affiliate - Internet NameNoDNS Resolver2020Nonefrabjous-lebkuchen-324004.netlify.apppics.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Noneinfoworld (Net ID: 00:02:2D:04:D1:DB)37.780462,-122.390564
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMoneysavingexpert (Category: finance) https://forums.moneysavingexpert.com/profile/loginlogin
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2086172.67.168.252
2023-05-12 02:45:34Name Server (DNS NS Records)NoDNS Raw Records0010Nonedaphne.ns.cloudflare.combattleb0t.xyz
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0020Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-proxy-cache: MISS{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 03:03:41Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io010916hao.github.io
2023-05-12 02:49:43SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:49:55 2023 GMT Not After : Apr 27 17:49:54 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49: 0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3: 37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce: 46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85: 32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc: 8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87: 4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a: b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43: aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15: 3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00: db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c: e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83: 3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5: 60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd: 14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9: ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6: e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9: 68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f: 22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3: 52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9: af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b: 37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c: 9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66: 5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66: 18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae: 0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3: 9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26: 3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96: 24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb: 90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5: 3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d: e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71: 2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7: b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f: 87:9a:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 14:78:89:b1:8a:61:96:a7:ed:ed:6f:79:f8:42:dc:18:11:94: 04:56:a5:c3:80:ee:8b:7d:e8:18:f9:55:d6:f7:cb:22:5f:bd: 89:01:c5:e6:7b:ae:45:c0:ec:56:e5:c2:7d:d1:3d:a3:bc:46: f2:97:64:eb:52:63:74:0b:62:2b:cb:f6:53:e6:8f:96:8f:78: 0e:79:d9:d9:06:eb:13:01:f3:a6:5e:da:6d:b3:53:66:1e:0a: 11:4d:63:47:ed:42:22:0b:9f:52:2c:e1:d2:d2:7f:fc:df:0d: ec:bd:d7:45:bd:1e:e8:50:83:90:59:00:5f:f9:13:d7:1e:8d: 09:80:4c:9f:8f:d6:56:72:42:52:f1:4f:c9:f7:1a:c8:c6:d7: cc:26:6b:04:0a:fd:ec:68:27:dd:6a:5c:a7:6a:ec:f5:60:49: d4:f0:de:24:04:3b:b8:7c:8c:60:f2:a3:cc:8f:46:9a:ab:ff: 28:cf:36:42:ed:1a:c4:05:86:b0:92:1e:51:f1:3e:c1:54:5f: a0:77:3a:81:f2:18:31:c6:f3:7b:7d:43:34:56:f8:32:e5:fc: 0e:7a:dd:40:27:84:9e:db:87:8b:98:6d:7c:97:c3:31:5e:a7: d9:88:62:36:ed:94:00:e5:a5:27:77:53:25:24:2b:3e:9f:cd: c9:43:c1:d8 battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWLAN2 (Net ID: 00:02:44:AF:56:1C)50.1188, 8.6843
2023-05-12 03:32:13Open TCP PortNoPulsedive0030None188.114.97.7:80188.114.97.0/24
2023-05-12 03:24:47CountryNoCountry Name Extractor0030NoneUnited StatesChicago, Illinois, 60666, United States, North America
2023-05-12 03:13:00Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-0-256.github.io] https://www.openphish.com/feed.txt0-0-256.github.io
2023-05-12 02:44:21IPv6 AddressNoDNS Resolver0030None2606:4700:3030::ac43:a8fcnwapi2.battleb0t.xyz
2023-05-12 02:44:18IPv6 AddressNoDNS Resolver0030None2606:4700:3037::6815:470enwapi.battleb0t.xyz
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.109): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:02Vulnerability - CVE MediumYesTool - Retire.js0040NoneCVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 Score: 6.1 Description: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.http://code.jquery.com/jquery-3.2.1.js
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonegrasshopper2 (Net ID: 00:01:38:5A:88:28)37.7813933,-122.3918002
2023-05-12 02:59:53Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.nwapi2.battleb0t.xyz
2023-05-12 02:46:49Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app35.229.48.116
2023-05-12 02:52:43SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 26 02:43:31 2023 GMT Not After : Jul 25 02:43:30 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Apr 26 03:43:31.388 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:43:38:D1:BA:46:EB:FB:AE:E5:0E:F5:96: 0C:2E:94:E5:49:45:23:64:6A:0D:BD:FC:87:A8:B8:00: 87:FD:24:62:02:20:75:87:54:4A:DF:64:4F:88:2E:B1: 25:57:3C:E7:3A:E0:19:3B:72:E0:C9:1A:87:B9:BB:3F: 35:51:E8:55:8F:82 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 26 03:43:31.409 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:5D:9E:62:37:CB:DB:77:1F:86:0C:C3:56: 8B:76:28:CE:A6:09:34:6A:3E:14:48:88:F6:21:96:4B: D9:19:A8:EE:02:21:00:BC:CD:90:3B:08:38:44:A5:BB: D6:38:35:73:D2:AD:F4:37:33:C9:DB:0D:66:F0:E9:9B: ED:6A:44:1F:1B:F5:8E Signature Algorithm: sha256WithRSAEncryption 7c:fa:bc:17:47:a7:e5:00:0d:95:46:f6:aa:b8:5c:00:e2:ec: d7:d1:7a:8b:68:b6:74:b4:92:6d:3d:5e:34:79:68:36:4b:b1: 22:bc:39:10:53:ed:b5:6d:cb:32:be:a6:64:84:36:56:88:b4: 46:53:a9:13:77:42:0f:15:bd:f9:cb:e5:28:5d:fb:7e:a2:45: 2c:88:d0:5e:f0:2b:7e:c6:76:b9:0b:22:71:21:a1:7c:97:5c: 3a:e6:c7:51:0e:74:ba:87:b5:20:a9:b3:67:69:9c:c8:fc:3e: a3:b5:ad:ee:73:7a:3e:e4:18:0a:93:40:47:fa:a9:04:04:e1: f7:88:c4:73:97:3f:0c:9b:41:a3:36:f3:ec:33:03:ab:0c:30: 00:c0:20:bd:7a:4b:9a:0b:2b:5b:6d:f2:ba:7f:cc:e9:7b:ea: fb:92:46:62:0b:ad:ee:b0:ba:89:ac:82:3a:17:07:50:53:81: b3:41:01:ce:5c:08:dd:10:1b:6c:39:d6:14:34:c6:10:a8:c1: d6:c2:f7:02:f7:45:91:38:08:18:a2:cd:a4:11:ec:4f:45:cb: 9e:27:ab:1e:0d:3e:e8:66:62:38:57:e6:40:15:8a:71:ee:e2: dc:77:56:dc:8b:57:bb:4b:a9:03:f5:23:c6:cf:0a:e7:07:60: 58:ae:4b:bd battleb0t.xyz
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Noneart_vacation2.4 (Net ID: 00:01:9F:30:06:78)33.617190550339146,-111.90827887019054
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2083172.67.135.9
2023-05-12 03:01:14Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.130): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0030Nonehttps://funny.battleb0t.xyz/images/kappi_2.pnghttps://funny.battleb0t.xyz/
2023-05-12 02:46:01Physical CoordinatesNoAbstractAPI93030None32.8608, -79.9746104.196.30.220
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomF390F8 (Net ID: 00:0C:F6:F3:90:F8)50.8897, 6.0563
2023-05-12 02:44:07Internet NameNoCertSpotter18010Noneoldfluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:09:38Affiliate - Internet NameNoDNS Resolver0040None107.48.229.35.bc.googleusercontent.com35.229.48.107
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonenocable (Net ID: 00:04:5A:E4:CE:AD)33.336199,-111.89446440830702
2023-05-12 03:18:06URL (Form)NoPage Information0050Nonehttps://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f603759cec44a')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="VxcMRN.Povw0Dqbul8wSiWYYVjQ65KTx3XK5wkMYn5s-1683860053-0-ARNnaczlk3lhWY6ESpfReTjviWNfe6-W-F4EYUMujv5K8wYIHcmyGNVxCdUrRWsobOaE65E16LH7Z5A8l3JcOOwM40OukBYU_NTnKQTXBbuAPfHcavNAVkFXDNA4yBYP_F-doeuxJ1iDDtJRrmlmohTnm9Zwgu_y8a0NK2hiUe5yMvTqp63OLXzd1V9ueCyVeeK1caOtPi7xaty2vJtyZb-cIX-pXe1HjTUlpS2SBgDHLt9Z2nGU34h6kZ0-LrtNlJwHFMEUfGQT7Cu-pfqrhaBF1Rf57tLrkAcE4ToZFW0ZJ0AzVaQzLYE6ZtSIvjdhsInZ4x-0ac4WkaSnH9qLZC0frRaKCRbP1YE5yAsA_V_rAzDvledqs23zFkADyA1JndB-r5YTwGkwDl-BxZREbNktpruk72pVubcgN5obrf6JxTrQq7YBfyWH0u231TmHhalG3kCxQTdf9BBK1RtcvNhrrH01RN3jUXWOknSbzfs0xXZvpHYZ1mrWn-Ojnk9ZjOu2ygM5UtHSoZUS6y_CjRifM_gopebOwo_cedROZOf9quaaEku8SOVh2-a-u3HQqhJrHKvyqASEjXgOG-POuVge4L6xHx2SHahOESPnWqqKrSn9BYMIGELPd8-r-1tIAXEFuooehRGS_FYNDjqh6omsTcRWSr06JGoopCVsOBkATKY4nwfmOjHwATatO_bzDcPIKUDDZxN4trvvcVPNVoHO7Bdkn5nD4MlhG7ULR5m8BGChjHXk7lMQgvxBm1SZz89qexKer_mB3ITW_Ckfp4tPj4-YUwZkcw1lp1dwi32IJwgxwAEQrcGYo7Dftq8CYuStupr8lXKN_XUjGqTozvnpHPRsKR3mpnU05jAAbQN-wTNmylPeMG1Bx9YvJ8-oBs6FOj2g79NCurzx8d8F26PjaGqr-vtP8UKYeQxLAnNdd4Vl3r7Sxgy5_U4ONoKkZLnzYO166hvNojFJrl5f4tJq3L8oaK1eV5U-xpdOk_jlFbI7ZzjrEUv9fZQsj5GaeDY02cHxOh7Nt2nNuGIpJ43yd7IG1NCu_ks7x5I0kfXv5MRuTfiROKF9xzm5F_CKasB2amUWk6rZYcXTrxdif9TD5Sx62vXZQpsnSXx8a6qRdl0hIJb_vmia5qIkaGS9V0c3xjS-IDsjcMXU8HgYzlCX19Zu4ALj-qepP0KcZOXiHhiswQ6RmzSNTHY19R5ZletASbYV_KRC2PP48Hz8WCb-SWTTkcwOaIfpq0-9SsU16FZzuVHDtQR9HgY0pbLMzaxY0s1xIpwF0xudNUa9SsK7hj88CJhBWAgyl0DKCHjlEvVNsM3bMb76uUbrGBKt7Hry85yQS5UEcYp6GIRihakXwCelMLh9b6mQeb34LGhQRPvlmLc3f7j1216yXCSaBd223eCCMmrLoB2g3nLwqwrk_PW2t_XaPAxAsSOOJKzId4VjA2dn6CqsOQIQ1btvcUPfq3OsFea8XgUx2qTK18l8oqMYjxkPX_FOwTDrD8XvSUg990Ur0PezzJ7ZjQhXW2g96qU5HlxCcEgvTZ1Oj8VsRG6KYZKs3liq65P7yZ1Xq0PuWGs5ZH1HZuwe_EUK0ctlgYcA2TZqiqR97ljhOugKeylE_8hYvCH-_EfG3w8eyicUcZHEEbELHsNXehd76Tx3s2-ebSEw5k9zImyOFTenD_lgPbpq7QTz7xoj2el_vnfxew2WRomnN2o-3wrcdpxXZbyRqTVEwh9mt5ldOWHagonTAv_Q_hf6-IdMAwmmBbSh1Hcp5U00qxCfbSDlsw6TbCjryraM_n5MuyIQ3ROmpzau0nYDihwg55Yfm_maTyXQn3EfPcgCTbGbUA-S1IM4kEvznOEUMKan7limYnMnSACdDa6YllLFkTxfyt9PIWPkMFkg4rul1WrPg6PbIgC6s9asfdQz_qx66otvL3jKY2qeghrw_6pmQyfsLCIHyZFw1XaoIueMg-cFKFmIkcBABdWmDDrGq0ut54mYbYK3SFGC_bIHhtVHYt9KTDDqI94HFGgN1Tmq0OS0w3l63uBrjPR2ghPB-fwrkk0mrJ7qhhXURTs1sofuhT9GcdvnMZ1lpgzcElp3IhKAYa_lNxP8ZMf4Q_-TfeYlm0PHPqWivHEqU3GArEQlC_hJ27J0JdZxbF8RZT_qsP9FxBGCfGjgHhGcEmTtiLHMzioIBblPCJ2MJyW1yepTP1gLGj1XQw8vPq1sTASJgCcwQdtLYK1gBygsKJ6y9hq73XXqB7BxmSRGE1412ZH9kqHGFcsBJvpgdfjdZDEcUAbc7eHlE_pUs5mqrXq697Qb125fekHxboBa8kmPIcPQ2ynUBwAN74KYjxXYEmrozv8dkXJqol4LZcUANpwiA11Em8xrLpc2lbtTgwaNEHGyTh_5AUbuVj2YXAm8gMv0JlcPNtTwFxCdA8SE7rXhlJ4zCoy8DSlgGYlbvZ8ijwcet19cfaphrxuan5NDwsNqQSGBQBD2ZBY7HKWcOtfFA0IzjpULqXe_VhCzD0_t3-f5YJ6XZO21"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '16187', cRay: '7c5f603759cec44a', cHash: '5c1bdda96dc3363', cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'HgohT/b1OM4tsUSGEPixuGnvvV+8jkzKLyX45HU4WdoKt1CyoXgioQGLmYcV9DPAxym7ohL+qPU6akoz/3Kv4jDE5qiLpt0g690Z1V0G6KGqGHPkesBGIYJOSkTiujqDpcxocLCBQ79XH7kLAk8OVa7j2xuxhAkf7tykvodsDRO92HgFm6rNoo9Cc4pq9Hw23quQ/Ag/Dw7fHCOPwdkWoIXGKhVsGwr+1oSvb+i62Ffqr2C/t8TudQSZP04EqcjtlKB4l31gRzqm6aULKZZKHQH5dhkngvCigCKNwW3hn9AmxEaT7NKkPj96+xDmNbHesoN2ACk9cb3W/d0YPCDVKR1HT4e51TpStG90quS33mPQQRwHkie3Xs9LUnGj5sG8Duv0tFosQZ0d2HZZW4zbksxXdaP8TmTByfSbYAcfyuU4CzRSX+Y5Rm9J03m+/gTMFWf25epClffMJPvWQuuF8+FuZwLDOXqs2UqxSUCSOXQCyg20Uk8QGVhEnW7SZrLI6C+LyvwhLlehehPxzaKSJs+0ftOeZ0U1P+CWNJ72yzyn1vk/bmC6oIk8nhtMSrxM', t: 'MTY4Mzg2MDA1My42NjAwMDA=', m: 'lfsFj6DGCrI2vGPf6BjuX9qKC3b3WJbZzI/myE7y0Ig=', i1: 'Gu/vYOwR5DI39saTFLv/iA==', i2: 'jBLnZ6zLXxRsowEZI/3brw==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f603759cec44a'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f603759cec44a'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:18:06URL (Form)NoPage Information0040Nonehttps://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6036feab195d')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="xHEPK.9yJ4uMnlaQxqQ03K5Csvr7WqmdHv5Obe9KwF8-1683860053-0-AVLFWFwz5cW9coePC-vcYYHeZXoVyZvPTnO5FSb69_py4IiBnIT69jsbDrQcjp17Zdx1pnQSJS5VK5u2qIZwYpKNdgBE5WortG78wVuw6xpL5WYKY8Pci1GRr-7IBheF2wnVhBXoAAbVv_kvF_G81MlD02OBybPgpztHUD8TsNxjUjxn5wbC4eO6XMoHSPC4tPjeAbdNC_mEhVDvKltWOjEKs7cQGG73dOqgzgZ5u0yyPTVVyh672vGUJchUE-7DlMtIc30cGk9vDedhhqnCEm6pQHqEqKn7E1c0_xe56xpqCOyx0gVIxxZL8ZolJaAY4W4DtMmEP6W2tHpS_rYvBDI9fm43yWOoTbxEvpOBUd21ETXlvv9NENQqsCUvjbm4kjTEkCkt9i7ao6sYMKBDIKOrBrqKSvX_CT_w9eydgmcnRxeGAnGPZ1UUlMCuPuHg11UNYHIqPBTtKLbqJ0CVo0se3b48fGi-sK8cLCpgZLWb2fRokqIeBAyscADBAfixig610ec8NyTnlho4fWsEuVJ8IH0YuFSDI5qB-p_hHDFAgQ4e2o5glLWVxkylixix8LPq3AjtUqJZW7z32u6RcNlBfPCJCrP_P-wzAtCmBv9wwLgJM8s28Fc0U3NqhEI7UzCd5r2rd1L9dZdXgwaESjOHBhuzibRb747KWauMhNoTHcDBBW-Cplvyyky4fhJh4codwoIMSFuB2e8vqSriOeMyuMhff86CdrTUwmJ-MpOwS5b3SzLp4WsUmqgXo5R_Ptn_13EQTYvgg_fn9wQYMVvNul0EzUw-m0dzAaXiayW9ZQRIKrGrxHaH77vlgDYfon_mV1EHNo0mYKenjF4lATYUDXOdsHJGDEb-aoyHMedXT2xjfifF75YrCt7aKEBajKaabeBOm93QKGtGLkUbhjuxR1Cv3fMl-a8Mcq-sqIzDY7Ofms_NojFVCky1MxilEB-pECoh_3dTQi7RdzrUTwf2cZR9T8D8U2K3Gvk8riLAICiz8kZstCExyU1gQxK_8IKsvToQ9RDrd9y9LVAX9qYv3TfadD1EkNEsFVChUuXBIn1vLV2P2GOPSzKbMN6zXhMlaXjRniTwtw6d8mrDXwAGH5ieemrcUb3FjxXespiPiaHaem6NlgnFXh6fqC6miAGPTygfZ8E84F8EVSFKovIkpjZZLkzg9smKqoObMwmWAc8hXyTmDTP1LoHTnasWw3kR_c4rubMdm-bM_qzcdotudBYUrTeL52K6MUKh8U0LXxV1ssRlYQtn51j2ZPTCT_4njX0UJZi7Aqe8bZOIi6YaJ6JVsLLVQlGwMIkxweehKTweGkzepoKrlA3vvzsnIuw6hwdTbMC1ff1nqZDuEXn1iUtY0QVWk3AiHWDwvflyRUhJFVQ_1RWCY6QxNbtBWuOs4Gsp4MKA65Y2bcGJNUQ61JSZsl8YoM493x6bgQq2c1ARXqI8Z_BprKNhAkkBaHzNAZnBx2sKG-aiygeREJS_Y-EXoEZkRsbQX02jydwcJZ3mjFQKdYrYE5cpUbTynwFh1r8orCm-Lgkh_khmNL7q7VDaHkkpQxyvlai7E7fXqkM8fGYOO32gd0hDiIlm85y2e8PdcZwTHglcg5WuEl3dz67kdyLqQrK_w0NhcEVoQlt-w-zjK_ug7gJVFCqVZy6o3CJv3Lkws4Pg2ePLly9U4qZNVRt3zz5hcKoCs-Pa1ZZzJ_Qzb2gSMP3u4cNDexag1H59HlUfcR7rjMJpsPYzqNpSQW3aa4RjeYciW4G4IbxfKJhCeUuFM4E4frBI_2OUYka-3R16-e5B-3ARb0HzAH7oGbA0ldmTnvfk1irgRMe8Dly0jpz5UNRE52UktWtSquB5QC1854VbxxgX4hhaW-nxmTCdOLafGYF1vg8rF-8NC1_FbTKMqIVsNKBWX0k0kJqiJjLCwjxEgXQ0Ze8manGpGGX8Y1qPfnNzHc2wFXLAoenNI_c9mp5k_TulxRQaJau67nLCYZqdFCfQ3OMpvtX4xDex5PrZ9T6mJUZ1nmSTAUixBLPwpRedqy1s01H2wlDBkSOhsj3ve3tA6H7ilQqtLQdfAuHK0_eW1Lnq3yDEyuzONZ1kc6hBMbhcyIePtyej1WeNa25rCw6imHPfgLzKSCX7sag3MiyXZyiVPtZsVrR333h3qptvAltAf6opML25pqpe_uKUHyc688RAlp_EgHCq-Gbx-iN5q2hY5Ny4xRPFJdCIjbFhNtGVw4MmWaJvAiePWPHqtweVVadLDMPlJCf3alqy71aqsxQI2WCWYRD_4Slgey6lOkSSsS-VG0B1_pBFsI7Qoqg4mLVGYQxVgLA66wEWyPhSdzuYryBNRXVwsWkB269be5JcqZIZNgC1b12-boaqHNSrCKMj83nOOm100RSF9-42ajHgNdPc9977LoOsIdA4wiwXyaum_ok5aRH8NPa5DUgCLteaEnABaI691YwS3Yv94Jp3MSd41yoh45wgGe42SPtQxw"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '8897', cRay: '7c5f6036feab195d', cHash: '461a186bf737deb', cUPMDTk: "\/?__cf_chl_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: '2ToLICUBPb7XpOOLU5MHBc4J5yG0oheUGtehN/w3ZVsFmzDAbOvCroJJwwrRkjNV6Tn52KN/9nB7B8sz2NSv9/9dxRAmoEg1HGzmozU2NACMuujm6XlVF5ozcbqn9ZBfwSat/mPFIuXurAISwgnINkk9AtugcpCUQHziQl+hs46Tkaidb6rhmNGYloX58NMp6/dt44yfsmywuLVXcAFkah1saaFWiETNA22oPOLsKwdZLjZF/57cZ6U7IE+U9u08hSy2LwMl1S56XHXIPlPdXyU5wEzETE40l9LPy3liHtZ+0sFpGwOEjIvxrQ5T+yTbOd6FLXQq2biCWHdXzGq4q/Z6wpMSuxwTK5+LQiEDYzatOhFmeim8d5on6i6XRRqVjrZwVw7DnLXOPTyWGBSUGsicd01O/2CEnxT4kImRgcQduMx6bhGCiOWw7czbee4tF0zlsS59dzRB//Ht7dvKhDA88UnMm0xLzbHkJ9p9hx93IVifAjtUzWhW/2Y09mfOKl8wDJzjQdRxKsjlPBcyuT+2r0jZJkNDjSBjms0IuC9kDZ1UDHsrKoZzpFM/Of20', t: 'MTY4Mzg2MDA1My41OTUwMDA=', m: '5/J7gGK8XmEBWkArTjJaJQpVmCj5kenNaxHbI91xZvc=', i1: 'd1xtl4gFAsGt/e5zgSdIvg==', i2: 'L38k4kp9xxsqGxDFehGWAg==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6036feab195d'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6036feab195d'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:59:34SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 19:16:54 2022 GMT Not After : Mar 13 19:16:53 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72: ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02: 41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31: b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d: cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94: 1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8: ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d: 38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8: 2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89: 33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1: 40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70: fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9: 72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4: 6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41: 26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7: 68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03: 83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5: 91:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 76:8a:75:f9:43:a0:e6:61:ea:e3:d4:27:72:39:cb:37:97:94: 6f:0e:14:84:fa:37:4d:a2:29:74:5d:9f:6a:9b:90:69:30:fb: fe:80:38:47:ab:f9:93:8b:07:ed:9c:23:7a:ce:61:de:37:2c: b5:38:61:3d:a2:a5:6a:7f:07:4e:90:cc:90:cb:f2:dc:3b:dd: dc:6e:3d:eb:d5:9b:14:fa:58:fe:7c:53:e1:b8:07:86:02:8a: 6d:b2:53:6a:62:fd:74:1a:77:7e:1a:08:43:f8:18:7a:01:9e: 20:be:c4:45:2e:93:39:21:97:6b:7c:a2:a3:23:1c:fb:d7:fc: ec:c5:e8:7e:b5:d7:d0:a7:3e:34:ed:91:4c:0f:7d:41:20:d6: ae:b8:3c:8e:a2:12:49:dc:0d:d5:4c:94:96:63:8e:08:ef:7b: 64:6f:6d:f3:52:e2:36:f2:d4:c5:56:d5:b4:44:ce:06:c1:8d: 33:fb:3d:55:2f:89:df:1e:0c:e0:e0:b5:24:7c:d7:b7:f3:8a: 0e:7c:13:62:fd:45:98:d9:2b:25:ae:f4:5e:83:23:b0:c0:02: cf:69:26:2e:fd:59:16:e1:d9:9a:02:67:43:02:ef:d7:61:4a: bd:23:13:4e:92:4d:8b:73:c9:d8:47:4a:c4:8f:e1:ca:a1:27: eb:65:50:df ayhu.xyz
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonewebdisk.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1
2023-05-12 02:52:08SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:44:09 2022 GMT Not After : Mar 13 15:44:08 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a: e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b: 2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d: 80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63: d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28: 06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0: 09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7: 79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57: 0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97: a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6: fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3: 69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96: 80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64: 8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94: 42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d: ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff: 0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7: 48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab: 78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44: cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86: 24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e: 70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80: a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0: 36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23: 0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f: ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07: 72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36: 1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f: 13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63: 54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2: e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3: 0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25: 1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35: be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db: 56:15:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 23:97:7b:03:b9:f4:a4:34:12:d3:21:3d:da:44:f5:20:c3:b1: 3b:ac:6b:d9:60:b8:b7:69:bb:7a:12:d5:25:8c:0f:00:de:f7: 36:a4:48:3c:17:0b:8b:18:53:7e:62:90:c7:ad:c4:3d:35:34: 7d:53:88:f9:54:65:04:22:df:53:b4:19:52:e4:bc:5e:0b:03: 2b:1e:62:32:2a:0c:d4:df:76:d7:3c:d0:ee:2e:d6:fe:2e:91: 01:8b:82:92:c3:06:53:df:e0:c5:5e:14:ca:21:52:f8:77:c2: 63:cb:6d:04:c8:e2:63:8d:d8:f2:81:13:be:86:29:78:4d:d3: 15:f3:e6:0d:45:f1:0a:26:81:2a:91:e1:c5:11:de:38:7b:0c: cf:72:df:63:25:33:a6:15:a5:be:c2:1d:86:c1:1d:1c:dc:30: fc:22:c3:9f:a9:fa:7c:dd:a4:c0:3b:50:98:18:64:aa:5a:5b: 60:a4:a5:3e:e0:2c:e4:d0:4b:8a:7e:bc:80:27:a1:5e:d2:25: b1:27:e5:25:2c:1a:a2:db:28:f3:fa:2d:33:78:d3:45:4c:a4: 5f:a1:7f:85:be:04:d2:fe:95:ff:fd:b1:53:9f:47:43:cf:75: 33:c3:8e:7b:1a:d7:d7:ca:fd:b4:9d:e3:3d:6e:15:33:3e:ee: 1e:db:28:8f battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None101 (Net ID: 00:01:03:79:1E:5C)34.0544, -118.244
2023-05-12 03:09:34Affiliate - Internet NameNoDNS Resolver1040None01def.io64.226.81.48
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneswwlan (Net ID: 00:02:2D:18:2C:14)33.6170672,-111.90564645297056
2023-05-12 02:46:49SSL Certificate - Raw DataNoSSL Certificate Analyzer0030NoneCertificate: Data: Version: 3 (0x2) Serial Number: 02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 Validity Not Before: Dec 21 00:00:00 2022 GMT Not After : Jan 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae: cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d: b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88: 23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86: 5a:94:02:42:28 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A X509v3 Subject Key Identifier: 3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F X509v3 Subject Alternative Name: DNS:*.netlify.app, DNS:netlify.app X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Dec 21 09:03:52.902 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB: C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17: 00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58: FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86: 6C:21:15:5D:B2:9C:A1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Dec 21 09:03:52.857 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B: 44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD: 03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D: D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8: 5D:FA:B6:44:79:49:3C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B: 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17 Timestamp : Dec 21 09:03:52.852 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D: 58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23: F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9: 3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8: 4E:E8:E8:BE:9A:FD:22 Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea: 95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e: 80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02: 31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03: ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6: 8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49 35.229.48.116
2023-05-12 02:54:41Open TCP PortNoCensys0030None104.196.30.220:80104.196.30.220
2023-05-12 03:01:29Raw Data from RIRsNoTool - WhatWeb1020None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://fluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://fluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}]fluid.battleb0t.xyz
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Noneinterpals (Category: dating) https://www.interpals.net/ayhuayhu
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.133): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneAllstate 5G (Net ID: 00:02:6F:F8:0A:41)33.6170672,-111.90564645297056
2023-05-12 03:00:37Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@namecheap.comDomain Name: BATTLEBOT.XYZ Registry Domain ID: D199559633-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2022-09-05T15:48:14.0Z Creation Date: 2020-09-07T05:35:36.0Z Registry Expiry Date: 2023-09-07T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant State/Province: Capital Region Registrant Country: IS Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: battlebot.xyz Registry Domain ID: D199559633-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-08-08T05:51:35.56Z Creation Date: 2020-09-07T05:35:36.00Z Registrar Registration Expiration Date: 2023-09-07T23:59:59.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:59:45.60Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-range.github.io185.199.111.153
2023-05-12 03:13:02Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000.github.io] https://www.openphish.com/feed.txt000.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneGOLFNET (Net ID: 00:05:3C:07:87:1A)33.336199,-111.89446440830702
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12934.148.97.127
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneRichA (Net ID: 00:02:6F:8D:88:99)33.336199,-111.89446440830702
2023-05-12 02:54:48Open TCP PortNoCensys0030None34.148.97.127:44334.148.97.127
2023-05-12 02:44:06Internet NameNoCertSpotter37010Nonekekw.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX551548FF6 (Net ID: 00:01:E3:54:8F:F6)52.3759, 4.8975
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneosbridge (Net ID: 00:15:D6:54:08:08)40.2024, 29.0398
2023-05-12 02:54:21HTTP Status CodeNoWeb Spider0130None521vscode.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS (Net ID: 00:00:C5:D7:60:2C)41.8781, -87.6298
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneinternal (Net ID: 00:0C:41:12:D6:E5)33.6170672,-111.90564645297056
2023-05-12 02:45:48Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -87.6298, u'country_code': u'US', u'timezone': {u'abbreviation': u'', u'gmt_offset': u'', u'is_dst': u'', u'name': u'', u'current_time': u''}, u'latitude': 41.8781, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'104.21.6.166', u'continent': u'North America', u'region_iso_code': u'IL'}104.21.6.166
2023-05-12 02:44:24Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.109.153
2023-05-12 03:24:51CountryNoCountry Name Extractor0070NoneIceland Domain Name: NETCRAFT.COM Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-12-07T10:43:50Z Creation Date: 1994-10-18T04:00:00Z Registry Expiry Date: 2026-10-17T04:00:00Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: AUTHNS1.NETCRAFT.COM Name Server: AUTHNS2.NETCRAFT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: netcraft.com Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2020-09-21T12:40:37.88Z Creation Date: 1994-10-18T04:00:00.00Z Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Name Server: authns1.netcraft.com Name Server: authns2.netcraft.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:45:41Physical CoordinatesNoAbstractAPI0020None34.0544, -118.244185.199.110.153
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13434.148.97.127
2023-05-12 03:09:18Vulnerability - GeneralYesTool - Retire.js0040NoneCVE-2018-20676 Score: Unknown Description: Unknownhttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010Nonegiters (Category: coding) https://giters.com/ayshooayshoo
2023-05-12 02:56:39Raw Data from RIRsNoHybrid Analysis0030None{u'count': 22, u'search_terms': [{u'id': u'host', u'value': u'35.229.48.116'}], u'result': [{u'environment_id': 100, u'job_id': u'63b986ad26465530bf3c5b04', u'analysis_start_time': u'2023-01-07 14:50:21', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 0, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'89e65ebf9fe9f36ad886ea2ddd214e008b4eeb7c22ca04209ce7deac981a94a9', u'type': None, u'type_short': u'url', u'size': 86}, {u'environment_id': 100, u'job_id': u'63b92c8657cbe2638645fbb8', u'analysis_start_time': u'2023-01-07 08:25:43', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'4fe7f3926ed2b158addbe63f033c304e862259142b32f200571083f8c1090bb7', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 100, u'job_id': u'63b3fbb4c539537999674635', u'analysis_start_time': u'2023-01-03 09:56:04', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'2ae5b7c90552dc0bfea77a833120647de0ca8b44c885d2e86b08755bfe2b0d49', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 160, u'job_id': u'63b1da6cb79fb1747e53944f', u'analysis_start_time': u'2023-01-01 19:09:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 12, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'e862398af05408b5525884a6662ae362c288705f989b2cd5081292d2da304d80', u'type': None, u'type_short': u'url', u'size': 44}, {u'environment_id': 100, u'job_id': u'63a10361e52f927e9b6ad72e', u'analysis_start_time': u'2022-12-20 00:35:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0436572e0157f3d15b4fa79e524a513056120fb7d03e1c4be18bdbcd56f39aff', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 160, u'job_id': u'63766b07cf04ba1b220d8dc2', u'analysis_start_time': u'2022-11-17 17:10:31', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'550f4c1b7c66a8517e2fb20ccc1c6ecef30f91a48349272d21e14ef78628f8a8', u'type': None, u'type_short': u'url', u'size': 55}, {u'environment_id': 100, u'job_id': u'636ef180d1c9326a4925b600', u'analysis_start_time': u'2022-11-12 01:06:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f2556fc666fab8b0a67e68a03ff96d5347ebdf46fb79425a5c19338fdb8dd50b', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 120, u'job_id': u'636c9fea72902d08670f15f1', u'analysis_start_time': u'2022-11-10 06:53:32', u'vx_family': u'Phishing site', u'av_detect': u'4', u'environment_description': u'Windows 7 64 bit', u'threat_score': 23, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'06e49fbb3c930e8bd8b0d29d4a0c65b34b42f07ba50d749759da507c357cd57a', u'type': None, u'type_short': u'url', u'size': 77}, {u'environment_id': 100, u'job_id': u'63597f52cf986273167b3dec', u'analysis_start_time': u'2022-10-26 18:41:23', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'9b6c767a83ad9e101aab7875c03fef9998ebb634994a68f092455fcef09b37ca', u'type': None, u'type_short': u'url', u'size': 336}, {u'environment_id': 100, u'job_id': u'6356dc85352138257c019e52', u'analysis_start_time': u'2022-10-24 18:42:14', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'dadadaa15e19ef9c2a983600ba16684260f2d8a2ad7abdae5ef4d3720e3f04c1', u'type': None, u'type_short': u'url', u'size': 341}, {u'environment_id': 100, u'job_id': u'6340254340d16e0a2d1801df', u'analysis_start_time': u'2022-10-07 13:10:28', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3915ff7b4886499db28474c559936c4f13989a8c13d55ca8942d98b74060b5bf', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 100, u'job_id': u'633c30aeb54aab03fc436a24', u'analysis_start_time': u'2022-10-04 13:11:00', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8438978d36659fe126de5bdf3ff6506b6bebd65b79dbcdbbe5065d46ba16d3d8', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 120, u'job_id': u'6331078cc06cef77a66ec199', u'analysis_start_time': u'2022-09-26 02:06:11', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 68, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'0186b731d95e1f78a0fb99ab26860d1ebf02a69172fea4abff63ad144a6337e6', u'type': None, u'type_short': u'url', u'size': 46}, {u'environment_id': 100, u'job_id': u'6330fa73468b0c35ca1d3a9d', u'analysis_start_time': u'2022-09-26 01:03:50', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'accc235394b4acee27b8e42680741b4877ea836c33c661627b29cf8bd13f106f', u'type': None, u'type_short': u'url', u'size': 71}, {u'environment_id': 100, u'job_id': u'63292843cc561b278a0caa96', u'analysis_start_time': u'2022-09-20 02:41:07', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 65, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'79c6aa841bf5874b35646cf7f5a083e6887cd50479d71ea9646f728d9c68e9b9', u'type': None, u'type_short': u'url', u'size': 46}, {u'environment_id': 100, u'job_id': u'630c1fdca1db121fef77b765', u'analysis_start_time': u'2022-08-29 02:09:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6b13c22a4e454fe47c4fa9acd4bd8e10514224bc7663c6251b69fd1d650a7795', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 100, u'job_id': u'62fb6612840ec63784115ce2', u'analysis_start_time': u'2022-08-16 09:40:35', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'7df1a40eceecc8b444d042c1ffe4058ab057ba7b8d9023392e6fb5997947e311', u'type': None, u'type_short': u'url', u'size': 50}, {u'environment_id': 100, u'job_id': u'62f5a4518bfb7009a87660a0', u'analysis_start_time': u'2022-08-12 00:52:33', u'vx_family': u'Phishing site', u'av_detect': u'6', u'environment_description': u'Windows 7 32 bit', u'threat_score': 10, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'46e02f3d16603e5230418b021dd86036c13652e45ecaa2cdeb9280bcdefd5d71', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'62ebcf1020213241597b9103', u'analysis_start_time': u'2022-08-04 13:52:17', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2c2d2330c4f28de32b7457f0d5738e086e1fe21b38f44dc0bf301963aac2537d', u'type': None, u'type_short': u'url', u'size': 116}, {u'environment_id': 100, u'job_id': u'62eb1142edfef557984a6458', u'analysis_start_time': u'2022-08-04 00:22:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'b9380c0d5fb860d1b55d8764ccc4ac1c86489a28c0a63f3e01ffd798d9030cec', u'type': None, u'type_short': u'url', u'size': 75}, {u'environment_id': 100, u'job_id': u'62df7746a88af4304c4ab329', u'analysis_start_time': u'2022-07-26 05:19:12', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 29, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'9602d6371d64899a229eb0561ab5fd34b3b0b9b26d204d55960e81d2750de0f0', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 100, u'job_id': u'62df3d0d7dfb34397974c439', u'analysis_start_time': u'2022-07-26 01:02:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 41, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'1be19964b1f53d0263d13c642802d5154e9dcd14fef7264b7b797d81cb3d01f7', u'type': None, u'type_short': u'url', u'size': 81}]}35.229.48.116
2023-05-12 02:52:20SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:18 2022 GMT Not After : Mar 27 01:46:17 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c: 8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e: 94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc: df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39: e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a: 41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c: 4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc: af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76: ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01: 78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa: b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4: 12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55: a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8: d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1: 8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47: e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b: 6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8: 25:d1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 27 02:46:18.221 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:73:56:94:2F:31:A8:B8:1A:98:8B:10:59: F6:53:2E:1E:0E:70:CF:6D:BF:D5:0A:CF:1C:31:3D:5B: 4C:23:37:67:02:21:00:9B:F2:01:A0:12:B4:3C:90:39: EA:84:E4:22:FA:75:BD:A0:C4:ED:89:F2:6C:18:97:FC: B8:F5:F0:56:AE:8E:01 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 27 02:46:18.274 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:05:3B:2E:33:08:22:D3:2E:0C:71:5D:CE: BB:25:C6:58:42:B3:AE:CA:D4:8F:0C:AD:30:6E:E3:A1: 6E:7B:1D:DD:02:21:00:B2:4C:68:98:17:12:76:10:DB: F7:E5:7C:1B:1E:CC:3D:22:69:57:D1:43:50:5C:F3:6B: C4:4A:45:D2:97:77:5D Signature Algorithm: sha256WithRSAEncryption b5:fc:32:be:0b:ef:36:0b:4c:2f:42:14:e0:23:44:71:fe:bb: 33:07:72:8b:73:2a:ff:5f:08:8a:b4:9e:62:31:57:db:a3:8b: f5:eb:48:64:20:6d:a4:a1:01:ca:d1:c5:02:57:6b:fa:f9:2f: 81:b9:22:b3:b6:f7:75:49:42:43:c2:49:2f:7b:79:d9:5f:e2: e1:45:6e:ec:6b:80:ad:7d:c6:5c:28:b1:1a:b9:4e:15:e6:17: ae:e5:e8:ce:6c:bb:82:2d:39:fb:ee:42:88:dd:71:2d:32:a2: 58:59:d5:82:ef:a1:1f:ed:eb:e8:31:65:9c:54:f9:39:7e:04: 23:d4:63:6c:f9:8a:fc:fe:32:6a:54:24:b9:87:53:d3:3a:ad: b3:bc:74:e2:09:7e:05:f6:6a:b2:b2:c9:5d:15:04:56:51:5c: 3a:24:39:1f:c5:f0:1f:67:f8:ff:79:1d:11:62:57:f1:41:b4: c9:fc:7e:59:46:0a:3f:48:58:e0:4d:a6:0a:10:72:2e:ed:1f: b6:1b:19:4d:de:20:09:8c:c8:8c:26:1e:82:7a:3b:88:90:1a: 7c:c4:2b:f0:2f:ca:82:25:42:7e:50:54:62:30:3f:49:63:0c: 7d:f1:3b:f3:90:d8:3c:ee:c3:09:83:3d:a5:08:3a:22:6f:f5: e3:2e:e6:d2 battleb0t.xyz
2023-05-12 03:18:47Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18}https://pics.battleb0t.xyz/images/withat_2.jpg
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneFriendFinder-X (Category: dating) https://www.friendfinder-x.com/profile/ayhuayhu
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c572ccdc9c6e26c-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.71.14
2023-05-12 02:45:07Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8001::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}2606:50c0:8001::153
2023-05-12 02:54:34Software UsedYesCensys0030NoneCloudFlare CloudFlare Load Balancer104.21.71.14
2023-05-12 02:51:28Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://o.length/4-2;var', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-site/resources/image/icons/arrow-forward-boosted-blue.svg);background-position:0;background-repeat:no-repeat;content', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-dependencies.lc-a8a835b60a51c1a16bfe62bc508a0553-lc.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-dependencies.lc-c134f778cda2725b23581fb9bbc5b854-lc.min.css', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-site.lc-bd09710473c40d28e121912e717b2ace-lc.min.css', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-base.lc-bedc8b6f121e0f7199ca3e44738c97cd-lc.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://p.height/2);r&&a.is(r', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://t.duration/o,r=0,l=1,s=i.queue().length;for(!n&&i.is', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-base.lc-f16c560e3c515940ffc44d9c4abc3ec3-lc.min.css', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.bd.com/en-us/products-and-solutions/products/product-families/bd-alaris-guardrails-suite-mx#eifuresources', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_e98_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3736"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e98_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "IsoScope_e98_IE_EarlyTabStart_0xbdc_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e98_ConnHashTable<3736>_HashTable_Mutex"\n "IsoScope_e98_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e98_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"151.101.1.229:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "104.18.11.207:443"\n "104.17.70.206:443"\n "104.19.188.97:443"\n "13.227.74.80:443"\n "185.199.108.153:443"\n "13.227.74.101:443"\n "172.64.144.98:443"\n "23.39.0.132:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accessibilityserver.org"\n "c.go-mpulse.net"\n "cdn.cookielaw.org"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "geolocation.onetrust.com"\n "go.bd.com"\n "malsup.github.io"\n "stackpath.bootstrapcdn.com"\n "tag.demandbase.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a href="https://www.linkedin.com/company/bd1?trk=biz-companies-cym" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/linkedin-black.svg" alt="Linked In" title="Linked In"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "<a href="https://www.facebook.com/BectonDickinsonandCo?ref=bookmarks" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/fb-black.svg" alt="Facebook" title="Facebook"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "<a href="https://twitter.com/BDandCo" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/Twitter-black.svg" alt="Twitter" title="Twitter"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "<a href="https://www.youtube.com/channel/UCPGmutY43EjP_3ijOugNGnA" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/youtube-black.svg" alt="Youtube" title="Youtube"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "* Copyright 2011-2021 Twitter, Inc." (Indicator: "dir "; File: "bootstrap.min_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"error_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 118x118 segment length 16 progressive precision 8 5000x3337 components 3" and extension "jpg"\n "favicon_16_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-8701', u'name': u'Chained signature (with api-8700...). Detects file write then launch as executable', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1574', u'relevance': 8, u'threat_level': 0, u'type': 6, u'description': None}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "error_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 118x118 segment length 16 progressive precision 8 5000x3337 components 3"- [targetUID: N/A]\n "clientlib-site.lc-bd09710473c40d28e121912e717b2ace-lc.min_1_.css" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "index.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "clientlib-site.lc-e51d492d6388e3a14ab136b2a7880775-lc.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "otBannerSdk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery-ui.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "clientlib-base.lc-f16c560e3c515940ffc44d9c4abc3ec3-lc.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FSAlbertPro-Bold_1_.ttf" has type "TrueType Font data 16 tables 1st "GPOS" 30 names Macintosh Copyright (c) 2009 by Fontsmith Ltd. All rights reserved. This font may not be altered in any w"- [targetUID: N/A]\n "forms2.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FSAlbertPro-Light_1_.ttf" has type "TrueType Font data 16 tables 1st "GPOS" 34 names Macintosh Copyright (c) 2009 by Fontsmith Ltd. All rights reserved. This font may not be altered in any w"- [targetUID: N/A]\n "22KRU-FA6KB-X6CHV-34PWY-E76NS_1_.js" has type "C source ASCII text with very long lines"- [targetUID: N/A]\n "FSAlbertPro_1_.ttf" has type "TrueType Font data 16 tables 1st "GPOS" 30 names Macintosh Copyright (c) 2009 by Fontsmith Ltd. All rights reserved. This font may not be altered in any w"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"- [targetUID: N/A]\n "en_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "jquery.lc-7842899024219bcbdb5e72c946870b79-lc.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "raphael-min_1_.j185.199.108.153
2023-05-12 02:46:53Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 23 20:32:58 2023 GMT Not After : Jun 21 20:32:57 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc: 59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01: 7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be: 0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa: 26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8: 92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd: c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed: 95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5: c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4: 72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c: 13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce: 3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6: be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1: ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14: 9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31: 9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02: ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60: db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23: 66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d: 1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29: 9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46: 76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb: 5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2: c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87: 99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1: d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e: cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6: 3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7: 6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e: 4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4: 1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e: 5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40: 7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71: 68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94: 83:4a:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 51:bc:8d:7a:19:49:b5:11:f4:b9:09:41:b5:bf:9e:b6:a0:1f: 30:6c:d0:86:d8:2e:1c:f6:c2:f3:8a:e9:28:07:3c:4c:1b:5d: f4:93:c1:07:2c:53:ba:36:23:93:d1:2b:ae:40:d0:d7:9a:3d: 52:13:07:ac:5a:f9:bc:8e:9a:26:48:2d:63:da:42:87:4d:b8: 79:91:2d:a5:15:c9:8f:18:d0:19:dc:82:a0:c9:2f:ff:14:7f: 6e:d9:7c:10:fd:42:c5:1f:9f:69:db:a2:e3:f6:77:ca:6b:4d: 70:8d:c7:08:12:a2:cb:2b:e2:0f:fa:b5:ad:d0:98:5b:e2:5d: 54:f6:0b:28:1a:42:4d:c5:06:75:82:0f:6a:07:8d:19:7b:08: 12:7b:65:35:ae:e0:fb:30:c6:19:89:90:6c:f3:9f:d1:68:80: fa:bb:16:fe:59:7b:6b:32:af:7b:3b:c0:6b:66:67:55:6e:9c: 27:ae:59:b7:71:9d:56:92:7b:0c:2b:27:d8:38:32:c8:ff:2f: 02:3f:56:f2:68:67:dc:8c:2f:a9:bc:e8:3a:f8:d6:0d:e4:fc: ea:65:23:2c:d6:31:a2:34:ab:8b:fc:76:7c:26:2d:87:ae:ee: a9:61:86:49:d1:02:02:98:49:50:4a:f8:24:91:f5:5d:f3:f7: 98:5f:57:37
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-served-by: cache-ewr18167-EWR{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 03:24:49CountryNoCountry Name Extractor0050NoneCzech Republic Domain Name: DONTKILLMYAPP.COM Registry Domain ID: 2344645406_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ascio.com Registrar URL: http://www.ascio.com Updated Date: 2022-11-24T07:34:59Z Creation Date: 2018-12-19T04:28:10Z Registry Expiry Date: 2023-12-19T04:28:10Z Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA Registrar IANA ID: 106 Registrar Abuse Contact Email: abuse@ascio.com Registrar Abuse Contact Phone: +1.4165350123 Domain Status: ok https://icann.org/epp#ok Name Server: NS.WEDOS.COM Name Server: NS.WEDOS.CZ Name Server: NS.WEDOS.EU Name Server: NS.WEDOS.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:05Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: dontkillmyapp.com Registry Domain ID: 2344645406_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ascio.com Registrar URL: http://www.ascio.com Updated Date: 2022-11-24T07:35:59Z Creation Date: 2018-12-19T00:00:00Z Registrar Registration Expiration Date: 2023-12-19T04:28:10Z Registrar: Ascio Technologies, Inc Registrar IANA ID: 106 Registrar Abuse Contact Email: abuse@ascio.com Registrar Abuse Contact Phone: +44 (20) 81583881 Domain Status: OK https://icann.org/epp#ok Registry Registrant ID: Not Disclosed Registrant Name: Not Disclosed Registrant Organization: Not Disclosed Registrant Street: Not Disclosed Registrant City: Not Disclosed Registrant State/Province: Registrant Postal Code: Not Disclosed Registrant Country: CZ Registrant Phone: Not Disclosed Registrant Phone Ext: Not Disclosed Registrant Fax: Not Disclosed Registrant Fax Ext: Not Disclosed Registrant Email: https://whoiscontact.ascio.com?domainname=dontkillmyapp.com Registry Admin ID: Not Disclosed Admin Name: Not Disclosed Admin Organization: Not Disclosed Admin Street: Not Disclosed Admin City: Not Disclosed Admin State/Province: Not Disclosed Admin Postal Code: Not Disclosed Admin Country: Not Disclosed Admin Phone: Not Disclosed Admin Phone Ext: Not Disclosed Admin Fax: Not Disclosed Admin Fax Ext: Not Disclosed Admin Email: Not Disclosed Registry Tech ID: Not Disclosed Tech Name: Not Disclosed Tech Organization: Not Disclosed Tech Street: Not Disclosed Tech City: Not Disclosed Tech State/Province: Not Disclosed Tech Postal Code: Not Disclosed Tech Country: Not Disclosed Tech Phone: Not Disclosed Tech Phone Ext: Not Disclosed Tech Fax: Not Disclosed Tech Fax Ext: Not Disclosed Tech Email: Not Disclosed Name Server: ns.wedos.net Name Server: ns.wedos.cz Name Server: ns.wedos.eu Name Server: ns.wedos.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: https://icann.org/wicf >>> Last update of WHOIS database: 2023-05-12T03:09:25Z <<< For more information on Whois status codes, please visit https://icann.org/epp The data in Ascio Technologies' WHOIS database is provided by Ascio Technologies for information purposes only. By submitting a WHOIS query, you agree that you will use this data only for lawful purpose. In addition, you agree not to: (a) use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts; or (b) use the data to enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. (c) sell or redistribute the data except insofar as it has been incorporated into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties. Ascio Technologies reserves the right to modify these terms at any time. Ascio Technologies cannot guarantee the accuracy of the data provided. By accessing and using Ascio Technologies WHOIS service, you agree to these terms.
2023-05-12 02:44:18IPv6 AddressNoDNS Resolver0030None2606:4700:3030::ac43:a8fcnwapi.battleb0t.xyz
2023-05-12 03:24:30Affiliate - Company NameNoCompany Name Extractor0070NonePERFECT PRIVACY, LLC Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:40:26Z Creation Date: 2018-06-27T20:51:35Z Registry Expiry Date: 2024-06-27T20:51:35Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:41:04Z Creation Date: 2018-06-27T20:51:35Z Registrar Registration Expiration Date: 2024-06-27T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32256 Registrant Country: US Registrant Phone: +1.5707088622 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Admin ID: Admin Name: PERFECT PRIVACY, LLC Admin Organization: Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Admin City: Jacksonville Admin State/Province: FL Admin Postal Code: 32256 Admin Country: US Admin Phone: +1.5707088622 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Tech ID: Tech Name: PERFECT PRIVACY, LLC Tech Organization: Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Tech City: Jacksonville Tech State/Province: FL Tech Postal Code: 32256 Tech Country: US Tech Phone: +1.5707088622 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned Registrar Abuse Contact Email: domain.operations@web.com Registrar Abuse Contact Phone: +1.8777228662 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en This listing is a Network Solutions Private Registration. Mail correspondence to this address must be sent via USPS Express Mail(TM) or USPS Certified Mail(R); all other mail will not be processed. Be sure to include the registrant's domain name in the address. The data in Networksolutions.com's WHOIS database is provided to you by Networksolutions.com for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. Networksolutions.com makes this information available "as is," and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; or (2) enable high volume, automated, electronic processes that apply to Networksolutions.com (or its systems). The compilation, repackaging, dissemination or other use of this data is expressly prohibited without the prior written consent of Networksolutions.com. Networksolutions.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
2023-05-12 02:53:35Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 872A:0A4B:BBF254:10FE511:645C54E0 Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100052-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683772640.067376,VS0,VE28 Vary: Accept-Encoding X-Fastly-Request-ID: 13b6057c2e99facbd081defdf7bc9d1ff579d6e4 185.199.110.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-ray: 7c5f606c5dec334e-EWR{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2086188.114.97.1
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Noneapple network 06223f (Net ID: 00:02:2D:06:22:3F)34.0544, -118.244
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneKongregate (Category: gaming) https://www.kongregate.com/accounts/loginlogin
2023-05-12 03:18:06URL (Purely Static)NoPage Information0030Nonehttp://nuke.battleb0t.xyz<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>nuke.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:20 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">nuke.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html>
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.9): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:57:34Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.bolomia.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.bolomia.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC089.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.bolomia.com" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.bolomia.com" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e28_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e28_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3624"\n "IsoScope_e28_ConnHashTable<3624>_HashTable_Mutex"\n "IsoScope_e28_IESQMMUTEX_0_303"\n "IsoScope_e28_IESQMMUTEX_0_519"\n "IsoScope_e28_IE_EarlyTabStart_0xd5c_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3624"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.bolomia.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "D44LOOV2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D44LOOV2.txt]- [targetUID: 00000000-00003624]\n Dropped file: "OLGW3LVM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OLGW3LVM.txt]- [targetUID: 00000000-00003624]\n Dropped file: "QN3CBW6Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QN3CBW6Z.txt]- [targetUID: 00000000-00003624]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC088.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpwww.bolomia.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003480]\n "_4C3DCED8-71A5-11ED-9C1B-08002737D871_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "D44LOOV2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D44LOOV2.txt]- [targetUID: 00000000-00003624]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DFF9EB6DC9100DFF38.TMP" has type "data"- Location: [%TEMP%\\~DFF9EB6DC9100DFF38.TMP]- [targetUID: 00000000-00003624]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "OLGW3LVM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OLGW3LVM.txt]- [targetUID: 00000000-00003624]\n "CabC088.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC088.tmp]- [targetUID: 00000000-00003480]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF97F6CEE582564B07.TMP" has type "data"- Location: [%TEMP%\\~DF97F6CEE582564B07.TMP]- [targetUID: 00000000-00003624]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003624]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003480]\n "QN3CBW6Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QN3CBW6Z.txt]- [targetUID: 00000000-00003624]\n "~DF784A20DAD1D5BC00.TMP" has type "data"- Location: [%TEMP%\\~DF784A20DAD1D5BC00.TMP]- [targetUID: 00000000-00003624]\n "XVNE2LAN.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\XVNE2LAN.txt]- [targetUID: 00000000-00003480]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.bolomia.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.bolomia.com/"\n Pattern match: "http://www.bolomia.com"\n Pattern match: "www.bolomia.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'6388fef0bb265f2d7e041e56', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique':34.148.97.127
2023-05-12 03:01:23Web ServerNoTool - WhatWeb0110NoneGitHub.combattleb0t.xyz
2023-05-12 02:53:17IPv6 AddressNoMnemonic PassiveDNS0010None2606:4700:3031::ac43:8709ayhu.xyz
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None172.67.168.252nwapi.battleb0t.xyz
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneDisqus (Category: social) https://disqus.com/by/ayshoo/ayshoo
2023-05-12 02:54:13Web ContentNoWeb Spider2030None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6036feab195d')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="xHEPK.9yJ4uMnlaQxqQ03K5Csvr7WqmdHv5Obe9KwF8-1683860053-0-AVLFWFwz5cW9coePC-vcYYHeZXoVyZvPTnO5FSb69_py4IiBnIT69jsbDrQcjp17Zdx1pnQSJS5VK5u2qIZwYpKNdgBE5WortG78wVuw6xpL5WYKY8Pci1GRr-7IBheF2wnVhBXoAAbVv_kvF_G81MlD02OBybPgpztHUD8TsNxjUjxn5wbC4eO6XMoHSPC4tPjeAbdNC_mEhVDvKltWOjEKs7cQGG73dOqgzgZ5u0yyPTVVyh672vGUJchUE-7DlMtIc30cGk9vDedhhqnCEm6pQHqEqKn7E1c0_xe56xpqCOyx0gVIxxZL8ZolJaAY4W4DtMmEP6W2tHpS_rYvBDI9fm43yWOoTbxEvpOBUd21ETXlvv9NENQqsCUvjbm4kjTEkCkt9i7ao6sYMKBDIKOrBrqKSvX_CT_w9eydgmcnRxeGAnGPZ1UUlMCuPuHg11UNYHIqPBTtKLbqJ0CVo0se3b48fGi-sK8cLCpgZLWb2fRokqIeBAyscADBAfixig610ec8NyTnlho4fWsEuVJ8IH0YuFSDI5qB-p_hHDFAgQ4e2o5glLWVxkylixix8LPq3AjtUqJZW7z32u6RcNlBfPCJCrP_P-wzAtCmBv9wwLgJM8s28Fc0U3NqhEI7UzCd5r2rd1L9dZdXgwaESjOHBhuzibRb747KWauMhNoTHcDBBW-Cplvyyky4fhJh4codwoIMSFuB2e8vqSriOeMyuMhff86CdrTUwmJ-MpOwS5b3SzLp4WsUmqgXo5R_Ptn_13EQTYvgg_fn9wQYMVvNul0EzUw-m0dzAaXiayW9ZQRIKrGrxHaH77vlgDYfon_mV1EHNo0mYKenjF4lATYUDXOdsHJGDEb-aoyHMedXT2xjfifF75YrCt7aKEBajKaabeBOm93QKGtGLkUbhjuxR1Cv3fMl-a8Mcq-sqIzDY7Ofms_NojFVCky1MxilEB-pECoh_3dTQi7RdzrUTwf2cZR9T8D8U2K3Gvk8riLAICiz8kZstCExyU1gQxK_8IKsvToQ9RDrd9y9LVAX9qYv3TfadD1EkNEsFVChUuXBIn1vLV2P2GOPSzKbMN6zXhMlaXjRniTwtw6d8mrDXwAGH5ieemrcUb3FjxXespiPiaHaem6NlgnFXh6fqC6miAGPTygfZ8E84F8EVSFKovIkpjZZLkzg9smKqoObMwmWAc8hXyTmDTP1LoHTnasWw3kR_c4rubMdm-bM_qzcdotudBYUrTeL52K6MUKh8U0LXxV1ssRlYQtn51j2ZPTCT_4njX0UJZi7Aqe8bZOIi6YaJ6JVsLLVQlGwMIkxweehKTweGkzepoKrlA3vvzsnIuw6hwdTbMC1ff1nqZDuEXn1iUtY0QVWk3AiHWDwvflyRUhJFVQ_1RWCY6QxNbtBWuOs4Gsp4MKA65Y2bcGJNUQ61JSZsl8YoM493x6bgQq2c1ARXqI8Z_BprKNhAkkBaHzNAZnBx2sKG-aiygeREJS_Y-EXoEZkRsbQX02jydwcJZ3mjFQKdYrYE5cpUbTynwFh1r8orCm-Lgkh_khmNL7q7VDaHkkpQxyvlai7E7fXqkM8fGYOO32gd0hDiIlm85y2e8PdcZwTHglcg5WuEl3dz67kdyLqQrK_w0NhcEVoQlt-w-zjK_ug7gJVFCqVZy6o3CJv3Lkws4Pg2ePLly9U4qZNVRt3zz5hcKoCs-Pa1ZZzJ_Qzb2gSMP3u4cNDexag1H59HlUfcR7rjMJpsPYzqNpSQW3aa4RjeYciW4G4IbxfKJhCeUuFM4E4frBI_2OUYka-3R16-e5B-3ARb0HzAH7oGbA0ldmTnvfk1irgRMe8Dly0jpz5UNRE52UktWtSquB5QC1854VbxxgX4hhaW-nxmTCdOLafGYF1vg8rF-8NC1_FbTKMqIVsNKBWX0k0kJqiJjLCwjxEgXQ0Ze8manGpGGX8Y1qPfnNzHc2wFXLAoenNI_c9mp5k_TulxRQaJau67nLCYZqdFCfQ3OMpvtX4xDex5PrZ9T6mJUZ1nmSTAUixBLPwpRedqy1s01H2wlDBkSOhsj3ve3tA6H7ilQqtLQdfAuHK0_eW1Lnq3yDEyuzONZ1kc6hBMbhcyIePtyej1WeNa25rCw6imHPfgLzKSCX7sag3MiyXZyiVPtZsVrR333h3qptvAltAf6opML25pqpe_uKUHyc688RAlp_EgHCq-Gbx-iN5q2hY5Ny4xRPFJdCIjbFhNtGVw4MmWaJvAiePWPHqtweVVadLDMPlJCf3alqy71aqsxQI2WCWYRD_4Slgey6lOkSSsS-VG0B1_pBFsI7Qoqg4mLVGYQxVgLA66wEWyPhSdzuYryBNRXVwsWkB269be5JcqZIZNgC1b12-boaqHNSrCKMj83nOOm100RSF9-42ajHgNdPc9977LoOsIdA4wiwXyaum_ok5aRH8NPa5DUgCLteaEnABaI691YwS3Yv94Jp3MSd41yoh45wgGe42SPtQxw"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '8897', cRay: '7c5f6036feab195d', cHash: '461a186bf737deb', cUPMDTk: "\/?__cf_chl_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: '2ToLICUBPb7XpOOLU5MHBc4J5yG0oheUGtehN/w3ZVsFmzDAbOvCroJJwwrRkjNV6Tn52KN/9nB7B8sz2NSv9/9dxRAmoEg1HGzmozU2NACMuujm6XlVF5ozcbqn9ZBfwSat/mPFIuXurAISwgnINkk9AtugcpCUQHziQl+hs46Tkaidb6rhmNGYloX58NMp6/dt44yfsmywuLVXcAFkah1saaFWiETNA22oPOLsKwdZLjZF/57cZ6U7IE+U9u08hSy2LwMl1S56XHXIPlPdXyU5wEzETE40l9LPy3liHtZ+0sFpGwOEjIvxrQ5T+yTbOd6FLXQq2biCWHdXzGq4q/Z6wpMSuxwTK5+LQiEDYzatOhFmeim8d5on6i6XRRqVjrZwVw7DnLXOPTyWGBSUGsicd01O/2CEnxT4kImRgcQduMx6bhGCiOWw7czbee4tF0zlsS59dzRB//Ht7dvKhDA88UnMm0xLzbHkJ9p9hx93IVifAjtUzWhW/2Y09mfOKl8wDJzjQdRxKsjlPBcyuT+2r0jZJkNDjSBjms0IuC9kDZ1UDHsrKoZzpFM/Of20', t: 'MTY4Mzg2MDA1My41OTUwMDA=', m: '5/J7gGK8XmEBWkArTjJaJQpVmCj5kenNaxHbI91xZvc=', i1: 'd1xtl4gFAsGt/e5zgSdIvg==', i2: 'L38k4kp9xxsqGxDFehGWAg==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6036feab195d'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6036feab195d'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None2WIRE522 (Net ID: 00:01:E6:93:CB:2D)37.7813933,-122.3918002
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneW4B3P<]00D^20&51%1C35&6H'%***%Ph (Net ID: 00:06:66:2A:52:5E)33.617190550339146,-111.90827887019054
2023-05-12 02:55:15HTTP HeadersNoCensys0030None{"_encoding": {"Set_Cookie": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Set_Cookie": ["XSRF-TOKEN=eyJpdiI6IkpHMTdmeTU3ZDYwZnVJOEZ6K1lCMmc9PSIsInZhbHVlIjoiMXA0Z1VsZWxwK2dDVkY4Sk1IWVdXKzNzaU8zM1VPcytNUE9HZEtmVkpmY0tRQ3BMczIyMjR4ZU9VWFdDRTRVNG94cU5KbXFkdnA3L3dVdEo3cy9YYTgvOWdtdHpISktCOWlOa0UrWG1LZWtPL1lVWHFsOEhhRjFaZ3dYZDZiU2siLCJtYWMiOiJiYzUwNmFjZjdkMzVlMzczZWI5YTJmMzM4NWFhOGYwYTA0Y2VkNmJlZWI5YmZhODViNDMwMjNjYTY5NjI1NWIyIiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; samesite=lax", "laravel_session=eyJpdiI6ImdUVzFCME5hTHdVNjIvVHBRWjNUU2c9PSIsInZhbHVlIjoiaThZSTFKV29BNjc2ekZNZVRHdkNXTXJvVlVOZCtNemFRSlo4RFlXZ0lZR1pyV1FwMmp4K2ZmLzdmUEtBM0JTTjNTQmhnNG9uVlhabFJkUklRRkhVZmkrbVlnb1BZelR2K1VLNUkxdUhQL1d6bFBpSFk0QUJ4TzNDcjA5ZktLcjYiLCJtYWMiOiIxNzk1Nzg4OTNkYWJhNjk4NzRmM2E4Njc4ZDY3ZWE2M2Y2YzQxZTIxMTZjODQ2OTZiMDdmNWE1OGJjY2YyNzc0IiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax"], "Server": ["nginx/1.18.0 (Ubuntu)"], "Connection": ["keep-alive"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, private"]}165.232.113.85
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-l.github.io] https://www.openphish.com/feed.txt0-l.github.io
2023-05-12 03:03:17Internet NameNoDNS Resolver0020Nonewww.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.178): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:23Web ContentNoWeb Spider3040None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '15631', cRay: '7c5f6071cb5443bc', cHash: '381065269fdd378', cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv', t: 'MTY4Mzg2MDA2My4wMDEwMDA=', m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=', i1: 'MsbaNnnSVdv9s0jxu/qFPg==', i2: 'D5L567ziFL3S1185dlxV3g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU
2023-05-12 03:38:35Blacklisted Affiliate IP AddressYesUCEPROTECT0040NoneUCEPROTECT - Level 2 (some false positives) (46.101.229.63)46.101.229.63
2023-05-12 03:43:57URL (Form)NoPage Information0050Nonehttps://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5a3bb81a1b')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="e35Zj8G5BDk9XldXhqgKMMl4m4jJjyX9hPpRt8lgb3o-1683861861-0-AeRvD12zRrpKT1Vj_NZpuXTYPY0T_C-IsEnAR9u2dCvcdsLy9Sv3iw7wV_fgwkqNl3iHxdj5qFwNZJL3xkB-iwW9vjUdMNxMyhnqv8JlscfNtie9SAcppGbOk7uCBiZIQLa1SBVNw6UUv-_a_FXFD2296FJ4KrNIS6arC6VFPDD30uM_354WVFgyW4mKtrSpYK5InwieJ1Vkv6ZxoCDhBRMhNxgPpigNP0QmWXw8y1_k8lflCwo_Q9K8uZ_qtQFf0Gfd14ZLuORqP0m48rgXZsNXk2d82Mm2SMemmjVviG7PuPUL1CbnB3WfSK2OQGeY4U-Gy7kSdq7i3_ymV00fkl4RBJdkPDOtsR2eeN44cG0QzvhUzJu9a18Wx-JBgeMkCDDp2c6FvebNEOQydvCZrys93XZSGdta0GBiBfCz0DM6AFXJXoguOORHg7MOd62eoxeeua6hY1HFOifFbgHz4R4_F4geEyT8xPiS9kLqmv-8Tv9wFT23J38aRv3VS8KGL7JX_pO7KJv7qjQiIN2XDIN1kP01EuKi5fpoFbmvumK_aQpspEPJd-oYkv6g3z8upJ_i8gMQOJzdPMV462qdkEt72KoSPvIxKpy4bKNXJwJjWy3MhsDm6o8-oFAI7dOznlN5m1idwbZgvsnclXbdkqJhXPQYzxjKdzlT7hyQKmtmMash-U3aTKSIpDEKkTstu-cs5rTf__9DuNB2pVPrKXIFuY7EwlrjB6j_0UJKavfBfT6h3NsKR3qKMg-rGVo2RSQdsEOud7Hh5F0cMs0nCAAWGTq86XwfC81O29W1K2i6OalWYJiW61x1Nv_qs72KoX0_Mpn3amoMA5KS1vGI6mPUPMiOwHSI0cRgqEERjtVjkE3-TwMesGkKvz-Aw2gGE9OL21frfN9JEzkR172OTICxrUfc7caDwzr9D9_NePtArl9cLDKFHEvxIxzgioPuODDLvyAfvi0dPWiWhMq7WkvCuoWovUiUA253wYEf7M9x4gD8lnc3kaUCBX9tFmIajIXhsaHhaKh_ysHvt7SDv4HQuHFmdW_PTHj46eP5odywpuZGDTSuWK7SWH7u71n7C_Ae4KUmVvgKAwroZ_dlv8I2ROpq-QoxjIwoWtmm2DsGljOITbn0msRXnKPyZMK8B7bxqx0Tk0lwfAxw5qFIfx9cKTkyEKNgMaJHKVRsdCxtQMpTYYbYCTs7ecYaFA-cfa8pDUJO-vS3eg6mjgEiRw-8bm1dPWtPUv2T1GYeSsTkWX7p26b8BfAn4XpyF65-516ZnQxFqk_LYA1aiczQzQWdLb1NuFpyAlTJVRij048j5uSY5WFvTrmsh7xjoZ2Z46DkwHtY4crfRZm3SD6Mg_03vOiI68rC6vzz6BqdsamaXqvoFcnUbGnDDjkCNPCk0I7LyG6AFbm_EwgFVB9gZOJPVWeWKxdCcEWIQQOyO_AqVnN-wyzH0S5fWbIjXusPp_qMzz38MsJyGlFbc7GOuh6S4SdpuQewqWPsqFDGHPGtQUEKXIDpP7weMLUYzqItqb4vPv3n4sxn1GsE-qNs3lpwxVrc1SL_ssnb3-_jfGgVSpkOmJliBGGmoH-AatJn35K3t_jno9HyCYJLmz1rZkbI33XoOACdRBNvladuDXSHE4m8J_n-NLMdDcqru4xU65kcr9OibRXR4hHHwc3rYYFV9kMj9KFuctQB10AWFL0_n3yW8Zlh4cik5rYLuGKboFr2i4pY9ykLSq7sms7Qe3oXXbRcmeWxKtL0NlB6gk_PWz-AAqtF3sr5sdva-7sRfyfrgrQxpiH5_wMb5DPqczx1O37xCMTLyF6YhMXn4ABmLQ-mt-EMWYX-tkGM85skgM2leXXJlv6HTAp-riDNoZ3OMVT4KeKIc6AIi8pOLxrJ9jD5oVgtqxZff2ZqlinhLXHPSVtkPU-H6FAHinPrzSf3uH_Q3H0UuvzybBwb61Kz9xfOtHBkP2nWMCU86xpSbO4c6VIi3roOnQLOncMey4LehldRzG60kvAcLOIIzsotkC6A0TzBdXW6h8WnOc98kvqVlyyluYDZoGL2sgBQP5iT8LeZ1GiKa6nuzXWAIZArCXDfvtsaNftRUiJODl-iLsalLmXB287qXlXnC-Sqn-VkYBIG1c0SYjAXzvc-MH1JJfTmtb7X2x-mXdkkqwoy16YRiEGxdDA84vt_3-1PJIVkwQFdJL01areTvrgmeIqm94L-DFciyanQyUBPitgHcxMUsm51YpB6KDWM18BLL4ehHRO7XO7TX_IIKdZiHbwQcPJ8FX04IKxS2S5Y3q_h8S65tynRA7TtY9YDIyDgHWfsgLSoL1L6GRBWm_cX_GqkdNtINyYbvrEjvcbcBhRdYEvzv7ySe_t5eEL9DPxXMRgGUTSk5GXudJNBbnpRMcYsT7qBIns8TOaWZIAFXnDbumx2Yzf2QUY6Xnq_tYLe1hwa_1BstafWXYwwQNC50mTlgJK1S5YWtg1SKoybbC9x5fcZ1N-_oCRgLtaxFqIZMUnOoV0u2hpdcXGPpNrOH3SR"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '70037', cRay: '7c5f8c5a3bb81a1b', cHash: '1cbb584e4678a4a', cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'QLdIKmVk90yEleUYFE8hq2th+l+jM4Uner6m/PqgQtgOm/j9Wu0B6Nwve/VIS31m9W0lb1V8I9RlPI3LD6ZpGikA+cl1xSe9juPQwbg/Khf2e9vfPpLKN0X7UvbusnivZuKA6TGjro8M7MljUWp3taWc0NTFEoxbvZYXtf23gnOsGXD0P3fio4y3xX1t0tyqoIYWkX6yVqHvCXS1I5Mc00CNY00FBcI/7efFMNVH6yXhbtO4DyojjSzFMA05WgLv1NMq/SwjeKgTF2UQjV1ScyP6xlwF4X/SOwW0/jc9ATHtwcZox/DXcQhTbYvzRGwtclm7F8sB4NPhEbop1gXy97S6V5xE84j90At9GihMuWgC3j9pOQviCNo3sewEE1wcCPBex3qLyb9lbO0GI3TZ/lO3ce3eYjSncgsTFzLP72SeeH7Cmkp5RZNQKUNY6KsNqv0SoqAADgpekKlGL1tqVOG6O7u3V3DisK9MR45AkotpTXq8Qr9XZQjfqaCO5Yfbn8lV1zfjI7l05/9wUrB6DYoT7pc7b3AgDm+BZdc44QE9FZKV/xPKQptYvP3Z+ZLT', t: 'MTY4Mzg2MTg2MS40NzgwMDA=', m: 'l9x6fYD43AkOSli+eEX3TiMPXRiBndCq0G/Dpt1PKp4=', i1: 'nuJed/J938+IZsnq9K0k2g==', i2: 'LCpeQRd016F0btwfkm2M8w==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5a3bb81a1b'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5a3bb81a1b'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010Nonegiters (Category: coding) https://giters.com/Battleb0tBattleb0t
2023-05-12 03:17:44Account on External SiteNoAccount Finder0010NoneMCName (Minecraft) (Category: gaming) https://mcname.info/en/search?q=_BattleB0t__BattleB0t_
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneInterwrx2 (Net ID: 00:02:2D:A8:80:99)33.617190550339146,-111.90827887019054
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0066cc.github.io] https://www.openphish.com/feed.txt0066cc.github.io
2023-05-12 03:01:51Open TCP PortNoPulsedive0030None185.199.110.154:80185.199.110.0/24
2023-05-12 03:03:25Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0000cap.github.io
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2082188.114.96.1
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneVipAdsl (Net ID: 00:14:C1:39:05:41)40.2024, 29.0398
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonedvdbeyond (Net ID: 00:01:24:F2:B3:12)37.780462,-122.390564
2023-05-12 03:09:47Affiliate - Internet NameNoDNS Resolver0040None68.170.74.34.bc.googleusercontent.com34.74.170.68
2023-05-12 03:18:00Malicious IP on Same SubnetYesCINS Army List0040Nonecinsscore.com [46.101.128.0/17] http://cinsscore.com/list/ci-badguys.txt46.101.128.0/17
2023-05-12 02:45:35Raw DNS RecordsNoDNS Raw Records0020Nonewww.battleb0t.xyz. 244 IN CNAME battleb0t.github.io.www.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneTOMTSSID (Net ID: 00:02:2D:39:9C:50)50.1188, 8.6843
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneJupiter (Net ID: 00:02:2D:66:D2:47)50.1188, 8.6843
2023-05-12 03:15:46UsernameNoAccount Finder2010Nonepatrick.pogodaPatrick Pogoda
2023-05-12 02:54:08Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://saranyakharidas.github.io/netflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://saranyakharidas.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3260"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_IE_EarlyTabStart_0xfe8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_ConnHashTable<3260>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_cbc_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "header-image_1_.png" has type "PNG image data 1920 x 1080 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-4_1_.png" has type "PNG image data 737 x 553 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-1_1_.png" has type "PNG image data 762 x 572 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-3_1_.png" has type "PNG image data 771 x 565 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-2_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFE5BD9B4EBBF926BD.TMP" has type "data"- Location: [%TEMP%\\~DFE5BD9B4EBBF926BD.TMP]- [targetUID: 00000000-00003260]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003260]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF597AB91525A4227D.TMP" has type "data"- Location: [%TEMP%\\~DF597AB91525A4227D.TMP]- [targetUID: 00000000-00003260]\n "~DF6FD83128DC293791.TMP" has type "data"- Location: [%TEMP%\\~DF6FD83128DC293791.TMP]- [targetUID: 00000000-00003260]\n "~DFBFBD8694A9325E58.TMP" has type "data"- Location: [%TEMP%\\~DFBFBD8694A9325E58.TMP]- [targetUID: 00000000-00003260]\n "~DFE4FEDDD5CB7A4BC1.TMP" has type "data"- Location: [%TEMP%\\~DFE4FEDDD5CB7A4BC1.TMP]- [targetUID: 00000000-00003260]\n "logo_1_.png" has type "PNG image data 300 x 81 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "RecoveryStore._6CB82DCF-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F4C4AB8E-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_753E039C-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6CB82DD1-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://saranyakharidas.github.io/netflix/"\n Pattern match: "https://saranyakharidas.github.io"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025398951411231060253186993650831024027*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUIDB331E24F2502163E33EAE361751A562BBieonline.microsoft.com/9216309609459231102498186665525831024027*"\n Pattern match: "SUIDMmicrosoft.com/9216296360537631024144186649900831024027*MUID331E24F2502163E33EAE361751A562BBmicrosoft.com/1025309609459231102498186665525831024027*_EDGE_V1microsoft.com/9216309609459231102498186681150831024027*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216296360537631024144186649900831024027*MUID331E24F2502163E33EAE361751A562BBmicrosoft.com/1025309609459231102498186665525831024027*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216296360537631024144186649900831024027*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUID24D9837EE44A60A413E9919BE5CE61B0msn.com/1025309609459231102498187009275831024027*"\n Pattern match: "https://saranyakharidas.github.io/netflix/Accept-Language"\n Pattern match: "iz.qgyu/\ufffd\ufffd\ufffd\ufffd\ufffd!O\ufffdq\u0696"\n Heuristic match: "aranyakharidas.github.io"\n Pattern match: "saranyakharidas.github.io/netflix/"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc.dll/Error_ServiceInfo.htm\'res://wmploc.dll/Offline_InfoCenter.htm&res://wmploc.dll/Offline_AlbumInfo.htm"\n Pattern match: "wmploc.dll/Service_NoFunc.htm%res://wmploc.dll/Service_No_Local.htm"\n Pattern match: "wmploc.dll/RT_IMAGE/ServiceLarge.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png"\n Pattern match: "wmploc.dll/Blocked_AlbumInfo.htm&res://wmploc.dll/Blocked_AlbumInfo.htm,http://go.microsoft.com/fwlink/?LinkId=70183\'res://wmploc.dll/offline_radioguide.htm"\n Pattern match: "http://images.metaservices.microsoft.com/cover/6http://redir.metaservices.microsoft.com/redir/buynow/"\n Pattern match: "redir.metaservices.microsoft.com/dvdcover/P"\n Pattern match: "http://redir.metaservices.microsoft.com/redir/buynow/"\n Pattern match: "http://windowsmedia.com/redir/findmedia.asp"\n Pattern match: "redir.metaservices.microsoft.com/redir/getmdrdvd/"\n Pattern match: "redir.metaservices.microsoft.com/redir/getmdrcd/?Bhttp://redir.metaservices.microsoft.com/redir/getmdrcdbackground/??http://redir.metaservices.microsoft.com/redir/getmdrcdposturl/?Ihttp://redir.metaservices.microsoft.com/redir/getmdrcdposturlbackground/?=h"\n Pattern match: "redir.metaservices.microsoft.com/redir/submittoc/?-http://windowsmedia.com/redir/QueryTOCExt.asp1res://wmploc.dll/Offline_MediaInfo_NowPlaying.htm7http://redir.metaservices.microsoft.com/redir/buynowmg/,http://windowsmedia.com/redir/buyticket9.asp"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=321507Optimized"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=8792"\n Pattern match: "http://redir.metaservices.microsoft.com/redir/mediaguide/?9http://redir.metaservices.microsoft.com/redir/radiotuner/,http://windowsmedia.com/redir/QueryTOCNP.asp#Show"\n Pattern match: "http://windowsmedia.com/re185.199.109.153
2023-05-12 02:46:49Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app104.196.30.220
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneEminent Ellen (Net ID: 00:14:5C:85:89:DC)50.8897, 6.0563
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.172): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:13IP AddressNoDNS Resolver106010None185.199.108.153battleb0t.xyz
2023-05-12 03:32:40Open TCP PortNoPulsedive0030None188.114.97.20:8443188.114.97.0/24
2023-05-12 03:32:17Open TCP PortNoPulsedive0030None188.114.97.9:8080188.114.97.0/24
2023-05-12 02:53:25IP AddressNoMnemonic PassiveDNS0020None104.21.71.14www.battleb0t.xyz
2023-05-12 02:50:17Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'MSG-857488.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar8DEB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar8E0C.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c08_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c08_IE_EarlyTabStart_0xbf8_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c08_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3080"\n "UpdatingNewTabPageData"\n "IsoScope_c08_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c08_ConnHashTable<3080>_HashTable_Mutex"\n "IsoScope_c08_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3080"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "104.22.58.100:443"\n "13.35.125.82:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "C4Z44RUD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C4Z44RUD.txt]- [targetUID: 00000000-00003080]\n Dropped file: "H6ZVHMSK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H6ZVHMSK.txt]- [targetUID: 00000000-00003080]\n Dropped file: "FM8F0076.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FM8F0076.txt]- [targetUID: 00000000-00003080]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab8E0B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003080]\n "Tar8DEB.tmp" has type "data"- Location: [%TEMP%\\Tar8DEB.tmp]- [targetUID: 00000000-00003320]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003320]\n "zepto.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003080]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00003080]\n "RecoveryStore._93FBEEE7-A204-11ED-A02A-080027908816_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003080]\n "_A22FD108-A204-11ED-A02A-080027908816_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003080]\n "C4Z44RUD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C4Z44RUD.txt]- [targetUID: 00000000-00003080]\n "~DF47C0C7E8E4881443.TMP" has type "data"- Location: [%TEMP%\\~DF47C0C7E8E4881443.TMP]- [targetUID: 00000000-00003080]\n "H6ZVHMSK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H6ZVHMSK.txt]- [targetUID: 00000000-00003080]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003080]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003320]\n "FM8F0076.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FM8F0076.txt]- [targetUID: 00000000-00003080]\n "Tar8E0C.tmp" has type "data"- Location: [%TEMP%\\Tar8E0C.tmp]- [targetUID: 00000000-00003320]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00003080]\n "~DFEC0F2E68E5E272C6.TMP" has type "data"- Location: [%TEMP%\\~DFEC0F2E68E5E272C6.TMP]- [targetUID: 00000000-00003080]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003080]\n "Cab8E0B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab8E0B.tmp]- [targetUID: 00000000-00003320]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003080]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003320]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u185.199.110.153
2023-05-12 02:54:16Web Content TypeNoWeb Spider0040Noneapplication/javascripthttps://oldfluid.battleb0t.xyz/./script.js
2023-05-12 03:09:06Affiliate - IP AddressNoDNS Look-aside1030None165.232.113.82165.232.113.85
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2096172.67.168.252
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneParadiso Films - NL (Net ID: 00:01:21:31:1A:1A)52.3759, 4.8975
2023-05-12 02:52:59Raw Data from RIRsNoHybrid Analysis0020None{u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.109.153'}], u'result': [{u'environment_id': 160, u'job_id': u'645b6155a80cd0e0770f030b', u'analysis_start_time': u'2023-05-10 09:18:14', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6bb814d0675cd82e209cedb343425178e414f7dda68e799a8ce54849de914e9d', u'type': None, u'type_short': u'url', u'size': 115}, {u'environment_id': 100, u'job_id': u'645a1880d8c2eb0ad2084a9c', u'analysis_start_time': u'2023-05-09 09:55:12', u'vx_family': None, u'av_detect': u'13', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8d28d09db6f9b971dafb711d5d2e21e039d7e81e034a39169ce61ad566889661', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 100, u'job_id': u'6459d9402c433ca0470186e3', u'analysis_start_time': u'2023-05-09 05:25:21', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ed04b7f222a527b1e85f9babecb3fab554ff7283a593f47833548c431796ae72', u'type': None, u'type_short': u'url', u'size': 87}, {u'environment_id': 110, u'job_id': u'6457d1ac915e31239c0ed46d', u'analysis_start_time': u'2023-05-07 16:28:29', u'vx_family': u'Phishing site', u'av_detect': u'37', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6e596e1e4603bdc574bee547a3b38fedb41edc17ed085b4427a227ecb1371f38', u'type': None, u'type_short': u'url', u'size': 127}, {u'environment_id': 100, u'job_id': u'6455db89a38a0819380cd1e8', u'analysis_start_time': u'2023-05-06 04:46:02', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'63273b57b45d033047835de89bbd71ba014495b8b2a1928350903b52872c5dac', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 110, u'job_id': u'6455b9dd4be7eda3b4051287', u'analysis_start_time': u'2023-05-06 02:22:22', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'3bcef8455f2d32e5ceabf1fe3ddf35ab0e4117f859394b3a6d2bfe7f5b2d5704', u'type': None, u'type_short': u'url', u'size': 70}, {u'environment_id': 160, u'job_id': u'6455656ab722d8f30408b04a', u'analysis_start_time': u'2023-05-05 20:22:03', u'vx_family': u'Malware.Generic', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'rufus-4.0p.exe', u'sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'type': None, u'type_short': u'64-bit exe', u'size': 1411144}, {u'environment_id': 160, u'job_id': u'64553526c1df1981aa02d9f2', u'analysis_start_time': u'2023-05-05 16:56:07', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'd8003cba1611b5cddce1700ade1d891193616df21b3cc73b4392d74f5ada921f', u'type': None, u'type_short': u'url', u'size': 81}, {u'environment_id': 110, u'job_id': u'6452f656b12b66922008c49e', u'analysis_start_time': u'2023-05-04 00:03:35', u'vx_family': u'Phishing site', u'av_detect': u'75', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'c1b0ccb36d7647d1b7621e60ed076d884365d92684abefad050cd75e9beecc45', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 110, u'job_id': u'6451a0cf79687fd6000a89f8', u'analysis_start_time': u'2023-05-02 23:46:23', u'vx_family': u'Phishing site', u'av_detect': u'72', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'4b4f047cb451367a5e10020c362772951184dee4d25f848faf5019cac33ea02c', u'type': None, u'type_short': u'url', u'size': 65}, {u'environment_id': 100, u'job_id': u'6449514fdc084f44d70fb8e9', u'analysis_start_time': u'2023-04-26 16:29:04', u'vx_family': None, u'av_detect': u'64', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'464628d70f99d6b99af52fe9e8a6b50c99daff897554106627d1879b5cefcc31', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'6448ee799fb7bce1140d1c06', u'analysis_start_time': u'2023-04-26 09:27:22', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'4cc12dd870b3f87e4f84f7cfb62e90dcf84d879150c8c56c2175d2eee94c075a', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 110, u'job_id': u'644698ebdea01fcc9b066285', u'analysis_start_time': u'2023-04-24 14:57:48', u'vx_family': u'Phishing site', u'av_detect': u'57', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'21ddab683366fce20c7a4a6b5372ccaec820bb33c9f6e0cbacd401e383b7981d', u'type': None, u'type_short': u'url', u'size': 71}, {u'environment_id': 100, u'job_id': u'643d5b962f8adb3969023bca', u'analysis_start_time': u'2023-04-17 14:45:43', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'faca7f991fbbc10ff6964ff2eb9314423171085118dcbfadeae6540b9a6c99e7', u'type': None, u'type_short': u'url', u'size': 635}, {u'environment_id': 100, u'job_id': u'643d5b9347bc24ef1706f172', u'analysis_start_time': u'2023-04-17 14:45:40', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'98f13f00bb30ace7e8ec5fc02c9a511c73719c34c2712ab4672f8f855d8f08aa', u'type': None, u'type_short': u'url', u'size': 631}, {u'environment_id': 160, u'job_id': u'643a0b6da0d638ec8e00c871', u'analysis_start_time': u'2023-04-15 02:26:53', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'1d0b2aa237378a01bbd09ffc1f482f8d311377ae1be8aa9954493f45cede5f3c', u'type': None, u'type_short': u'url', u'size': 125}, {u'environment_id': 100, u'job_id': u'6439f6717279c1209302f8d4', u'analysis_start_time': u'2023-04-15 00:57:22', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'622abf0777296535ee60d5a9c2299aa7730c75bb2544fd263030e36362d0f9f9', u'type': None, u'type_short': u'url', u'size': 217}, {u'environment_id': 160, u'job_id': u'6436d314383b2e50b20a01ba', u'analysis_start_time': u'2023-04-12 15:49:41', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'dc28bb880bca9b10afe9f098c9ce1add9535187a6066020e48e1e45d60f8ece8', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 110, u'job_id': u'6433cf55dc8eb5150c0012e8', u'analysis_start_time': u'2023-04-10 08:56:54', u'vx_family': u'Malicious site', u'av_detect': u'31', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'3ec2c8794f43ce84b17062c4ea4b2bd9e69bd847febf7370813e29eaff498bb3', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 120, u'job_id': u'642d780eb081708a1d0cd972', u'analysis_start_time': u'2023-04-05 13:30:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'd84ad76dbc17dc4539d49469071a2427b7e79fdc246d68b969e9de0d1e855535', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 120, u'job_id': u'642d77c048c27e508a04f41c', u'analysis_start_time': u'2023-04-05 13:42:20', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f8888b6fa1427ba3882de44e533fed25e64f7f76af4d032bc1a8856df7bb161b', u'type': None, u'type_short': u'url', u'size': 75}, {u'environment_id': 120, u'job_id': u'642c565f0903ac1a7e0630d5', u'analysis_start_time': u'2023-04-04 16:54:55', u'vx_family': None, u'av_detect': u'13', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2736da0d2e6b42450c8f4a2bb43fc84eacd77047980b6252652cb66e5cd9f203', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 120, u'job_id': u'6428c1465d9fb656e706f782', u'analysis_start_time': u'2023-04-01 23:41:59', u'vx_family': u'Malware.Generic', u'av_detect': u'1', u'environment_description': u'Windows 7 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'Tibia maps installer.exe', u'sha256': u'7fa4a84c46cff66e49b60e7fce7ab800e3990dbc29eb1ebb116576150a7c2d24', u'type': None, u'type_short': u'exe', u'size': 154868}, {u'environment_id': 110, u'job_id': u'64269b25d440fc6f8f10333c', u'analysis_start_time': u'2023-03-31 08:34:46', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_sco185.199.109.153
2023-05-12 03:33:10IP AddressNoDNS Resolver30020None45.131.109.53vm.battleb0t.xyz
2023-05-12 02:54:10Open TCP PortNoCensys0020None2606:4700:3031::6815:6a6:802606:4700:3031::6815:6a6
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:1D:7E:37:25:D8)32.8608, -79.9746
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NonePikatel (Net ID: 00:08:5C:FA:52:87)40.2024, 29.0398
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCableWiFi (Net ID: 00:0D:67:8C:21:B3)39.0469, -77.4903
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 172.67.135.9
2023-05-12 03:24:21Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8https://ayhu.xyz/lol.html
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [malsup.github.io] https://www.openphish.com/feed.txtmalsup.github.io
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.152): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneCollaborative innovation network - Collaborative innovation is a process in which multiple players contribute towards creating new products with customers and suppliers.cdn-185-199-111-153.github.com
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneBarnes (Net ID: 00:06:25:FE:DD:85)33.336199,-111.89446440830702
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.232): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:45:19Raw Data from RIRsNoipapi.co0040None{u'region_code': u'VA', u'country_tld': u'.us', u'ip': u'2600:1f18:2489:8200::c8', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'Ashburn', u'network': u'2600:1f18::/33', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 39.0469, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'AMAZON-AES', u'postal': u'20149', u'asn': u'AS14618', u'country': u'US', u'region': u'Virginia', u'longitude': -77.4903, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}2600:1f18:2489:8200::c8
2023-05-12 03:03:30Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0067ed.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:FA:75:55)33.6170672,-111.90564645297056
2023-05-12 03:09:12Affiliate - IP AddressNoDNS Look-aside2030None207.154.228.159207.154.228.169
2023-05-12 03:31:31Affiliate - Email AddressNoE-Mail Address Extractor0070None098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Domain Name: TELLERIA.COM Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T18:34:23Z Registry Expiry Date: 2023-08-11T18:34:23Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-222-C.GANDI.NET Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: telleria.com Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T16:34:23Z Registrar Registration Expiration Date: 2023-08-11T18:34:23Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: CodeSyntax Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Marcajes Telleria S.L. Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: ES Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET Name Server: NS-222-C.GANDI.NET Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: http://www.codesyntax.com/ Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/
2023-05-12 02:44:08Internet NameNoCertSpotter19110Nonenuke.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:41:52Open TCP PortNoCensys0030None45.131.109.53:4700145.131.109.53
2023-05-12 02:53:07Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://funny.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]funny.battleb0t.xyz
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007sair.github.io] https://www.openphish.com/feed.txt007sair.github.io
2023-05-12 03:03:23Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00.github.io
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080NoneTwitter (Category: social) https://twitter.com/baptistevautheybaptistevauthey
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 03:43:01 2023 GMT Not After : Jul 23 03:43:00 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78: 80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3: 3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f: 0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca: 83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd: bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e: 97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13: 69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39: 20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52: 01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51: 3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a: 29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0: 67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b: 4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11: bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06: 09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50: 68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25: 6b:ff Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 24 04:43:01.703 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:B5:F3:29:BD:A0:20:09:5F:ED:BA:FE: 7D:4D:29:A6:16:28:D4:3D:6D:9D:84:56:4B:24:03:17: F8:9F:1F:43:94:02:20:37:6C:63:6A:C8:C5:31:F7:F8: 33:84:21:F6:22:36:21:51:10:1E:BA:F6:84:58:81:0F: 85:70:0D:79:E6:82:79 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Apr 24 04:43:01.703 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:3C:77:99:EE:DE:DA:A2:24:43:1C:AD:EC: 69:6F:50:53:78:A5:D6:06:2E:44:C5:18:AE:9E:8D:2C: AE:F9:60:A7:02:20:7C:67:55:E9:15:15:6F:0B:C0:6C: 03:77:3B:85:8A:11:43:C9:26:F4:1A:B8:01:95:2B:3D: D3:07:79:D2:22:0E Signature Algorithm: sha256WithRSAEncryption 0c:76:65:e5:fc:42:37:1e:b5:d9:a4:86:ff:e5:cd:2e:ec:b9: 8b:1a:2f:85:2b:80:24:2f:8a:38:f7:2f:90:da:4b:59:72:ac: 50:00:d6:f8:be:ee:24:3b:97:1d:9e:48:b2:ab:16:91:7b:75: 8f:65:64:9a:36:23:e5:c7:78:a7:ca:89:1e:c3:f6:bc:f0:7a: 00:a4:96:0d:2f:d5:7c:15:b8:30:04:f0:6e:7a:7a:c2:72:48: 1b:96:01:fb:1c:d6:83:0a:db:4d:dd:29:ab:01:f5:bb:4a:29: 4c:39:51:33:13:62:6b:bf:71:ac:1a:0c:bd:96:7a:89:44:b0: a2:59:75:22:e1:9f:be:29:7e:a6:58:6f:00:c7:ed:a0:96:03: 62:21:81:04:3c:b2:c5:64:f6:c6:bf:6d:dc:6c:2b:eb:42:0d: 12:26:44:7a:6c:18:03:83:8a:20:96:54:35:04:94:b3:1c:97: ef:43:37:f9:66:94:3d:0c:c6:25:ff:59:cf:19:e0:84:45:73: 0c:a3:7b:29:a2:ae:7b:74:86:0e:3b:cb:c9:a4:5d:a4:7c:ff: 46:b0:a1:64:c6:83:24:a3:95:75:fa:60:2b:1c:df:c0:09:f6: 0a:8b:24:73:9a:7e:de:fe:0d:e4:ae:f5:fc:b8:f6:0c:9f:a5: 7e:82:4c:c8 battleb0t.xyz
2023-05-12 03:08:35Affiliate - IP AddressNoDNS Look-aside1020None185.199.111.154185.199.111.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonehackerearth (Category: coding) https://www.hackerearth.com/@loginlogin
2023-05-12 03:24:51CountryNoCountry Name Extractor0070NoneUnited States Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-09-16T17:34:41Z Creation Date: 2014-07-15T10:59:40Z Registry Expiry Date: 2023-07-15T10:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-07-16T08:59:21Z Creation Date: 2014-07-15T05:59:40Z Registrar Registration Expiration Date: 2023-07-15T05:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:45:54SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 18:58:42 2023 GMT Not After : Apr 2 18:58:41 2023 GMT Subject: CN=teamcity.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14: 5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b: 41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b: 33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24: ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01: 86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a: 0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a: 65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c: 6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17: e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6: 98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8: 23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab: 09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a: c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d: d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98: 24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6: 92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04: 34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91: 0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09: 06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a: 1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f: 89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff: 51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d: f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98: 01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0: 57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e: ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11: 80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a: 7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03: 7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47: 4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d: bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d: be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33: 70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58: 32:f9:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:teamcity.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 27:d3:d1:3f:37:d1:a6:d4:dd:5d:21:63:b2:ea:b4:66:27:a6: fc:15:e2:cd:f0:1a:81:1d:a4:76:d3:26:d6:1f:73:ac:91:e9: 1b:30:5e:03:57:a4:78:5c:1c:9b:32:48:a5:13:6e:fe:4d:2c: ca:7f:a2:ec:c6:08:67:8d:10:3f:b8:48:53:9b:ab:31:8a:39: 5b:be:de:39:48:27:70:4b:53:85:35:c6:dd:69:ba:94:7b:fe: 33:d6:dc:3e:93:fb:07:c5:1d:2d:db:7b:81:84:0d:f1:31:75: 81:6c:52:e8:a4:f2:94:95:1d:51:50:82:97:37:d5:63:3a:17: d6:47:90:48:19:2f:01:55:5c:4e:50:b0:6b:36:d6:b3:1f:43: 62:1c:b5:b3:7c:5c:47:78:0f:ba:ae:0b:44:f3:88:f9:26:67: 58:1c:81:8c:05:40:88:56:f9:30:44:64:32:06:0f:52:c3:de: 74:23:e1:51:9e:b3:c2:ea:ae:7b:71:42:02:db:c3:89:ea:af: b4:cd:24:fe:07:e3:e4:d4:76:9d:9d:ea:3f:83:76:ca:50:69: 73:c4:c1:63:b7:2e:f4:26:47:bc:f1:48:fa:81:d9:4e:df:bc: 18:e1:6a:4b:93:17:ed:e0:1a:a0:b0:88:53:7e:d3:8b:c4:7a: 7e:4b:d4:44 battleb0t.xyz
2023-05-12 03:23:29Open TCP PortNoPulsedive0030None188.114.96.10:8443188.114.96.0/24
2023-05-12 02:49:06Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:6664:120:WilError_01"\n "Local\\SM0:7604:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7604:120:WilError_01"\n "Local\\SM0:7604:120:WilError_01"\n "Local\\SM0:6664:304:WilStaging_02"\n "SM0:6664:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:6664:304:WilStaging_02"\n "Local\\SM0:6664:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6664:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.217.12.97:443"\n "185.199.110.153:443"\n "69.16.175.10:443"\n "172.217.164.99:443"\n "142.250.191.78:443"\n "142.251.46.170:443"\n "172.217.12.99:443"\n "209.94.90.1:443"\n "142.251.214.142:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeibeavvyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi.ipfs.dweb.link"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00006664]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\edge_driver.js]- [targetUID: 00000000-00006664]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006664]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 97180"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "GIF image data version 89a 64 x 64"- [targetUID: N/A]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.8\\edge_autofill_field_data.json]- [targetUID: 00000000-00006664]\n "7a1fdcd3-4d20-482f-8d7a-33c2f9952216.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7a1fdcd3-4d20-482f-8d7a-33c2f9952216.tmp]- [targetUID: 00000000-00006664]\n "f_00023d" has type "Web Open Font Format (Version 2) TrueType length 71896 version 4.393"- [targetUID: N/A]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6664_267374355\\product_page.js]- [targetUID: 00000000-00006664]\n "edge_autofill_global_block_list.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.8\\edge_autofill_global_block_list.json]- [targetUID: 00000000-00006664]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.6\\deny_domains.list]- [targetUID: 00000000-00006664]\n "9a3a6287a4dba55d_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9a3a6287a4dba55d_0]- [targetUID: 00000000-00006664]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\manifest.json]- [targetUID: 00000000-00006664]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00001600]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2023.3.1\\crl-set]- [targetUID: 00000000-00006664]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006664]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\\6664_267374355\\manifest.fingerprint]- [targetUID: 00000000-00006664]\n "873647c0-9469-42e0-97e2-a93757408a94.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\873647c0-9469-42e0-97e2-a93757408a94.tmp]- [targetUID: 00000000-00006664]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00006664]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "Math.PI/180"\n Pattern match: "https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"\n Pattern match: "vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp"\n Pattern match: "https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-lin"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.191.78"\n "UDP connection to 172.217.164.99"\n "UDP connection to 142.251.46.170"\n "UDP connection to 142.251.214.142"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\edge_driver.js]- [targetUID: 00000000-00006664]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6664_267374355\\product_page.js]- [targetUID: 00000000-00006664]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\6664_1337468108\\adblock_snippet.js]- [targetUID: 00000000-00006664]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\shopping.js]- [targetUID: 00000000-00006664]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6664_267374355\\shoppingfre.js]- [targetUID: 00000000-00006664]\n "edge_checkout_page_validator.js" has type "Unknown"- Location: [%TEMP%\\6664_267374355\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006664]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\6664_267374355\\edge_tracking_page_validator.js]- [targetUID: 00000000-00006664]\n "auto_185.199.110.153
2023-05-12 02:54:20Open TCP PortNoCensys0040None2600:1f18:2489:8200::c8:802600:1f18:2489:8200::c8
2023-05-12 03:33:48Raw File Meta DataNoBinary String Extractor0040None"Exif 8Photoshop 3.0 mntrRGB XYZ acspAPPL -appl 0cprt Pwtpt chad gTRC mluc 3mluc 2XYZ 5CrOZpRG? rE8d0'8 hl1b1 GJ2W< zkHdm J\pwt P49$v O.D.> Kn8lR 2N001 OpXSw 1r0zb H@?6> Oe!Cg' H8?J ' >\aO4 z98brzQ AP0Gzz ?n@Rq "d!8? ixnGn8 lSr:w nAcJ3 GoZg E<nNq sGpXt NGjTD 7OOZR !$pGZs R>oJ 3pzTy Jv 8<c 60??JX <t5 < zzSYA`G NE\m PCu5.A '4aKp Z@Nzd ?JL.>f Fp9?Zv W!NiH .Fpy wjaq9 Tl em SHp8n J@7.I9 Ip2zs zx?6 RJ7'9 rO85/ 7OOSM JFI$n <coz\ E<d1`8 ?7_J: zdsFGZ M8p9< OcHWw !FOZj iUW$w JOBFir1 @8cns pVV!O f?7nq@ h- R6q Uo1pFq !8<.GJ :Tch t zR>aQ rA \`rO? d7JBX/ J:mpI q@99' R0E7p$ 8cRm` cm?n@ `YppqG 946p:` O!@ r r?1@1 O8nFzw iBG_Zj ORE' m vFGqM SBnn1 NGoaN pNO4https://pics.battleb0t.xyz/images/withat_3.jpg
2023-05-12 02:58:47Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DbXlldW5nQHRlc2xhLmNvbQ%3D%3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_IE_EarlyTabStart_0xc84_Mutex"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.214.28.209:443"\n "65.8.165.51:80"\n "65.8.165.104:80"\n "65.8.165.23:80"\n "65.8.165.88:80"\n "34.74.170.74:443"\n "65.8.158.81:443"\n "142.251.211.227:443"\n "142.250.217.106:443"\n "142.251.211.227:80"\n "142.251.215.227:443"\n "52.95.155.94:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"jsv3.recruitics.com"\n "o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "ocsp.pki.goog"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "H97NHH5Q.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H97NHH5Q.txt]- [targetUID: 00000000-00001020]\n Dropped file: "LQDJU2M7.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LQDJU2M7.txt]- [targetUID: 00000000-00001020]\n Dropped file: "DYMZMYB9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DYMZMYB9.txt]- [targetUID: 00000000-00003024]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_DF18B54C-3E77-11ED-BA58-0800272A2F3E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "www.recaptcha_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E]- [targetUID: 00000000-00003024]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001020]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003024]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003024]\n "H97NHH5Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H97NHH5Q.txt]- [targetUID: 00000000-00001020]\n "~DF1E50A457EB0DA7FD.TMP" has type "data"- Location: [%TEMP%\\~DF1E50A457EB0DA7FD.TMP]- [targetUID: 00000000-00001020]\n "E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8]- [targetUID: 00000000-00003024]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001020]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003024]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003024]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001020]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DbXlldW5nQHRlc2xhLmNvbQ%3D%3D"\n Pattern match: "https://jsv3.recruitics.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Heuristic match: "ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAcWfhO7yUD4HiZydfoHjso%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEASVeeR7RvTclo39SniAB8E%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n Heuristic match: "jsv3.recruitics.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': No34.74.170.74
2023-05-12 03:09:00Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.9587.248.157.102
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=nuke.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:12:10Affiliate Description - AbstractNoDuckDuckGo0050NoneNetcraft is an Internet services company based in Bath, Somerset, England. The company provides cybercrime disruption services across a range of industries.baffin.netcraft.com
2023-05-12 02:54:18Linked URL - ExternalNoWeb Spider0030Nonehttps://use.fontawesome.com/9dfc16ed6b.jshttps://pics.battleb0t.xyz/
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:24:F0:36:D7)34.0544, -118.244
2023-05-12 02:46:30Physical LocationNoMetaDefender0030NoneNorth Charleston, United States35.229.48.116
2023-05-12 02:55:20Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://sable.madmimi.com/c/350165?id=104678088.24978.1.0781e25dd519058dcc1e324360776227', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"198.71.248.145:443"\n "35.162.153.72:443"\n "142.250.188.10:443"\n "13.227.74.13:443"\n "52.0.34.104:443"\n "151.139.128.10:443"\n "52.92.176.144:443"\n "104.17.24.14:443"\n "185.199.109.153:443"\n "104.37.183.1:443"\n "142.251.46.163:443"\n "142.250.188.3:443"\n "91.199.212.148:443"\n "142.251.32.46:443"\n "5.101.71.73:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"addtocalendar.com"\n "cdnjs.cloudflare.com"\n "code.jivosite.com"\n "images.dmca.com"\n "sable.madmimi.com"\n "secure.comodo.com"\n "secure.trust-provider.com"\n "www.audiocompliance.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC3B6.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3576"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_IE_EarlyTabStart_0xab8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_ConnHashTable<3576>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_df8_IESQMMUTEX_0_519"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC3A5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC3B5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "bootstrap-side-notes_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "Finance__Tax_Payroll_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1867x719 components 3"- [targetUID: N/A]\n "landingv4_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002452]\n "DMCA_logo-grn-btn120w_1_.png" has type "PNG image data 120 x 43 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "atc-style-glow-orange_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "S6u9w4BMUTPHh6UVSwiPHw_1_.woff" has type "Web Open Font Format TrueType length 28044 version 1.1"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVsEpbCIPrc_1_.woff" has type "Web Open Font Format TrueType length 26196 version 1.1"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "cart-banner2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 96x96 segment length 16 Exif Standard: [TIFF image data little-endian direntries=4 xresolution=62 yresolution=70 resolutionunit=2] baseline precision 8 480x150 components 3"- [targetUID: N/A]\n "footer-logo_1_.png" has type "PNG image data 250 x 85 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "S6uyw4BMUTPHjx4wWA_1_.woff" has type "Web Open Font Format TrueType length 28648 version 1.1"- [targetUID: N/A]\n "jquery.form_1_.js" has type "ASCII text"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "elastic_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "_6B71C3D0-ADBF-11ED-8536-0800272665FE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Dayna_J_1_._Reum" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 75" baseline precision 8 200x200 components 3"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25916 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /c/350165?id=104678088.24978.1.0781e25dd519058dcc1e324360776227 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sable.madmimi.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 302 Found\nContent-Length: 0\nConnection: keep-alive\nStatus: 302 Found\nLocation: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nDate: Thu, 16 Feb 2023 07:01:48 GMT\nX-Powered-By: Phusion Passenger(R) Enterprise 6.0.17\nServer: nginx + Phusion Passenger(R) 6.0.17"\n "GET /assets/theme/css/bootstrap.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.audiocompliance.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ci_session=55c28468f424e1f17699dfeae68cdc12972c9404"\n "GET /product/ac/form-941-compliance-2022 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.audiocompliance.com"\n "GET /assets/theme/css/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.audiocompliance.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ci_session=55c28468f424e1f17699dfeae68cdc12972c9404"\n "GET /assets/theme/css/swiper.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.audiocompliance.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ci_session=55c28468f424e1f17699dfeae68cdc12972c9404"\n "HTTP/1.1 200 OK\nServer: nginx/185.199.109.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonere927421 (Net ID: 00:02:8A:40:D2:92)33.336199,-111.89446440830702
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneDPRWirelessScottsdale (Net ID: 00:02:6F:FD:3F:B2)33.6170672,-111.90564645297056
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:46587.248.157.102
2023-05-12 02:44:13Co-Hosted SiteNoSSL Certificate Analyzer0120Nonegithubusercontent.comwww.battleb0t.xyz
2023-05-12 02:54:18Linked URL - ExternalNoWeb Spider0030Nonehttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.csshttps://pics.battleb0t.xyz/
2023-05-12 03:24:49CountryNoCountry Name Extractor0050NoneTurkey Domain Name: KEYUBU.NET Registry Domain ID: 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registry Expiry Date: 2024-07-31T21:39:25Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: ok https://icann.org/epp#ok Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.NET Registry Domain ID : 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registrar Registration Expiration Date: 2024-07-31T21:39:25Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: ok http://www.icann.org/epp#OK Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneE-A (Net ID: 00:14:C1:05:69:7C)40.2024, 29.0398
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007.github.io] https://www.openphish.com/feed.txt007.github.io
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.85): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 104.21.6.166
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneBadazz-net (Net ID: 00:14:5C:88:1A:C4)50.8897, 6.0563
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:17Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.111.153
2023-05-12 03:16:23Physical LocationNoipapi.co1020NoneAmsterdam, North Holland, NH, Netherlands, NL188.114.96.1
2023-05-12 02:54:38BGP AS MembershipNoCensys0030None13335172.67.168.252
2023-05-12 03:24:29Company NameNoCompany Name Extractor0040NoneNetlify\, IncC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.1): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None2WIRE623 (Net ID: 00:00:85:F5:03:9F)37.780462,-122.390564
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter2010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 15 23:40:10 2023 GMT Not After : Jun 13 23:40:09 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90: 49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84: 18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef: 4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34: 46:4c:ee:fd:f2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 16 00:40:11.019 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27: 6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89: 64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31: 95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D: 6E:F8:5C:00:34:71:DB Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 16 00:40:11.009 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60: 05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21: 8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A: 31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4: 4B:2C:3E:84:83:8A:4F Signature Algorithm: sha256WithRSAEncryption 78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0: 19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77: d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d: be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b: 01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5: 3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13: 67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f: fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4: c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18: 9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4: 36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03: b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a: 86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61: 74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9: a0:e1:79:05 battleb0t.xyz
2023-05-12 02:44:30Internet NameNoDNS Resolver1020Nonefunny.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomC8B210 (Net ID: 00:0C:F6:C8:B2:10)50.8897, 6.0563
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.138): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:23Raw Data from RIRsNoTool - WhatWeb0010None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://battleb0t.xyz', u'http_status': 301, u'plugins': {u'Via-Proxy': {u'string': [u'1.1 varnish']}, u'HTTPServer': {u'string': [u'GitHub.com']}, u'RedirectLocation': {u'string': [u'https://battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'x-github-request-id,x-served-by,x-cache-hits,x-timer,x-fastly-request-id']}, u'IP': {u'string': [u'185.199.109.153']}, u'Title': {u'string': [u'301 Moved Permanently']}}}, {}]battleb0t.xyz
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NoneNetlifyfunny.battleb0t.xyz
2023-05-12 03:01:10Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.121): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:23Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'bounty-92442219031035527', u'signatures': [], u'threat_level': 2, u'size': 1419336, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'ac2a1743bbfc19268c36280b50a003366d41854863d4808099cd87f77fa5f433', u'sha512': u'e273fdf72f1e793f0e64d4f3e1a806ab4ef5a8ad408ba7ae3c2b076ac23bbd1b9119523cafeb5e192434a0f346295466fc22237ed2126ed8e55e0f8da6d242d9', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'645d3ce2af7b0ff2260e5236', u'created_at': u'2023-05-11T19:07:14+00:00', u'filename': u'bounty-90327936975996565'}, {u'url': None, u'submission_id': u'645a116ce5c0a446340055ff', u'created_at': u'2023-05-09T09:25:00+00:00', u'filename': u'bounty-39937054808366222'}, {u'url': None, u'submission_id': u'645a116b8df30921840aa091', u'created_at': u'2023-05-09T09:24:59+00:00', u'filename': u'bounty-560768034402953'}, {u'url': None, u'submission_id': u'644d33e57683d791910db8fd', u'created_at': u'2023-04-29T15:12:37+00:00', u'filename': u'bounty-29178209918618665'}, {u'url': None, u'submission_id': u'644d33d56c17eff7d8016bf3', u'created_at': u'2023-04-29T15:12:21+00:00', u'filename': u'bounty-82711745860172702'}, {u'url': None, u'submission_id': u'644cddb7bb622c5f61019549', u'created_at': u'2023-04-29T09:04:55+00:00', u'filename': u'bounty-21770663952260623'}, {u'url': None, u'submission_id': u'64469d8b5cbe8e496109f46d', u'created_at': u'2023-04-24T15:17:31+00:00', u'filename': u'rufus-3.22.exe'}, {u'url': None, u'submission_id': u'642ccd07ae9486a8b0093780', u'created_at': u'2023-04-05T01:21:11+00:00', u'filename': u'bounty-92500669916413772'}, {u'url': None, u'submission_id': u'642ccd05dbb8e3e14b0f62a6', u'created_at': u'2023-04-05T01:21:09+00:00', u'filename': u'bounty-92442219031035527'}], u'analysis_start_time': u'2023-04-05T01:21:09+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'f3a93569ce2aa9409e2ffba3d7edb4db', u'network_mode': u'default', u'processes': [], u'sha1': u'f68e9d61523742e40ff2760972feb40286bdef55', u'url_analysis': False, u'type': u'PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': 4, u'submit_name': u'rufus-3.22.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function address', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.22.exe" called "GetProcAddress" with a parameter BufferedPaintUnInit (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter ImmGetContext (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter ImmReleaseContext (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter GetThemeTextExtent (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter AcquireSRWLockExclusive (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter ReleaseSRWLockExclusive (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter RegisterTraceGuidsW (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter OpenThreadToken (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter OpenProcessToken (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter AllocateAndInitializeSid (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter CheckTokenMembership (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter FreeSid (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetCrackUrlA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetConnectA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetReadFile (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetCloseHandle (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter HttpOpenRequestA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter HttpSendRequestA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter HttpQueryInfoA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00003036)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.22.exe" loaded module "COMCTL32.DLL" at base 73b70000\n "rufus-3.22.exe" loaded module "API-MS-WIN-DOWNLEVEL-ADVAPI32-L1-1-0.DLL" at base 74dc0000\n "rufus-3.22.exe" loaded module "WININET" at base 754d0000\n "rufus-3.22.exe" loaded module "KERNEL32.DLL" at base 76f60000\n "rufus-3.22.exe" loaded module "ADVAPI32.DLL" at base 76b50000\n "rufus-3.22.exe" loaded module "COMDLG32.DLL" at base 75780000\n "rufus-3.22.exe" loaded module "CRYPT32.DLL" at base 74dd0000\n "rufus-3.22.exe" loaded module "GDI32.DLL" at base 75990000\n "rufus-3.22.exe" loaded module "MSVCRT.DLL" at base 75c40000\n "rufus-3.22.exe" loaded module "OLE32.DLL" at base 75800000\n "rufus-3.22.exe" loaded module "SHELL32.DLL" at base 75f00000\n "rufus-3.22.exe" loaded module "SHLWAPI.DLL" at base 76cf0000\n "rufus-3.22.exe" loaded module "USER32.DLL" at base 75d80000\n "rufus-3.22.exe" loaded module "SSPICLI.DLL" at base 74b80000\n "rufus-3.22.exe" loaded module "RPCRT4.DLL" at base 75e50000\n "rufus-3.22.exe" loaded module "PROFAPI.DLL" at base 74d00000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.22.exe" called "LoadLibrary" with a parameter comctl32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-advapi32-l1-1-0.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter WinInet (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter KERNEL32.DLL (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter ADVAPI32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter COMCTL32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter COMDLG32.DLL (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter CRYPT32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter GDI32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter msvcrt.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter ole32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter SHELL32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter SHLWAPI.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter USER32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter kernel32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter SspiCli.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter WINTRUST.DLL (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter %WINDIR%\\system32\\CRYPT32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter imagehlp.dll (UID: 00000000-00003036)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"150016002c7ab36c@ADVAPI32.dll"\n "0e000f00a47ab36c@ADVAPI32.dll"\n "0e000f00d87ab36c@ADVAPI32.dll"\n "11001200a47fb36c@ADVAPI32.dll"\n "12001300b87fb36c@ADVAPI32.dll"\n "12001300e07fb36c@ADVAPI32.dll"\n "140015009493b36c@ADVAPI32.dll"\n "0d000e00588fb36c@WinInet.DLL"\n "0d000e00a08fb36c@WinInet.DLL"\n "10001100b08fb36c@WinInet.DLL"\n "100011002890b36c@WinInet.DLL"\n "100011003c90b36c@WinInet.DLL"\n "0d000e000080b36c@SHELL32.dll"\n "0d000e005480b36c@SHELL32.dll"\n "100011000094b36c@CRYP185.199.111.153
2023-05-12 03:09:01Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.9787.248.157.102
2023-05-12 02:54:12HTTP HeadersNoWeb Spider8010None{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneKnowYourMeme (Category: social) https://knowyourmeme.com/users/loginlogin
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0030NoneCloudflare Inc: https://www.cloudflare.com/104.21.71.14
2023-05-12 02:46:38BGP AS MembershipNoRIPE0030None36459185.199.110.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneFNCU-Guest (Net ID: 00:00:0D:09:DE:0C)41.8781, -87.6298
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2096172.67.135.9
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.157): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:30Open TCP PortNoCensys0030None64.226.81.43:44364.226.81.43
2023-05-12 03:01:27Web ServerNoTool - WhatWeb0020Nonecloudflareoldfluid.battleb0t.xyz
2023-05-12 03:11:22Raw Data from RIRsNoAbstractAPI0030None{u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean, LLC', u'organization_name': u'Digital Ocean', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'05:11:21'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'207.154.228.169', u'continent': u'Europe', u'region_iso_code': u'HE'}207.154.228.169
2023-05-12 02:55:15Software UsedYesCensys0030NoneUbuntu Linux165.232.113.85
2023-05-12 02:50:17Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:58:43 2023 GMT Not After : Apr 27 17:58:42 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce: 46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72: 5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc: 7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7: 3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06: 76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb: eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14: 9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9: 44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5: 19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2: 66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc: 05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50: 9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36: 95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f: a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25: 57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25: 11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb: b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d: dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10: 3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d: c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63: 71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f: 7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03: 79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47: 92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14: e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a: e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7: 99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43: 9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44: dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d: 0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6: 47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16: ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9: 41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae: 83:f7:8f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 21:3b:56:fc:2b:9c:93:20:c1:2c:91:09:0d:ac:90:cb:0e:5c: 72:a2:ce:e5:13:5d:8c:49:8f:a0:ab:25:c3:01:70:a2:21:9b: 8b:b6:a5:f7:63:ac:53:cb:24:a6:ea:5e:26:dc:03:0c:34:93: 73:f1:ea:e9:83:ea:f0:f1:48:6c:3f:59:c0:85:06:54:41:39: 5b:b3:26:bb:7a:96:75:79:fe:94:2f:c7:2a:70:6e:62:2c:e5: 2b:cd:c4:cc:04:db:95:58:db:1b:87:6d:b6:6d:c8:2f:59:5b: 39:ce:0c:cc:c2:81:21:d5:39:65:f4:d2:81:33:62:bc:90:85: 91:2d:26:36:92:58:81:83:eb:0d:ef:49:b4:e4:7f:d5:0e:52: 0c:52:84:c3:8e:4d:32:02:c5:1e:50:b5:40:16:c2:b6:c6:6e: 3d:81:1a:b3:79:4c:24:0d:78:1b:2a:54:25:79:64:52:43:bf: 71:af:ac:4c:51:53:d6:09:ca:97:bf:92:2f:82:52:84:26:0d: bf:e6:b9:bb:f6:11:a7:a2:20:01:a8:36:6d:46:b5:e4:bb:8e: 29:b6:1f:de:40:9e:e0:c3:15:57:b2:d7:4c:51:da:7a:e5:7e: 99:07:5f:64:ef:07:83:68:13:88:12:62:08:ba:bc:99:f4:d8: 79:5b:89:67
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.88): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:45:35Affiliate - Internet NameNoDNS Raw Records1010Noneleanna.ns.cloudflare.comayhu.xyz
2023-05-12 02:59:53Affiliate - Email AddressNoE-Mail Address Extractor0030Nonegerman.l@alliedglobal.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-797251.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "13.227.74.44:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5004:304:WilStaging_02"\n "Local\\SM0:5004:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3416:304:WilStaging_02"\n "Local\\SM0:3416:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "product_page.js" - Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_tracking_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\8096_1032656472\\auto_open_controller.js]- [targetUID: 00000000-00008096]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\8096_1032656472\\shopping_iframe_driver.js]- [targetUID: 00000000-00008096]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\8096_1032656472\\shoppingfre.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\8096_1534272233\\adblock_snippet.js]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00008096]\n "a369bab2-3926-4626-a576-669ff0c25556.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a369bab2-3926-4626-a576-669ff0c25556.tmp]- [targetUID: 00000000-00008096]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00008096]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008096]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n "eaa46630-4898-435c-8b79-12a101475848.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\eaa46630-4898-435c-8b79-12a101475848.tmp]- [targetUID: 00000000-00008096]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\8096_313714830\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00008096]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00008096]\n "cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp]- [targetUID: 00000000-00003416]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00008096]\n "7de6d455-5aa2-4101-812b-70e599317de8.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7de6d455-5aa2-4101-812b-70e599317de8.tmp]- [targetUID: 00000000-00003416]\n "4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp]- [targetUID: 00000000-00008096]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008096]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00008096]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00008096]\n "1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp]- [targetUID: 00000000-00008096]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00008096]\n "6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "jLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'s"\n Heuristic match: "api.telegram.org"\n Heuristic match: "l@allledglobal.com"\n Heuristic match: "german.l@alliedglobal.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description':
2023-05-12 03:16:19Physical LocationNoipapi.co1020NoneLondon, England, ENG, United Kingdom, GB2a06:98c1:3121::1
2023-05-12 03:09:41Affiliate - Internet NameNoDNS Resolver0040None123.48.229.35.bc.googleusercontent.com35.229.48.123
2023-05-12 02:57:58Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://wifispeedtest.run/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b20_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2848"\n "IsoScope_b20_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b20_IESQMMUTEX_0_303"\n "IsoScope_b20_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "IsoScope_b20_ConnHashTable<2848>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b20_IE_EarlyTabStart_0xbb4_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"wifispeedtest.run"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"wifispeedtest.run"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB619.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabB618.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "LKV79Z5R.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LKV79Z5R.txt]- [targetUID: 00000000-00002848]\n Dropped file: "I7UUS2FD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I7UUS2FD.txt]- [targetUID: 00000000-00002848]\n Dropped file: "DU53BF1Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DU53BF1Z.txt]- [targetUID: 00000000-00002848]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002848]\n "_C99CEF31-40DD-11ED-ACE7-08002742885A_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003528]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "_D40FFDA2-40DD-11ED-ACE7-08002742885A_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002848]\n "CabB618.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"- Location: [%TEMP%\\CabB618.tmp]- [targetUID: 00000000-00003528]\n "89E04DD615224FC07C7804BBADCE34B2" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\89E04DD615224FC07C7804BBADCE34B2]- [targetUID: 00000000-00003528]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002848]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002848]\n "TarB619.tmp" has type "data"- Location: [%TEMP%\\TarB619.tmp]- [targetUID: 00000000-00003528]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "ZTHQHHIZ.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\ZTHQHHIZ.txt]- [targetUID: 00000000-00003528]\n "~DF48C297BD3AF92F27.TMP" has type "data"- Location: [%TEMP%\\~DF48C297BD3AF92F27.TMP]- [targetUID: 00000000-00002848]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: wifispeedtest.run"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://wifispeedtest.run/"\n Pattern match: "http://wifispeedtest.run"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/88 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'6337364c4440b66f39537654', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identif34.148.97.127
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonedanny (Net ID: 00:01:E3:02:5D:60)50.1188, 8.6843
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneEminent (Net ID: 00:14:5C:88:50:78)50.8897, 6.0563
2023-05-12 03:24:21HTTP HeadersNoWeb Spider10030None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5ad9968f0b1cf4-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}188.114.97.1
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:01:24:F2:17:BC)37.780462,-122.390564
2023-05-12 02:46:18Affiliate Description - CategoryNoDuckDuckGo0020NoneFreedom of speech in the United Statesskip.ns.cloudflare.com
2023-05-12 03:23:21Open TCP PortNoPulsedive0030None188.114.96.6:80188.114.96.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0030Nonehttps://funny.battleb0t.xyz/images/random_4.pnghttps://funny.battleb0t.xyz/
2023-05-12 02:47:20Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'README.md', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ruffle.rs"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.64.192.12:443"\n "185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1CC1.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1C90.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1AFD.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1CC0.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2592"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_IE_EarlyTabStart_0x828_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_ConnHashTable<2592>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a20_IESQMMUTEX_0_303"\n "IsoScope_a20_ConnHashTable<2592>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1C2F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1C60.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1AEC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1B9C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1C2E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1D40.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1C5F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1B5C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00002592]\n "610531541889581066_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "ruffle_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "movavi_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "ruffle-nightly-bin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "test_rust_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "kongregate_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "test_web_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "bubble-shooter_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]\n "dolldivine_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001216]\n "Cab1C2F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1C2F.tmp]- [targetUID: 00000000-00001216]\n "VHJPHVTF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VHJPHVTF.txt]- [targetUID: 00000000-00001216]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00002592]\n "Tar1CC1.tmp" has type "data"- Location: [%TEMP%\\Tar1CC1.tmp]- [targetUID: 00000000-00001216]\n "Cab1C60.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1C60.tmp]- [targetUID: 00000000-00001216]\n "crazygames_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]\n "Tar1C90.tmp" has type "data"- Location: [%TEMP%\\Tar1C90.tmp]- [targetUID: 00000000-00001216]\n "armorgames_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 172.64.192.12 on port 443"\n "HTTPS traffic to 185.199.108.153 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /npm/v/@ruffle-rs/ruffle?color=007acc&logo=npm HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /discord/610531541889581066?label=&color=7389d8&labelColor=6a7ec2&logoColor=ffffff&logo=discord HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /github/actions/workflow/status/ruffle-rs/ruffle/test_web.yml?label=Web%20Build&logo=github&branch=master HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /github/actions/workflow/status/ruffle-rs/ruffle/test_rust.yml?label=Rust%20Build&logo=github&branch=master HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /aur/version/ruffle-nightly-bin?logo=archlinux HTTP/1.1\nAccept: image/png, 185.199.111.153
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:443104.21.6.166
2023-05-12 02:45:52Raw Data from RIRsNoAbstractAPI0040None{u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:51'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3030::ac43:a8fc', u'continent': u'North America', u'region_iso_code': u'QC'}2606:4700:3030::ac43:a8fc
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-served-by: cache-lga21959-LGA{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"}
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:01:24:F0:65:67)37.7813933,-122.3918002
2023-05-12 02:54:03Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer172.67.135.9
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneDubtronicssid (Net ID: 00:01:24:F0:BB:A4)37.780462,-122.390564
2023-05-12 03:18:06URL (Form)NoPage Information0020Nonehttp://ayhu.xyz<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60363a5a178c')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="49Idt7TVQjX1pBvRrI.6aeE3rlIvevuAC7b5vTR0YGE-1683860053-0-AY2CmFGtsZtnLcnB3KaVSnayJydAFpMBwiHerGE4rgR3JSYE2THMUlIcqEG1Ue8w91NqXc1_LHx6GFVlXiEAESIr_nGQ5go_qchKEn3Zd9LGEn7sjdr5MGswrCl99ImQfUgu6KdI_WivVs4bd90GT85W3eqgKUj3u0FUHAfgMsZls8XQdBKgHld4LM0wMOiwkj4Zv_skkfuoeKho_dzt4CkE8TkBrPt00M8eIbThaadGvVY0ZXacJCnFJrMWgEfguZYQYUBYVuQPCo4vsaoC9FJto9c6wa1TZj17T__0EGfb7iIg-Fe40vQL0GKl1g68OrtJF7bhLP5OSmmfJD-JBdOEbpA042KC5D5FyslCSfE7VL_rZtwmaMGkKhFs9rNjkGtzvRpQkvZRYfyEeWln9xUv2AoyKgo_1wsNTA_ve-XNzmkKtYDqJDpKDva2W3pJ_3486t1fxBPGklTfmIx9NlGkUpFz141VY7sqmJxOdPADiSQrKzSt-fovaHrioNcpkC_a9kgYIR8XX9ZtGjpkxl_IolwlzL--CdPxkW0zMtKJ-ob6rp2YNV1BUrgbluir9hqadqgAXGwt_gZWou60RMf3UaSZgv32iteEpLg55lWyX9LlrUvEr69WGY_mW2VC6sS9celjhcxiPOQLUkE6KOI9dyhMsK_hvZhX7dDzQsZTH4jAvHUf9CQD2LuSWPV3IPZysl2v0-TSOr10-QdcM27ziun4ot0DvTudFu8lZubQ6YgSwrTQ0wlCjvSq6gwpTOqihrt99F-QaEJWo9sY1ul0FhgMesYynTr4n3snoOM31ZGsLMXWKlkFnwUy1gZdrnW6lGoCkCZNGJjETZCrO0I1-blCIjRzIo6n3EQP7MT5qxAPdJn4-285kyLwMrAm9nW0Fi-T32j1LOogUb6WyPmjQkstsoGMIPyZHJWu0K53P0Hp3SPyKBDSdN4PFWJ5HhYglCXZ4frWkFfTdPf1mz5N5hMALh4FLKDLHit2KyOqpzy4LGkpslmmSQV9AzBKoRj1GEO_-FcLHTt9Y_hlt3lZHsDBr1qsBzb2CCXFE8o-Cu7OAduNH_CAS2sCSdUmt1KpWrCRaId6zphb5lrgZKo6-UG1p8eW6scfDanDgxE_uwAeJyjUHxAEdnSiE1KEwJ9jCVqAgp9dVVHeTI4rz44dE3vG-URKonk4rAmwzUrgRitO_d4uGYtEZ4E7qxVnEHPqSPPlSj7XCukbKVCLBJxrlSwrndqrFnPWXTVbd4VDbjuKYax1pPS7eYUGT_UeCCeppPOHUje3Psa1ejipoF94FUlnfTdlsYbhNQHOKrCLTleuO-lGh4FkydbCaYMbMeAAZyBt0xtAetQyd7ldNHUNuC2Nofi66SO1NL6dsaVskjPRRnE6ZvIpqMSXLJLgGQGDosioOi4TetnoLMpoodURiB_nIbRVwEcdjLeqlr_heAlhB9DjGpMi7U2THwVCr2WtE0eC7jgUi7EvjeNq152r1Qqg397yfToV5_wu059jWgynPgNUwC4lcn5G-MBIXveyQXm1Kc3wCLL9zpH8MAPvrg7a-sB2jNRF-Z6W26XqIgEKRCWc-Pxvv_Wf4vRraOQIcroiI7Bz-VZanQ8qRRCNJq9kL7QMtAUM-80bmDBTJgrVoo5PdyUEhsNJHqX9OXSul2XByOb4cFHCten8oYXlq-xQqbPW5cLy025uWQytdBIECEqK0e5vKcu_KE0Uj51a0tZyH3JcwbPPE_fH4pbZorm5Kg1q7pYpinkOp5o93d4llyQL17ps--AQEqRvOWDfy9ih2KJc_BE5lNLHq-v1h4WyL3qch3dFUNrf6TKv44d5E5ZODSf9MR91_YJ1LP3HF-0gnEEbwwFvu5w7kqPMreWbivd9zybQFoONhHZIvue3MsgjfZ1vLvfzi0_pLzPV9XnL3aZnuVWNQ5m-tjTF6DVwD4heQQWtO8aBzn7YpoO7pmb5XcFPRZknXUl9vyibdHsym3ALRgx4Xf0sXY0Egq8vPrGtUmUt_qhEJTk5P3R0wsoRFa49pkuv79cmFbVV6UYUcsY_Ht1FZEPOAMMuij1BfHolOncuoa8HH91s4MToLK5e4ZXLCuwnrhU1Iz07g8_F8FiO-szvC0BSEfX52p_c3LsFOQ8KHGFOOtlIbkgQfFx7vErT1y0UZSuoR1HN5mwxz005itrk8qw-cU_4QXYVr0nnwhQQexYkVxHYLRxlHlGu9xonuO_9eyVCe8GyN79j4Enif4_dFDplAW77cjHRHWhMTCE5n_dU-96YMnkyFZr2m1KSUUWqQndQzduR6sMHEDQuErbPvLqIaJ3xphVgcTAzrMD12jvSU-bukvEL-wHHmzTDiCAItW9qw0XBzVZ7Ll736rJi4i9XorZ16wxKlOhw9SC6r707lQ43XMPgmmt8I71p5Y7NNqy-niBv8MJGeGRjObImH8n6JVBEQ7vEkMfTCD53zst2b-4V3RTMfSwntBlaoqZZYZdNBZBlFTqFK5PeKUk6cNexkn95wQmcJcuYO0vxq3IUpP6X"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '94216', cRay: '7c5f60363a5a178c', cHash: 'a8c2f7f784ba63b', cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'TetCTvIHDoj9yN1Q4CtSp4oIXaz0U+HIhBy4s5iV5musPrd3qRRyHc90BWI/jzQYM3TsRZmdrYIIHsGBQ3rbPW3lOoqcfi5CawfhzjAeMsvCOqeqTs713ExQ08oz+vVkhRriZ7KOQkOV4gBocW2cG02BuWOMw473YNbayiyCJXNB9iidY4XwtRQU/oWv27be04lXHovk9dndBeKEBgbit5s9pMfaIl2tziG8KWxKRTXRRw94m0HSrFr22Qs7or0V3+F4nT0oqiT9CcwY4AtGAb1j1UI+nGhI1ep4c+HVRPQEv5JYmnedW8parB9/FBeu/+bgHoTPsvVjRcT+Zj3bh9L0pk5dvmAuwrAT2+Y12w3HYJ8EUaGW5hUxEwUm3qO45VrjFOfVZH1XXhpCDpIgdaMP38+Gmi8gCSX1fmRmElBR13XOvdIqlcHPrE3eBXTlLOzhqpjHznAyvR3aMgy5C0JAffwSrtelgLWCQTUkAhSVivNH0wfno5PZypoOVrpGZ9n0kycNgQnfvHpFI9kAmKT2MlQ1LuH6zqEPZLkiqKrLJjogiPERqj0XyjcrK42c', t: 'MTY4Mzg2MDA1My40NzkwMDA=', m: 'X3NUo99x/4mGPFmrz69qVs5k5pJtmgeVcyYRkA87vXs=', i1: 'Sn1NO9u6sfSr5lno+YjwEg==', i2: 'LxAqQZecIh4w4zR/ETAJ7g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60363a5a178c'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60363a5a178c'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:44:41Internet NameNoDNS Resolver0020Nonevscode.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:55:50 2022 GMT Not After : Mar 13 15:55:49 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67: df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e: 90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08: 2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01: c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62: 5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb: 5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3: 2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed: 49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57: fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83: 2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64: 39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb: fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf: 4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8: 0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74: 76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b: 97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24: 3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0: c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46: 67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88: 04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85: 91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80: bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f: 4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1: 29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95: 35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57: e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4: 44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da: 1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2: 66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16: 75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a: b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2: ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd: f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad: 19:0b:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 13 16:55:50.449 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:83:63:FF:85:C1:92:6A:F0:48:97:56: 6A:A1:9A:CD:CD:96:31:BB:FB:75:C5:76:C0:D5:93:B6: FA:22:8A:0A:B2:02:21:00:D0:25:C4:C4:9C:87:C7:8A: D8:88:7C:0F:ED:E3:EE:A9:F5:8D:1E:8A:7D:57:63:8B: 34:EA:A9:AA:0E:B7:1F:86 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 16:55:50.476 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:54:A3:38:5D:40:4F:67:06:7D:10:18:A9: 8D:94:8F:5C:FA:96:C9:CD:18:CE:28:22:68:39:92:D0: 96:C8:FF:F6:02:20:1D:2D:AD:B7:86:08:EE:7E:EE:05: FA:EC:70:98:F7:7B:A0:74:8A:7A:10:64:BF:3C:10:A9: 7A:16:EC:A7:CC:4B Signature Algorithm: sha256WithRSAEncryption 20:7b:5f:2b:bd:28:eb:4d:bf:d7:77:bb:a0:1a:8f:df:78:60: 37:c8:a6:0a:7a:b4:17:f5:92:59:69:c6:b8:6a:7b:eb:7c:d1: 4d:b7:1f:8a:b6:a8:fe:6f:70:f7:71:12:28:35:3b:1d:c9:e2: 3e:5a:b9:ce:51:09:75:8e:66:10:ba:ac:7a:bf:80:93:80:59: 81:68:1a:f1:4b:74:5d:68:98:fd:b9:d6:3c:7d:27:77:0e:6b: c3:83:68:c1:53:51:8c:92:a8:96:95:40:f7:6c:ab:93:47:5e: 47:42:3f:43:61:57:3a:c1:fd:4a:c1:60:c0:f5:9f:e5:3f:aa: cd:53:b5:a3:5d:e8:f4:0a:26:e5:70:df:34:b0:ae:1c:99:2a: 3c:31:a1:a9:06:b4:05:fd:9b:44:cb:42:87:c4:a0:d2:e7:7a: 95:fc:6a:ad:e6:f1:50:0d:21:cd:f5:24:0f:dc:98:36:59:3b: 40:6e:0f:4b:38:de:68:41:9a:1e:f9:be:5b:6a:36:f0:9b:22: e3:a1:e1:ad:96:f6:ba:a2:d1:f4:e2:12:cb:ab:1f:bb:9a:53: 07:6b:08:bd:4c:58:68:74:4f:75:3c:83:28:de:71:51:c8:1c: 8f:ca:5e:df:81:b4:f2:74:1f:18:af:29:fa:69:d6:b5:65:a9: 11:13:ef:a4
2023-05-12 03:18:52Raw File Meta DataNoFile Metadata Extractor0040None{'Image ExifOffset': (0x8769) Long=134 @ 90, 'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 78, 'Image XResolution': (0x011A) Ratio=72 @ 98, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 168, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 216, 'Image DateTime': (0x0132) ASCII=2023:01:11 18:24:47 @ 114, 'Image YResolution': (0x011B) Ratio=72 @ 106, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 180, 'EXIF ExifImageLength': (0xA003) Long=2316 @ 204, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 144, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 54, 'EXIF ExifImageWidth': (0xA002) Long=3088 @ 192, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 156}https://funny.battleb0t.xyz/images/carti_1.jpg
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:10Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer2606:4700:3031::6815:6a6
2023-05-12 02:46:00Raw Data from RIRsNoAbstractAPI0030None{u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:59'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'172.67.168.252', u'continent': u'North America', u'region_iso_code': u'IL'}172.67.168.252
2023-05-12 02:58:42Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/docs', u'type': u'submitted', u'verdict': u'malicious'}, {u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/favicon.ico', u'type': u'visited', u'verdict': u'suspicious'}, {u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/docs', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"psti-dot-wearatar-dev.uc.r.appspot.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"psti-dot-wearatar-dev.uc.r.appspot.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF0CC.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF0CD.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_fe8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fe8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_fe8_ConnHashTable<4072>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_fe8_IESQMMUTEX_0_331"\n "IsoScope_fe8_IE_EarlyTabStart_0x670_Mutex"\n "IsoScope_fe8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4072"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.250.191.84:80"\n "104.16.86.20:443"\n "34.74.170.74:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "WY7JZ84F.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WY7JZ84F.txt]- [targetUID: 00000000-00004072]\n Dropped file: "A6NT0WYE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A6NT0WYE.txt]- [targetUID: 00000000-00004072]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabE754.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "CabED9F.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002920]\n "_60BC7826-49A7-11ED-ADE6-080027C778EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43]- [targetUID: 00000000-00002920]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00004072]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002920]\n "RecoveryStore._29018067-49A7-11ED-ADE6-080027C778EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "WY7JZ84F.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WY7JZ84F.txt]- [targetUID: 00000000-00004072]\n "_29018069-49A7-11ED-ADE6-080027C778EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "swagger-ui-bundle_1_.js" has type "data"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00004072]\n "TarF0CC.tmp" has type "data"- Location: [%TEMP%\\TarF0CC.tmp]- [targetUID: 00000000-00002920]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00004072]\n "DDB0B468D23C74904993FA6E9CDC1988" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\DDB0B468D23C74904993FA6E9CDC1988]- [targetUID: 00000000-00002920]\n "~DF51DF99C6ABB698A3.TMP" has type "data"- Location: [%TEMP%\\~DF51DF99C6ABB698A3.TMP]- [targetUID: 00000000-00004072]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://psti-dot-wearatar-dev.uc.r.appspot.com/docs"\n Pattern match: "http://psti-dot-wearatar-dev.uc.r.appspot.com"\n Heuristic match: "psti-dot-wearatar-dev.uc.r.appspot.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}], u'threat_level': 0, u'size': None, u'job_id': u'6345f449ab81ca2c01100ca1', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'142.250.191.84', u'104.16.86.20', u'34.74.170.74'], u'sha256': u'2a7999a7c7b888cb2de97ef77fd40b70d500bd4d0d867d53de57717906f536f9', u'sha512': u'9744da3e0ec5e27a8fbb50ae556122a5ad52cdcc373e630cd97ce77c0d58f82c30bb0fa88d846f8ccc580a46c53a0782d655599601f985d90f468df503e676f2', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/docs', u'submission_id': u'6345f449ab81ca2c01100ca2', u'created_at': u'2022-10-11T22:55:05+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-11T22:55:06+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 3, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 10, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section34.74.170.74
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneajansbegum (Net ID: 00:02:CF:87:A5:A4)40.2024, 29.0398
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None185.199.109.153www.battleb0t.xyz
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/withat_5.jpghttps://pics.battleb0t.xyz/
2023-05-12 03:34:00Raw File Meta DataNoBinary String Extractor0040None"Exif sgssso <Qwm7 >6x.O x>t7? g$sy? .b97< /Ggy! l/5-o ggs43Z x.o.n> NNEsz gmuss Mswy5 dIys6 >t6w6 03Ryr\G a>0xM g_on8 9!6sBsmms ?r:\t L5M3O nq_JxO `uns?g F1_?J $vw3C ?.O:H Gq$rMmo 0y7?i <?qgg WYeyq$ !um_KM ykmsrzz ?2Cm7 3>O0? irIyo t.Iof?y R\y2I tnt"3 !t5K?/ hfIoq' bI>sy w?f?f? <Aq"Cio /uMbO > Ige >km7M 1$vw0 y.n/" /uM>9 njKym v:Ky$ ryw2Com s<U?o v?R.> hGydd soyg' :7Ieq 5zO-$ 2pMsw wGo$w?<w :xssms jVw:o .?ygs nn9?m oO_n: nFumS W7ofc U95 5 Gs\-?o ry>f< gae$w ?2kmO sIyf/! t8y<? \Cwy1 _Bx_K oeqq$ g5b9c /2?.o/ hcg>o kkkn? /`0E' xn/<a uwosm .<7qq zdWqk $1\Mm rzW?' tx<Iogss ldU9? K?.?/ r\isI ?6gAs $Kxn< nnnOS qyooo Hc<M? Ej\Ioy' x'8_ahttps://funny.battleb0t.xyz/images/reveloder.jpg
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None0067ed.github.io185.199.111.153
2023-05-12 03:14:48Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.www.ayhu.xyz
2023-05-12 02:54:34Netblock MembershipNoCensys0030None104.21.64.0/20104.21.71.14
2023-05-12 03:31:28Affiliate - Email AddressNoE-Mail Address Extractor0050Nonejrupp@name.comDomain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com/ Updated Date: 2023-01-20T18:05:08.0Z Creation Date: 2022-12-18T04:19:38.0Z Registry Expiry Date: 2031-12-18T23:59:59.0Z Registrar: Name.com, Inc Registrar IANA ID: 625 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Registrant State/Province: YN Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1CNB.NAME.COM Name Server: NS2KNZ.NAME.COM Name Server: NS3CNA.NAME.COM Name Server: NS4BLX.NAME.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: jrupp@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com Updated Date: 2023-01-20T18:05:08Z Creation Date: 2022-12-18T04:19:38Z Registrar Registration Expiration Date: 2031-12-18T23:59:59Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Reseller: Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Aaron Young Registrant Organization: Registrant Street: 408 Longquan Rd. Registrant City: KM Registrant State/Province: YN Registrant Postal Code: 650000 Registrant Country: CN Registrant Phone: Non-Public Data Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant Registry Admin ID: Not Available From Registry Admin Name: Aaron Young Admin Organization: Admin Street: 408 Longquan Rd. Admin City: KM Admin State/Province: YN Admin Postal Code: 650000 Admin Country: CN Admin Phone: Non-Public Data Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin Registry Tech ID: Not Available From Registry Tech Name: Aaron Young Tech Organization: Tech Street: 408 Longquan Rd. Tech City: KM Tech State/Province: YN Tech Postal Code: 650000 Tech Country: CN Tech Phone: Non-Public Data Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech Name Server: ns2knz.name.com Name Server: ns4blx.name.com Name Server: ns3cna.name.com Name Server: ns1cnb.name.com DNSSEC: unSigned Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<< For more information on Whois status codes, please visit https://icann.org/epp The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonememrise (Category: hobby) https://app.memrise.com/user/login/login
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f6059be52c402-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"}
2023-05-12 02:45:43Raw Data from RIRsNoAbstractAPI0020None{u'city': u'San Francisco', u'security': {u'is_vpn': False}, u'city_geoname_id': 5391959, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -122.3993, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:42'}, u'latitude': 37.7642, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.109.153', u'continent': u'North America', u'region_iso_code': u'CA'}185.199.109.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneYapitest (Net ID: 00:14:7C:B0:26:1A)40.2024, 29.0398
2023-05-12 02:56:57SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:44:09 2022 GMT Not After : Mar 13 15:44:08 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a: e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b: 2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d: 80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63: d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28: 06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0: 09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7: 79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57: 0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97: a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6: fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3: 69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96: 80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64: 8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94: 42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d: ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff: 0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7: 48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab: 78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44: cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86: 24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e: 70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80: a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0: 36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23: 0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f: ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07: 72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36: 1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f: 13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63: 54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2: e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3: 0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25: 1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35: be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db: 56:15:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 13 16:44:09.315 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:EB:B2:4A:B8:57:10:D6:3B:2F:B5:2A: 89:BA:32:85:1C:16:28:E8:45:62:3E:AC:5F:C1:A7:01: D5:8E:30:E3:17:02:20:27:39:6A:04:D2:61:CC:BD:8C: 4F:C5:13:6E:02:18:EB:24:BE:73:9E:F1:B4:F7:D8:89: 3A:CF:69:2B:AA:1C:75 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 13 16:44:09.312 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:73:42:08:21:4C:2B:6E:54:89:A5:9F:6C: 27:A0:E3:7D:5D:89:06:32:EB:1E:21:D3:16:0C:E5:9D: AB:38:FC:69:02:20:6E:F0:01:D9:C1:A2:AD:6E:65:26: 28:CF:30:5D:77:85:32:E7:53:E7:81:77:F5:0B:21:74: 83:B6:A0:E7:EA:52 Signature Algorithm: sha256WithRSAEncryption 32:8d:f0:fd:98:aa:6b:67:8b:fd:50:1f:a3:82:12:f7:96:0e: 20:1c:fd:bd:65:b3:76:ea:7d:e7:8e:de:49:56:5d:75:39:27: 85:12:91:b5:c9:aa:a8:98:14:b1:0b:89:0c:69:e2:0c:9e:47: 2e:8e:21:a5:d8:33:ba:43:8f:1a:0f:2c:6a:f9:b8:67:f2:5f: 5c:7a:06:bd:b7:ef:55:c1:6f:51:6b:fa:6b:09:ef:8b:fb:80: 49:8f:ee:cc:90:25:a6:9f:27:ae:ce:25:a8:cb:20:f2:07:c4: 43:8f:46:e1:64:24:94:30:c9:cf:5b:53:42:96:1a:a8:a3:26: 9e:e0:4f:a8:90:5b:82:db:4d:1c:ca:70:31:76:0c:bb:6c:d1: c9:02:ca:92:68:04:3a:5e:ff:d1:9c:cc:9d:29:99:f7:9f:50: 63:8c:bd:09:15:13:aa:10:8a:fe:a4:7b:38:d1:de:50:78:a9: f5:b9:42:b6:a4:a3:92:70:93:b5:82:12:31:84:1f:7a:4e:c1: b5:6e:db:bb:40:e0:59:4d:30:89:d2:e6:e9:ce:d5:19:06:a3: 10:65:96:34:86:38:78:b2:8f:41:76:5c:48:0c:dd:1e:50:46: 64:18:01:03:0a:cf:fb:4b:6e:47:08:59:20:26:e3:b6:52:18: 5b:fb:b5:4a battleb0t.xyz
2023-05-12 03:11:15Physical LocationNoAbstractAPI1020NoneLondon, England, W1B, United States, North America2a06:98c1:3121::1
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0020NoneCloudflare Inc: https://www.cloudflare.com/188.114.96.1
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00d2.github.io] https://www.openphish.com/feed.txt00d2.github.io
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None101 (Net ID: 00:01:03:79:02:18)41.8781, -87.6298
2023-05-12 02:53:10Web TechnologyNoTool - WAFW00F0030NoneCloudflare Inc. Cloudflarevscode.battleb0t.xyz
2023-05-12 02:54:48HTTP HeadersNoCensys0030None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H0694HWAMG6RHJEVW16FQRHY"], "Date": ["<REDACTED>"], "Server": ["Netlify"]}34.148.97.127
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneBARWN-UnitedLayer01 (Net ID: 00:02:6F:01:86:4F)37.7642, -122.3993
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:03:05)50.8897, 6.0563
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Noneherron-libson (Net ID: 00:01:24:F1:75:B2)37.7813933,-122.3918002
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NonePinterest (Category: social) https://www.pinterest.com/ayshoo/ayshoo
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:05:5D:EC:8D:60)33.336199,-111.89446440830702
2023-05-12 02:54:15Linked URL - InternalNoWeb Spider0020Nonehttp://www.battleb0t.xyzwww.battleb0t.xyz
2023-05-12 03:01:09Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.119): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:15Linked URL - InternalNoWeb Spider0020Nonehttp://oldfluid.battleb0t.xyzoldfluid.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D7:31)32.8608, -79.9746
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:0C:41:86:BE:6A)32.8608, -79.9746
2023-05-12 02:44:56Physical LocationNoipapi.co1020NoneSan Francisco, California, CA, United States, US185.199.111.153
2023-05-12 03:09:31Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.ioeliaspinheironeto.github.io
2023-05-12 03:08:46Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.218104.196.30.220
2023-05-12 02:54:14Linked URL - InternalNoWeb Spider0020Nonehttp://nwapi2.battleb0t.xyznwapi2.battleb0t.xyz
2023-05-12 02:45:32Malicious Internet NameYesVirusTotal0010NoneVirusTotal [ayhu.xyz] https://www.virustotal.com/en/domain/ayhu.xyz/information/ayhu.xyz
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-to-1.github.io] https://www.openphish.com/feed.txt0-to-1.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneazis (Net ID: 00:06:B1:15:73:DD)33.6170672,-111.90564645297056
2023-05-12 03:00:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.13): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:09:09Affiliate - IP AddressNoDNS Look-aside1030None46.101.229.6346.101.229.70
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneLAB1234 (Net ID: 00:0C:41:CB:47:70)39.0469, -77.4903
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-B772 (Net ID: 00:1D:CF:82:B7:70)32.8608, -79.9746
2023-05-12 03:01:12Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.127): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:11Software UsedYesCensys0020Nonelinux87.248.157.102
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None1100 (Net ID: 00:01:03:79:01:88)41.8781, -87.6298
2023-05-12 03:00:47Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.63): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}172.67.135.9
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-50B2 (Net ID: 90:1A:CA:7D:50:B0)37.751, -97.822
2023-05-12 03:14:28Similar DomainYesTLD Searcher0010Nonebattleb0t.ovhbattleb0t.xyz
2023-05-12 02:53:49BGP AS MembershipNoCensys0020None541132606:50c0:8000::153
2023-05-12 03:41:52Raw Data from RIRsNoCensys1030None{"operating_system": {"vendor": "Microsoft", "product": "Windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "other": {"family": "Windows"}}, "last_updated_at": "2023-05-12T01:40:25.089Z", "ip": "45.131.109.53", "labels": ["file-sharing", "network-administration", "remote-access"], "location_updated_at": "2023-05-07T11:15:30.169008Z", "autonomous_system_updated_at": "2023-05-07T11:15:30.169132Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"vm.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-10T21:12:17.288943702Z"}, "11858-33959.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-29T16:38:25.585351786Z"}, "wakapi.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-29T14:27:35.242336552Z"}, "www.tt-dev.de": {"record_type": "CNAME", "resolved_at": "2023-01-05T14:36:51.431345945Z"}, "traefik.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-07T14:38:59.772471404Z"}, "tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-31T14:50:50.814184504Z"}, "test.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:05.064783690Z"}, "wiki.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-08T14:20:13.917172001Z"}, "grafana.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-01T14:18:17.398732703Z"}, "70724-04381.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-20T20:07:07.842037289Z"}, "npm.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:04.915388971Z"}, "portainer.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-14T14:32:52.020207987Z"}, "ci.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-06T14:26:38.984649398Z"}}, "names": ["traefik.tt-dev.de", "npm.tt-dev.de", "vm.battleb0t.xyz", "wakapi.tt-dev.de", "portainer.tt-dev.de", "ci.tt-dev.de", "tt-dev.de", "grafana.tt-dev.de", "test.tt-dev.de", "www.tt-dev.de", "wiki.tt-dev.de", "70724-04381.pph-server.de", "11858-33959.pph-server.de"], "reverse_dns": {"resolved_at": "2023-05-04T16:22:43.166057588Z", "names": ["vm.battleb0t.xyz"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["file-sharing"], "truncated": false, "service_name": "SMB", "_decoded": "smb", "banner_hashes": ["sha256:51d9f41a595c653b76dbff0adeec37710decd99e91825ba2de9ef6e273bfcaf0"], "source_ip": "162.142.125.225", "extended_service_name": "SMB", "smb": {"smbv1_support": false, "negotiation_log": {"security_mode": 1, "system_time": 1683815217, "server_start_time": 1240428288, "_encoding": {"server_guid": "DISPLAY_HEX"}, "capabilities": 7, "server_guid": "0000000000000000000000000000000031a109594c6a1d49a3303a66d4c26ecb", "dialect_revision": 528, "authentication_types": ["1.3.6.1.4.1.311.2.2.30", "1.3.6.1.4.1.311.2.2.10"], "header_log": {"status": 0, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "flags": 1, "command": 0}}, "smb_version": {"major": 2, "version_string": "SMB 2.1", "minor": 1, "revision": 0}, "session_setup_log": {"target_name": "70724-04381", "setup_flags": 0, "header_log": {"status": 3221225494, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "command": 1, "flags": 1}, "negotiate_flags": 2726953477}, "smb_capabilities": {"smb_multicredit_support": true, "smb_persistent_handle_support": false, "smb_dfs_support": true, "smb_leasing_support": true, "smb_encryption_support": false, "smb_directory_leasing_support": false, "smb_multichan_support": false}, "has_ntlm": true}, "observed_at": "2023-05-11T14:26:57.515685601Z", "banner_hex": "534d4220534d4220322e31", "perspective_id": "PERSPECTIVE_HE", "transport_fingerprint": {"raw": "65535,128,true,MNWNNS,1460,false,false", "os": "Windows *", "id": 429}, "banner": "SMB SMB 2.1", "port": 445, "software": [{"vendor": "microsoft", "product": "windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "source": "OSI_TRANSPORT_LAYER"}]}, {"tls": {"server_key_exchange": {"ec_params": {"named_curve": 24}}, "_encoding": {"ja3s": "DISPLAY_HEX"}, "version_selected": "TLSv1_2", "cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "certificates": {"_encoding": {"leaf_fp_sha_256": "DISPLAY_HEX"}, "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "ruG0HFgv/8OXJWtxPCjUSQ85xDh2SJLByLm11c5cyZyMwJU/sWedNfO9DrevuT8F7VTYR5X9Jn9+NDXdfpZEQNy6zH+rYAiGSV94DzEOv8TqWPEo6TIzWBaS72PEIlTdq7nRnq7wO229GGWbClkbdw9qb1Ul/qbRHM7TT3kh7/gVKezZbTafnBnRnSghbqP3Z+9EoHVAitQl4NFBxkS94wX+pi5FPNe/dGPxT8v8SrvPl+DxkvgcVomdT3Gt7JTvfgjSWY2hJ5+d9dHNrgV4NShiaSBkDhIw3H44DQxJJGeOiPvGGMCLbHZIhhcbpYiP+//lXbcmsSe7v8Dij7/WiQ==", "exponent": "AAEAAQ=="}, "fingerprint": "46f940f431befbf3e8c0d41e66defd7ca5752176463e410bf7ff1a076f677750"}, "subject_dn": "CN=70724-04381.pph-server.de", "pubkey_bit_size": 2048, "fingerprint": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "issuer_dn": "CN=70724-04381.pph-server.de", "names": ["70724-04381.pph-server.de"], "tbs_fingerprint": "103620f100eb7ba4c99aca138e14895b8d66946b6c6a90ced8fa2de351716b31", "subject": {"common_name": ["70724-04381.pph-server.de"]}, "signature": {"self_signed": true, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["70724-04381.pph-server.de"]}}, "leaf_fp_sha_256": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc"}, "ja3s": "364ff14b04ef93c3b4cfa429d729c0d9"}, "_encoding": {"certificate": "DISPLAY_HEX"}, "_decoded": "rdp", "jarm": {"_encoding": {"cipher_and_version_fingerprint": "DISPLAY_HEX", "tls_extensions_sha256": "DISPLAY_HEX", "fingerprint": "DISPLAY_HEX"}, "cipher_and_version_fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2ad", "tls_extensions_sha256": "fd9c9d14e4f4f67f94f0359f8b28f532", "observed_at": "2023-04-25T19:43:40.097167804Z", "fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2adfd9c9d14e4f4f67f94f0359f8b28f532"}, "rdp": {"selected_security_protocol": {"tls": true, "raw_value": 1, "rdstls": false, "error_hybrid_required": false, "credssp_early_auth": false, "error_bad_flags": false, "error_ssl_forbidden": false, "error_ssl_cert_missing": false, "credssp": false, "error_ssl_user_auth_required": false, "error": false, "error_ssl_required": false, "standard_rdp": true, "error_unknown": false}, "protocol_flags": {"dynvc_graphics_pipeline": true, "neg_resp_reserved": true, "restricted_auth_mode": true, "restricted_admin_mode": true, "extended_client_data_supported": true}, "connect_response": {"connect_id": 0, "domain_parameters": {"max_mcspdu_size": 65528, "num_priorities": 1, "max_user_id_channels": 3, "domain_protocol_version": 2, "max_token_ids": 0, "max_provider_height": 1, "max_channel_ids": 34, "min_throughput": 0}}, "version": {"raw": 524299, "major": 10, "minor": 6}, "certificate_info": {}, "x224_cc_pdu_srcref": 13330}, "certificate": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "truncated": false, "service_name": "RDP", "labels": ["remote-access", "network-administration"], "source_ip": "167.94.146.58", "extended_service_name": "RDP", "observed_at": "2023-05-11T13:18:54.374691218Z", "perspective_id": "PERSPECTIVE_TELIA", "transport_protocol": "TCP", "port": 3389, "transport_fingerprint": {"raw": "64000,128,true,MNWNNS,1460,false,false"}}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://45.131.109.53:5985/"}, "response": {"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "Not Found", "protocol": "HTTP/1.1", "body_size": 315, "body_hashes": ["sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0", "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083"], "status_code": 404, "body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083", "headers": {"Content_Length": ["315"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]}, "html_tags": ["<TITLE>Not Found</TITLE>", "<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"], "source_ip": "162.142.125.216", "extended_service_name": "HTTP", "observed_at": "2023-05-12T01:02:37.678343941Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a", "perspective_id": "PERSPECTIVE_HE", "banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n", "port": 5985, "software": [{"product": "Windows", "vendor": "Microsoft", "source": "OSI_APPLICATION_LAYER", "p45.131.109.53
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-7734 (Net ID: 38:70:0C:07:77:32)37.751, -97.822
2023-05-12 03:00:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.27): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:27IP AddressNoDNS Resolver51020None104.21.71.14nwapi2.battleb0t.xyz
2023-05-12 02:54:23Web Content TypeNoWeb Spider0050Nonetext/html;charset=utf-8https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATT9D2Yjw8 (Net ID: E0:22:03:E8:DB:5A)37.751, -97.822
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None6566 0615 (Net ID: 00:00:C5:D7:61:48)41.8781, -87.6298
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: close Content-Type: text/html; charset="utf-8" Date: <REDACTED> Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: webmailsession=%3aJ6wQNgi5mDSbd8Aj%2ccc122e301037955ff583c00e21431728; HttpOnly; path=/; port=2096; secure Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2096; secure Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096 Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096 Set-Cookie: roundcube_cookies=enabled; HttpOnly; expires=Thu, 09-May-2024 16:40:03 GMT; path=/; port=2096; secure Cache-Control: no-cache, no-store, must-revalidate, private X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Encoding: gzip Content-Length: 12483 87.248.157.102
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:01:E6:93:CF:EC)37.780462,-122.390564
2023-05-12 02:53:15IP AddressNoMnemonic PassiveDNS0010None185.199.110.153battleb0t.xyz
2023-05-12 03:03:37Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00tau.github.io
2023-05-12 02:51:01Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kangbinkwon.github.io/kangbinkwon-Netflix_clonecoding/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_6d4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"\n "IsoScope_6d4_IE_EarlyTabStart_0xdf8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6d4_ConnHashTable<1748>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6d4_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"\n "69.16.175.10:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "code.jquery.com"\n "kangbinkwon.github.io"\n "pro.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a class="authLinks lang" href="https://www.netflix.com/kr/login"></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<form class="cta-form" action="https://www.netflix.com/signup/registration?locale=ko-KR">" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<span class="lang"> . PC netflix.com ," (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/node/412" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/login?nextpage=https%3A%2F%2Fwww.netflix.com%2Fyouraccount"" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://media.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://jobs.netflix.com/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://devices.netflix.com/ko/" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/termsofuse" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/privacy" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/corpinfo" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/contactus" class="footer-link"><span class="lang"></span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/notices" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/browse/genre/839338" class="footer-link"><span class="lang">Netflix" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<div class="copy-text-block lang"> : korea@netflix.com</div>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced" and extension "png"\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "card-02-tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001748]\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "kangbinkwon-Netflix_clonecoding_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001748]\n "nficon2016_1_.ico" has type "MS Windows icon resource - 1 icon 64x64 32 bits/pixel"- [targetUID: N/A]\n "~DFF6F278D010A12D33.TMP" has type "data"- Location: [%TEMP%\\~DFF6F278D010A12D33.TMP]- [targetUID: 00000000-00001748]\n "~DF048C015CE4B792F4.TMP" has type "data"- Location: [%TEMP%\\~DF048C015CE4B792F4.TMP]- [targetUID: 00000000-00001748]\n "~DF0EACE11BF185.199.108.153
2023-05-12 02:45:41Raw Data from RIRsNoAbstractAPI0020None{u'city': u'San Francisco (South Beach)', u'security': {u'is_vpn': False}, u'city_geoname_id': 5326621, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -118.244, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:40'}, u'latitude': 34.0544, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.110.153', u'continent': u'North America', u'region_iso_code': u'CA'}185.199.110.153
2023-05-12 02:46:39Malicious IP AddressYesFraudguard0120Noneabuse_tracker (risk level: 4) [185.199.110.153]185.199.110.153
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5a3af72b618723-ORD Content-Encoding: gzip 172.67.135.9
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:EE:43:99)33.6170672,-111.90564645297056
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneLord Voldmodem (Net ID: F8:F5:32:63:56:0E)37.751, -97.822
2023-05-12 02:57:45SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: ff:0e:1e:a4:6f:55:f0:74:0e:b3:83:e1:07:c9:ea:93 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Dec 14 04:12:07 2022 GMT Not After : Mar 14 04:12:06 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c0:3f:15:01:81:40:92:70:87:14:2c:25:01:e5: a7:7f:11:ff:2d:2c:1c:6c:21:42:67:4e:30:48:bf: c1:33:05:3f:32:e6:9d:27:08:a8:f7:db:7e:1a:19: 1c:aa:99:e8:d8:96:24:37:12:c6:a7:26:93:c0:67: f6:d7:bf:fc:b8:23:1f:07:9c:8a:3a:8e:50:72:7a: 0b:43:ee:28:4c:e1:d7:7b:d8:4b:14:51:0a:cf:12: 03:a0:03:83:38:8b:68:c0:ba:0b:40:43:da:e2:c7: fd:15:ad:f1:8a:ab:ad:d4:e1:28:d8:1f:91:4f:47: 05:38:6f:51:ba:b9:1e:e4:8f:9a:e9:d0:3a:3f:ae: 54:23:1b:cb:47:92:67:43:7b:78:2f:12:0d:48:e5: 86:54:03:05:53:71:94:6f:99:ca:50:b2:16:e3:59: 28:bd:e6:69:65:a7:0a:f0:76:9d:7c:ae:23:47:a4: a0:54:01:4b:e1:a1:6c:56:66:e9:5f:20:b4:97:88: 6b:ae:96:63:a2:7f:14:d1:e7:4b:38:62:1b:57:9e: 5f:19:6f:4a:f8:f3:3f:ef:b1:e8:e9:b2:bb:cb:cb: 97:cd:3c:47:76:5d:e9:c6:1b:37:bc:84:42:29:b5: 65:be:97:34:7e:ff:74:79:85:f4:78:a1:2a:b1:60: 7b:21 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FA:7E:08:50:07:6C:FD:DC:A8:68:45:A3:97:1C:E4:28:15:A8:2F:9D X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/Yj_rNAxE9pQ CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/ihFiAY-64YY.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 45:c0:ed:fe:c5:44:0c:96:51:92:15:dc:2f:1d:e5:5e:4c:7f: 89:4a:3f:3d:94:64:76:5e:6b:ff:8c:03:7f:eb:ae:61:c0:89: 16:34:3c:a1:d5:87:98:35:53:48:52:1e:b4:61:d3:7d:9f:96: bd:0f:71:c5:cf:b6:14:12:8a:01:59:97:dc:9b:84:b8:dd:00: 79:7f:7b:33:b7:24:69:1f:af:bd:66:ab:a1:a1:aa:55:6d:07: 62:b3:82:ac:fd:d6:53:44:01:3b:7c:3d:b9:8c:0c:8a:49:6d: d5:e2:69:ce:ba:89:85:d0:a0:a7:81:a9:33:e3:76:b1:ed:fb: 71:7d:21:ea:82:98:93:f2:93:44:03:80:07:95:04:86:b6:71: 7f:1b:b4:73:ab:10:06:9e:6f:7b:f8:37:23:5b:20:c2:b0:1b: 8c:a9:f0:bb:c8:15:54:65:03:66:2b:65:2b:dd:c8:82:36:7d: 72:f9:d2:d6:5a:4a:b5:ef:a1:6b:50:f2:a1:c4:4a:6e:36:35: c1:77:e5:2a:d0:28:89:59:f4:ec:d9:e0:96:66:a5:63:34:40: 69:7a:2a:6c:50:eb:81:e2:8a:ed:dd:bc:84:68:33:dd:56:7f: 0b:5f:af:bd:a2:2e:a4:1d:b3:12:b6:18:66:80:38:3d:ab:75: 96:5c:c6:6f ayhu.xyz
2023-05-12 03:10:35Open TCP PortNoPulsedive0030None185.199.108.153:80185.199.108.0/24
2023-05-12 02:59:49Affiliate - Email AddressNoE-Mail Address Extractor0020Nonereplayhubunlimited@gmail.com[{"platform": "Chrome", "version": "1.0", "data": {"dangerousfunctions": {".insertBefore(": {"/tmp/agjliddikiapkkpacaacecphgdoplfop_1.0/content.js": [26]}}, "webstore": {"website": "https://replayhub.netlify.app/", "rating": 0, "privacy_policy": "", "last_updated": "2023-04-06", "name": "ReplayHub YouTube Looper", "price": "", "offered_by": "", "support_site": "https://replayhub.netlify.app/", "version": "", "address": "", "short_description": "A Chrome extension for looping YouTube videos.", "permission_warnings": [], "users": 2, "size": "12.84KiB", "type": "Extension", "email": "replayhubunlimited@gmail.com", "rating_users": 0, "icon": "https://lh3.googleusercontent.com/8hLe0teq-FvENQnMGTH5hbKoAgfgd5YttifZdgjiDupvDj0k9qP7enO7qNry3CWBXmZtrms-qMTbQk7rL--uibGNuA=w128-h128-e365-rj-sc0x00ffffff"}, "risk": {"metadata": {}, "total": 382, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "webstore": {"privacy_policy": 1, "last_updated": 1, "users": 1, "address": 1, "total": 5, "rating_users": 1}}, "related": {"iginnfkhmmfhlkagcmpgofnjhanpmklb": {"rating": 4.602212, "users": 1000000, "platform": "", "short_description": "Play over 50 levels of box-jumping madness! Design and share your own levels.", "icon": "https://lh3.googleusercontent.com/muc6rdfnYlghXu2auI9B_xTDc3DjGTqJEn7crw2warPYn2ynoswSQzMskhdwzSa3aGn5ZtN1FS5zt7F2RQ7kvbiXXA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7866, "name": "Boxel Rebound"}, "coabfkgengacobjpmdlmmihhhfnhbjdm": {"rating": 4.712575, "users": 200000, "platform": "", "short_description": "Draw anything and anywhere in real-time, an Paint online. Take a Screenshot of what you have drawn.", "icon": "https://lh3.googleusercontent.com/ATk-HSHUYW94gfeX1-QViI3E-R9ayz6L-z1kaWZHTbODo35loCLAgQQ0Dd7Iyo_WVwIKwwV5CZMKy4xSAim78-i5=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 334, "name": "Paint Tool for Chrome"}, "pgniedifoejifjkndekolimjeclnokkb": {"rating": 4.152824, "users": 100000, "platform": "", "short_description": "Twitch culture wherever you go! This extension replaces all Twitch.tv emote phrases with their actual emoticons.", "icon": "https://lh3.googleusercontent.com/wpEAZCTc19k3y0XQ7kjngo0zY2gDblkGn4E-sp41P9QZJyERCUErowcPq7IYEJDop6Nxk-Mnn5lJDVHm5TTOWMBpRw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 301, "name": "Global Twitch Emotes"}, "anflghppebdhjipndogapfagemgnlblh": {"rating": 4.5964994, "users": 1000000, "platform": "", "short_description": "Funny custom cursors for Chrome\u2122. Replace the default mouse cursor with a custom one from collections of cool and cute cursors.", "icon": "https://lh3.googleusercontent.com/9Sdk_yE3HogVcKV36GpAjo2WuW-KjYxE_OuLWGw_uQV55Nek_trNMqPxUADU2zteqtaZ2Nb6WOCWhbKODyPVCsfiFQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14912, "name": "Cute Cursors - Custom Cursor for Chrome\u2122"}, "mghabdfikjldejcdcmclcmpcmknjahli": {"rating": 4.4349837, "users": 100000, "platform": "", "short_description": "Bass Boost makes videos, songs, movies and more sound awesome by boosting your speakers or headphones.", "icon": "https://lh3.googleusercontent.com/S_ICtgwu98_1zAUeun5CjylcOZeR8R6CbFeny166JgpLD7X9ny67sPfFH8CH93K9h-4KaEOAsQ23UT_gslYKLgjSdw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1515, "name": "Bass Boost: HD Audio"}, "mkccemimdjbojildcllapppfhphcfmkn": {"rating": 4.3464284, "users": 100000, "platform": "", "short_description": "Funny and highly addictive Piggybank idle cash clicker game! From poor pig to a money rain maker!", "icon": "https://lh3.googleusercontent.com/MTOgoa-4pnm2oT718hOzu0s7AyYRh2Hktwursb3vRiYoLJ_NhpZbNlcitb9yqgjsq58Oeml6yG8rdTJTFDnJQ1AdlhY=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 280, "name": "PiggyBank Money Clicker - Idle Game"}, "eekbbmglbfldjpgbmajenafphnfjonnc": {"rating": 4.0141845, "users": 300000, "platform": "", "short_description": "Create and save drawings at the click of a button.", "icon": "https://lh3.googleusercontent.com/9Ss9Et8Wqx2wynjcCgVgKCrWKgQALgDa_5dS8BrLamdoaJxE23RUqPzUCOtPl6Z_4E0cOjPLFWD-LRrIiPTV7A4d=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 282, "name": "TinySketch"}, "mmgjkfjlmdkmoipndaeombfnomjfgeff": {"rating": 4.7636366, "users": 200000, "platform": "", "short_description": "Boxel Golf is a multiplayer golf game packed with challenging courses, custom hats, and a powerful level builder.", "icon": "https://lh3.googleusercontent.com/CJluh5KxvX9BptxcgNfGygJ_FrarOtaAENIzJt_PhpyYyFLIKwtbx_ibaBFihgBFBnjNHBw6Zqf780ki2rEgsTL-=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 110, "name": "Boxel Golf"}, "akimgimeeoiognljlfchpbkpfbmeapkh": {"rating": 4.464241, "users": 300000, "platform": "", "short_description": "Art masterpieces from Google Arts & Culture in your browser tabs", "icon": "https://lh3.googleusercontent.com/vb_gZQ1M8DRLziSDF2orUqqOxfS0R41P6ivGjESV-Wayt2PhEjjECCjqt6cFYjmFOiJc3tPNRlaH--bS4YgJ2_bUF1A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1594, "name": "Google Arts & Culture"}, "ejgnolahdlcimijhloboakpjogbfdkkp": {"rating": 4.363104, "users": 200000, "platform": "", "short_description": "Meow is a virtual Cat pet who walks on your screen while you're browsing the web.", "icon": "https://lh3.googleusercontent.com/bGSk3Ww67wjSEwL0G3NUzjrmdwxCc07Zqg-DJ86TCU-9wslcEtutlHV8sn5gszDzOVilT4LhvdkXedoS8bvuCN-PJ5Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1366, "name": "Meow, The Cat Pet"}, "ogadflejmplcdhcldlloonbiekhnlopp": {"rating": 4.765432, "users": 700000, "platform": "", "short_description": "Increase your max volume! Amplify sound by up to 600%. Control sound of any tab using audio equalizer.", "icon": "https://lh3.googleusercontent.com/i9-pwrYc-CjuOK3VW2wQHhWkBis2nQ_JtZLAqU36S-h3Ogx85OIj9ml3qLVEq_hb4mdaDCPm74nkFuLGN2AtvsQh=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 324, "name": "VolumeUp - Sound booster"}, "gebbhagfogifgggkldgodflihgfeippi": {"rating": 4.8502846, "users": 4000000, "platform": "", "short_description": "Returns ability to see dislikes", "icon": "https://lh3.googleusercontent.com/X0-M21C_VbWyXYuUjN55oyMDvOukjbzAxbs_WrUjwzsebWbyjFCIEchOtczI0DBvbyL9MUpuEWnghm19gF6dp8Vriw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14581, "name": "Return YouTube Dislike"}, "mjjgmlmpeaikcaajghilhnioimmaibon": {"rating": 4.636716, "users": 600000, "platform": "", "short_description": "Boxel 3D is the 3rd release of your favorite box jumping game made by the developers of Boxel Rebound.", "icon": "https://lh3.googleusercontent.com/wJh9K6xTW1upb8nCKtceJ62mE4BWbS7o4RiQpNnxoATQ8sn5w6RIYK9e5B6vPBp8Ve-rw9ZC9s-fTn7aiiH211Xd=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1291, "name": "Boxel 3D"}, "cogmkaeijeflocngklepoknelfjpdjng": {"rating": 4.026706, "users": 100000, "platform": "", "short_description": "Powerful Video Downloader. Downloads most popular media formats like flash, videos, audios.", "icon": "https://lh3.googleusercontent.com/VlYizxdn50R6ZbmamuMJtMI0fLKaA1MQ9oZfGx3_Ewx-vHafh3aU3kcioZev8TGkc1bhrdEpYg9QRSlV2ip95SrWKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 337, "name": "Universal Video Downloader"}, "pjafcgbpdclmdeiipolenjgkikeldljl": {"rating": 4.6231885, "users": 100000, "platform": "", "short_description": "Play the piano in your browser", "icon": "https://lh3.googleusercontent.com/Qr_GTzNHNuRvSIDBRrVhDo_oe1X8lMQ4EeUvbHpXMn82tUSBxqqBrNTll4RwlrIAT8eT79cMTqE4XwkmlpsQXTeA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 69, "name": "Chrome Piano"}, "dlnkkghpoaboifilieokcpoclbhpoclo": {"rating": 4.610895, "users": 400000, "platform": "", "short_description": "The classic Flappy Bird game offline version on your Google Chrome! Free online Flappy Bird plat on Desktop. Flappy for Chrome.", "icon": "https://lh3.googleusercontent.com/NJeftxVVijTjJAjU513yZrpTnqhUaifchPG7ueRV4tbYdvyhLFzaxrv78efd89uuDttH5JGOEYGzyIWwmUpQXfwXKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 257, "name": "Flappy Bird Offline. Desktop Version"}, "gokcmhknbfbkchaljcbjloaebnoblcnd": {"rating": 4.47541, "users": 100000, "platform": "", "short_description": "Welcome to Arcade Classics - a free browser extension with 9 games to play!", "icon": "https://lh3.googleusercontent.com/INSecUCn41xlC2ZJ-EtqFbnHRT6NQ7rwnT-A3AHFZBqvHUO5znb9qBco8HWaXTsM09TceC152h7LIesE_ncO3GktDw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 61, "name": "Arcade Classics"}, "emeokgokialpjadjaoeiplmnkjoaegng": {"rating": 3.3394256, "users": 500000, "platform": "", "short_description": "Draw shapes, lines, and add text to live web pages and take screenshot.", "icon": "https://lh3.googleusercontent.com/Wafwq7jbZDxfLNCG587_eBMy91NkmSP2JFA3b4hWobkUAplS41SaW08gHYd8vcamJ1EPG5gQMPoQ_VDoVTNT9wH-KQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 766, "name": "Web Paint"}, "goiejopegncpjmocklmfiipofdbkhpic": {"rating": 4.5925927, "users": 100000, "platform": "", "short_description": "Doodle Jump! Jump and break your records!", "icon": "https://lh3.googleusercontent.com/sdyc5k0236GAl3UATyeaXTUVV7KzolMDZCdMo2ndFcYeMMX0hYvUNkCAf2hCBvnIZrd4NIjVJ41Huds2XMXL3qgo=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Doodle Jump Ninja"}, "fadndhdgpmmaapbmfcknlfgcflmmmieb": {"rating": 4.466354, "users": 1000000, "platform": "", "short_description": "Use a variety of unique faces on Twitch!", "icon": "https://lh3.googleusercontent.com/qeMTob_QmnY3Mt8c-PnUxLs8nA82SW2VNylqMQ70aSRfpHCDISNXQI_4CIaW9N-kFyfhiAGYZ4Gy2zU4EaD5QxEEL-Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 639, "name": "FrankerFaceZ"}, "bmjmipppabdlpjccanalncobmbacckjn": {"rating": 4.889806, "users": 200000, "platform": "", "short_description": "Cool, cute and funny cursors for Chrome\u2122, choose from hundreds of options.", "icon": "https://lh3.googleusercontent.com/cFDN-1ehvX3Ru1s02Aq68gnGJB2PyGa3Z1OfGXK7gWrvPYJZy7q68KxLX4Y5peQfd6aVYzNab2Kp7ZIxcOy1N_mcO4E=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2060, "name": "Cursor style - custom cursor for your browser"}, "ogdlpmhglpejoiomcodnpjnfgcpmgale": {"rating": 4.716016, "users": 6000000, "platform": "", "short_description": "Fun custom cursors for Chrome\u2122. Use a large collection of free cursors or upload your own.", "icon": "https://lh3.googleusercontent.com/H2MMZR0mOR25jQf_4GdtDTufefua3igDkUq9TXdzfdqHXxkp9zfuVp3gSqAKRWGG2urjM0PlMIdLuZWcWRAtlUvZ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42439, "name": "Custom
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5cc474dd9f2b1c-ORD Content-Encoding: gzip 188.114.96.1
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "webmailsession=%3aJ6wQNgi5mDSbd8Aj%2ccc122e301037955ff583c00e21431728; HttpOnly; path=/; port=2096; secure", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2096; secure", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096", "roundcube_cookies=enabled; HttpOnly; expires=Thu, 09-May-2024 16:40:03 GMT; path=/; port=2096; secure"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 02:54:23HTTP HeadersNoWeb Spider2040None{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:23 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:23 GMT", "cf-ray": "7c5f60721cb70f8d-EWR", "content-type": "text/css", "x-frame-options": "DENY"}https://www.ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:16:B6:17:24:0D)32.8608, -79.9746
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:DB:DA:99)33.617190550339146,-111.90827887019054
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneIntel Gateway (Net ID: 00:01:E6:96:87:21)39.0469, -77.4903
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonegrasshopper2 (Net ID: 00:01:38:5A:88:28)37.780462,-122.390564
2023-05-12 02:53:49Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: A5D4:2C9F:2F6913:34928C:645D0975 Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-gig2250052-GIG X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683818869.392299,VS0,VE127 Vary: Accept-Encoding X-Fastly-Request-ID: 770beefb8a8eea06db7f3e4b2376459b2d1c2cbe 2606:50c0:8000::153
2023-05-12 02:55:46Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kekw.battleb0t.xyz/jar', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:348:120:WilError_01"\n "SM0:348:120:WilError_01"\n "SM0:348:304:WilStaging_02"\n "Local\\SM0:348:304:WilStaging_02"\n "SM0:7052:120:WilError_01"\n "SM0:7052:304:WilStaging_02"\n "Local\\SM0:7052:120:WilError_01"\n "Local\\SM0:7052:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:120:WilError_01"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-220', u'name': u'Executes batch file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1059', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1059', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Process "msedge.exe" with commandline "--single-argument http://kekw.battleb0t.xyz/jar" (UID: 00000000-00007052)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"64.226.81.43:49750"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kekw.battleb0t.xyz"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007052]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00007052]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007052]\n "Session_13324411891984663" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\manifest.fingerprint]- [targetUID: 00000000-00007052]\n "c920e640-3cd4-4291-b5a7-5ed9af660f2d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp]- [targetUID: 00000000-00007052]\n "8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp]- [targetUID: 00000000-00007052]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007052]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007052]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7052_1944693387\\manifest.json]- [targetUID: 00000000-00007052]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp]- [targetUID: 00000000-00007052]\n "Tabs_13324411893998198" has type "data"- [targetUID: N/A]\n "643a517a-ab51-4a47-a7fa-e8480b929b43.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\643a517a-ab51-4a47-a7fa-e8480b929b43.tmp]- [targetUID: 00000000-00007052]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokenAndKey\\LOG]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://kekw.battleb0t.xyz/jar"\n Pattern match: "Math.PI/180"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://kekw.battleb0t.xyz"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "kekw.battleb0t.xyz/jar"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\shoppingfre.js]- [targetUID: 00000000-00007052]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007052]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007052]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7052_16790919\\adblock_snippet.js]- [targetUID: 00000000-00007052]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\auto_open_controller.js]- [targetUID: 00000000-00007052]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping.js" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007052]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\shopping_iframe_driver.js]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.064.226.81.43
2023-05-12 02:46:11Malicious IP AddressYesMetaDefender0130Nonewebroot.com [104.21.71.14]104.21.71.14
2023-05-12 03:18:06URL (Purely Static)NoPage Information0030Nonehttp://kekw.battleb0t.xyz<!DOCTYPE html> <html> <iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> </html>
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5c8cb9da901236-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.71.14
2023-05-12 02:48:38Malicious Co-Hosted SiteYesVirusTotal0120NoneVirusTotal [www.github.com] https://www.virustotal.com/en/domain/www.github.com/information/www.github.com
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneDuolingo (Category: hobby) https://www.duolingo.com/profile/ayhuayhu
2023-05-12 02:57:23Internet NameNoCertificate Transparency0010Nonewww.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:03:23Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0.github.io
2023-05-12 02:44:10Co-Hosted SiteNoSSL Certificate Analyzer0110Nonegithub.iobattleb0t.xyz
2023-05-12 03:09:04Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10887.248.157.102
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneAmethyst (Net ID: 00:01:21:30:76:B7)41.8781, -87.6298
2023-05-12 02:57:31Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://userclient-maindeskamz6.duckdns.org', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 13, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://start.seitenatelier.ch/free/desk17/usa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7992:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7992:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7672:304:WilStaging_02"\n "Local\\SM0:7672:120:WilError_01"\n "Local\\SM0:7992:120:WilError_01"\n "Local\\SM0:7992:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8048:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.46.243:443"\n "142.250.189.14:443"\n "69.16.175.10:443"\n "142.251.46.212:443"\n "142.251.46.234:443"\n "142.250.191.67:443"\n "35.244.149.249:443"\n "142.251.32.33:443"\n "134.209.18.52:443"\n "104.17.24.14:443"\n "18.213.222.111:443"\n "34.148.97.127:443"\n "104.22.61.124:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "lihi2.cc"\n "releases.jquery.com"\n "userclient-maindeskamz6.duckdns.org"\n "www.cloudways.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows"), Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007992]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7992_869135203\\Part-RU]- [targetUID: 00000000-00007992]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007992]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007992]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007992]\n "f_00023e" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007992]\n "706fd1a1-8b40-4bc6-bcf9-91551dfb6c00.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 11805"- Location: [%TEMP%\\706fd1a1-8b40-4bc6-bcf9-91551dfb6c00.tmp]- [targetUID: 00000000-00007992]\n "f_00023d" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007984]\n "1131927d-a60d-42de-bcc5-0f2ff1f19599.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "7f5c3e03-e3d9-4827-9689-97cf06d5cf28.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7f5c3e03-e3d9-4827-9689-97cf06d5cf28.tmp]- [targetUID: 00000000-00007992]\n "dbd20caf-f43b-40a4-89ba-11e5c4cf28c9.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\dbd20caf-f43b-40a4-89ba-11e5c4cf28c9.tmp]- [targetUID: 00000000-00007992]\n "2295fc53-d7a2-464a-a8c5-f67c10386b59.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\2295fc53-d7a2-464a-a8c5-f67c10386b59.tmp]- [targetUID: 00000000-00007992]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005676]\n "13ecf884ff1581cb_0" has type "data"- [targetUID: N/A]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007992]\n "393a9751-d2fe-45b8-8e82-e58c32edcb4e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\393a9751-d2fe-45b8-8e82-e58c32edcb4e.tmp]- [targetUID: 00000000-00007984]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007992]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\7992_869135203\\Filtering Rules]- [targetUID: 00000000-00007992]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00007992]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\LOG]- [targetUID: 00000000-00007992]\n "Indexing in Progress" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.38\\Indexing in Progress]- [targetUID: 00000000-00007992]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://start.seitenatelier.ch/free/desk17/usa"\n Pattern match: "https://start.seitenatelier.ch"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "lihi2.cc"\n Heuristic match: "releases.jquery.com"\n Heuristic match: "userclient-maindeskamz6.duckdns.org"\n Pattern match: "www.cloudways.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random\n "www.cloudways.com" seems to be random'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\7992_869135203\\adblock_snippet.js]- [targetUID: 00000000-00007992]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-43', u'name': u'Writes a PE file header to disc', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 6, u'description': u'"msedge.exe" wrote 8192 bytes starting with PE header signature to file "%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll": 4d5a78000100000004000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000780000000e1fff0e00ff09ff21ff014cff21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e2400005045000064ff0a00 ...'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007992]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7992_869135203\\Part-RU]- [targetUID: 00000000-00007992]'}, {u'category': u'Network Related', u'origin': u'File/Memory'34.148.97.127
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2082172.67.168.252
2023-05-12 02:44:04Web TechnologyNoTool - WAFW00F0010NoneNone Nonebattleb0t.xyz
2023-05-12 02:54:00Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T02:04:48.515Z", "ip": "104.21.6.166", "location_updated_at": "2023-04-29T21:15:21.600075Z", "autonomous_system_updated_at": "2023-05-09T11:43:45.531739Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.proappsys.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-10T18:40:10.866976783Z"}, "cpcontacts.menuin.pe": {"record_type": "A", "resolved_at": "2023-03-24T20:44:33.512986421Z"}, "www.oldthdoo.xyz": {"record_type": "A", "resolved_at": "2022-09-26T19:11:07.076925735Z"}, "matrixeducatie.nl": {"record_type": "A", "resolved_at": "2023-05-03T04:09:23.480806956Z"}, "outimpivutinli.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:31.066836981Z"}, "dhcp.pro": {"record_type": "A", "resolved_at": "2023-04-07T20:54:25.762591525Z"}, "kennedy.br": {"record_type": "A", "resolved_at": "2023-04-28T12:51:47.804820047Z"}, "sufferwith.info": {"record_type": "A", "resolved_at": "2023-05-10T17:23:47.734514798Z"}, "eraliser.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:10.208194848Z"}, "www.jollygoodgames.com": {"record_type": "A", "resolved_at": "2023-05-07T14:57:18.867430647Z"}, "nzfortress.nz": {"record_type": "A", "resolved_at": "2022-12-07T17:06:16.407969123Z"}, "lorencic.net": {"record_type": "A", "resolved_at": "2023-04-27T21:11:28.873533314Z"}, "pesdatabase.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-05-08T21:46:48.198722317Z"}, "cdn-4.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-02T19:46:18.705684829Z"}, "reanorthcong.tk": {"record_type": "A", "resolved_at": "2023-04-04T23:08:50.029341555Z"}, "4wdinfo.com": {"record_type": "A", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-18T18:24:43.138880401Z"}, "account-dev.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-23T16:34:50.737558857Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "amg166.com": {"record_type": "A", "resolved_at": "2023-05-11T13:53:26.798801874Z"}, "alexricher.com": {"record_type": "A", "resolved_at": "2023-05-09T13:21:30.399313330Z"}, "48ln.com": {"record_type": "A", "resolved_at": "2023-05-08T13:20:43.893083983Z"}, "efnebacthydeda.cf": {"record_type": "A", "resolved_at": "2023-04-21T12:58:48.779910168Z"}, "usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-02T23:18:02.110883898Z"}, "backup.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.633015199Z"}, "osdronovacsiewy.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:56:01.549731533Z"}, "www.kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-05T19:50:13.137718896Z"}, "wildanmaulana.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:54.678346749Z"}, "cpcalendars.itauna.mg.gov.br": {"record_type": "A", "resolved_at": "2023-04-28T12:51:58.455556942Z"}, "obhkitchens.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T10:58:42.826529023Z"}, "www.bouncefitness.precisiongroup.com.au": {"record_type": "A", "resolved_at": "2023-04-26T12:25:18.625366391Z"}, "www.onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-07T21:18:07.768786749Z"}, "www.seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "myschoolpoint.ca": {"record_type": "A", "resolved_at": "2023-05-06T12:57:35.437078256Z"}, "mitincderthesacom.tk": {"record_type": "A", "resolved_at": "2023-04-15T02:26:57.134312633Z"}, "kerzcoobamabasvio.cf": {"record_type": "A", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "apps.codiotic.com": {"record_type": "A", "resolved_at": "2023-05-06T14:35:31.397147978Z"}, "cdn.madeincanadadirectory.ca": {"record_type": "CNAME", "resolved_at": "2023-04-28T12:59:28.832256372Z"}, "www.usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-11T16:20:14.776067678Z"}, "prefahoutesraismac.ga": {"record_type": "A", "resolved_at": "2023-05-10T17:09:09.762399021Z"}, "datedei.ml": {"record_type": "A", "resolved_at": "2023-01-08T15:10:53.714814308Z"}, "tavernolaincanto.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-04-10T21:37:30.505399325Z"}, "isnulemati.tk": {"record_type": "A", "resolved_at": "2023-05-01T20:43:57.727814020Z"}, "hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-08T22:17:07.130263501Z"}, "api.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-26T16:20:22.956402279Z"}, "zacaluzoo.com.au": {"record_type": "A", "resolved_at": "2023-05-02T19:19:57.060547173Z"}, "www.typearound.com": {"record_type": "A", "resolved_at": "2023-05-03T15:59:44.822944002Z"}, "ketitarechesjunc.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:13.362328225Z"}, "totnewsgativime.ml": {"record_type": "A", "resolved_at": "2023-05-11T18:38:46.532739958Z"}, "tgtetv.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-11T19:57:47.589434167Z"}, "credegtetandbeasump.tk": {"record_type": "A", "resolved_at": "2023-04-13T20:24:22.673256350Z"}, "tgtetv.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.785914421Z"}, "enchocompnicha.tk": {"record_type": "A", "resolved_at": "2023-01-16T17:49:49.026447391Z"}, "manlopanficlle.tk": {"record_type": "A", "resolved_at": "2022-12-27T16:42:16.700640379Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "jagotekno.com": {"record_type": "A", "resolved_at": "2023-04-22T14:38:01.151568998Z"}, "ftp.jogjacontemporary.net": {"record_type": "A", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "A", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "account.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-17T13:39:14.401013523Z"}, "hakertidircordbils.tk": {"record_type": "A", "resolved_at": "2023-04-24T22:20:31.002106199Z"}, "lupiguitars.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-04-27T22:39:14.320632180Z"}, "esipdages.tk": {"record_type": "A", "resolved_at": "2022-12-24T16:43:56.993137478Z"}, "mardederlohafi.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:48.592242511Z"}, "asitsigsa.ml": {"record_type": "A", "resolved_at": "2023-02-21T18:25:08.432169225Z"}, "onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-09T01:43:37.823377424Z"}, "bertrambert14.xyz": {"record_type": "A", "resolved_at": "2022-12-22T16:54:35.233949627Z"}, "vpnexpert.nl": {"record_type": "A", "resolved_at": "2023-05-01T19:57:49.698948942Z"}, "ok-medicalbilling-ok.live": {"record_type": "A", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "buy100.shop": {"record_type": "A", "resolved_at": "2023-04-22T20:30:28.859900313Z"}, "video.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:43.709528638Z"}, "account-dev.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T18:30:39.855141477Z"}, "bbot.bt3.baroni.tech": {"record_type": "A", "resolved_at": "2023-04-26T22:30:56.657884912Z"}, "bouncefitness.precisiongroup.com.au": {"record_type": "A", "resolved_at": "2023-02-21T12:15:56.351172926Z"}, "ghappsherkverve.xyz": {"record_type": "A", "resolved_at": "2022-10-01T16:00:32.859129543Z"}, "cpanel.menuin.pe": {"record_type": "A", "resolved_at": "2023-03-22T20:32:11.345789341Z"}, "kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-09T20:45:29.883376868Z"}, "trinityartistseries.org": {"record_type": "A", "resolved_at": "2022-12-29T16:31:11.663002382Z"}, "fastago.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-26T19:56:32.748547371Z"}, "login.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "typearound.com": {"record_type": "A", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "mail.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-28T23:19:06.736816476Z"}, "50gb138.xyz": {"record_type": "A", "resolved_at": "2023-01-14T17:27:43.018315606Z"}, "therpsequavillicomp.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:55.402091890Z"}, "mycleanersrock.com": {"record_type": "A", "resolved_at": "2022-11-23T16:19:42.997763435Z"}, "www.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-20T00:02:14.977582110Z"}, "nextcloud.alexricher.com": {"record_type": "A", "resolved_at": "2023-05-10T13:11:53.876178346Z"}, "refahilze.click": {"record_type": "A", "resolved_at": "2023-04-29T12:54:23.414088969Z"}, "emnotantfitmanas.ml": {"record_type": "A", "resolved_at": "2023-04-30T23:59:01.980378964Z"}, "latabke.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:55:59.693650651Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "mail.asaletbaman.com": {"record_type": "A", "resolved_at": "2023-04-29T13:53:58.193607223Z"}, "efinonkoconsran.cf": {"record_type": "A", "resolved_at": "2023-04-07T12:55:16.859598877Z"}, "2019.surfstationsurfschool.com": {"record_type": "A", "resolved_at": "2023-04-19T18:16:36.309307681Z"}, "octagonplastering.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-19T13:48:18.916628263Z"}, "account.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:40.329778906Z"}, "magnus.on-tech.tech": {"record_type": "A", "resolved_at": "2023-04-16T20:47:32.869615095Z"}, "edericgakos.ml": {"record_type": "A", "resolved_at": "2023-02-27T16:49:01.824929419Z"}, "kola-jen.com": {"record_type": "A", "resolved_at": "2022-12-01T13:36:32.553804192Z"}, "cocselasva.gq": {"record_type": "A", "resolved_at": "2023-03-24T17:20:10.646834545Z"}}, "names": ["mardederlohafi.cf", "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net", "ftp.jogjacontemporary.net", "apps.codiotic.com", 104.21.6.166
2023-05-12 02:44:33SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 13:22:33 2023 GMT Not After : Jun 25 13:22:32 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad: 5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc: c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08: 31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f: 84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21: 8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e: 21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93: 90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad: 4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19: 7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0: a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5: 3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9: 5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97: a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98: 3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36: a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1: bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43: d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0: bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb: b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6: 8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5: ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57: a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f: 9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20: 00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5: d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62: 96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3: 1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d: 32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e: 25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2: 4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec: 53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2: 37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df: 2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57: 1c:e4:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a3:1a:73:71:ae:ed:9f:b5:9b:61:66:0e:f9:3c:05:e5:98:b9: 71:fe:3a:01:23:3c:a5:ed:da:b4:47:c0:62:3d:82:74:46:2d: f3:bc:7d:58:f7:9d:a3:63:b0:c8:15:ad:b0:58:bc:d6:75:4d: 8b:28:94:cb:bc:69:7c:80:f8:cd:78:76:8f:73:94:76:90:7d: 80:5c:21:83:4e:e4:26:a7:06:a5:e9:38:47:ff:a7:5f:42:bd: c4:d9:74:6a:33:69:46:51:e5:bd:52:74:21:07:0b:2d:14:31: 45:31:91:5d:2e:25:25:a0:10:c9:3a:3e:d7:38:78:9b:b2:aa: 22:af:71:e4:8a:d0:ec:e4:7c:b6:88:11:5f:5d:42:ee:2b:78: b2:c8:8f:62:9a:3e:c3:a6:06:7e:f7:0b:b9:99:fa:b8:e0:42: 79:cd:64:e7:19:13:71:ab:ad:f1:90:66:20:91:56:0f:0c:e3: 48:ed:63:55:89:67:59:f7:08:9e:72:d6:2b:54:e9:5e:60:6b: af:15:40:e4:e3:93:64:05:b5:87:bf:b5:3b:e3:0a:3e:94:9e: a2:8e:f7:62:b7:7a:47:d1:97:14:d5:e3:c4:7b:f6:89:76:12: 8c:29:e2:6a:8d:3f:22:f5:b7:f7:82:ac:c9:19:ac:5c:cb:6e: d1:2d:07:ab battleb0t.xyz
2023-05-12 03:03:24Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000.github.io
2023-05-12 03:12:14Affiliate - Domain WhoisNoWhois3050None Domain Name: KEYUBU.COM Registry Domain ID: 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registry Expiry Date: 2023-07-31T21:39:32Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.COM Registry Domain ID : 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registrar Registration Expiration Date: 2023-07-31T21:39:32Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2 keyubu.com
2023-05-12 02:44:27IP AddressNoDNS Resolver42020None64.226.81.43kekw.battleb0t.xyz
2023-05-12 03:24:21Web ContentNoWeb Spider2020None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c594cb34339')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="fXRp0MT2Gq_7yIcIgnBHmz4mvl642t3xYxkCV5CopVU-1683861861-0-AevD5zHzR5Nylhg7VMHylWA-UGhfY5JI7t_DZKLajlY04sfvOKhEUvL9GVGicMZplZkcd7EKnpXCooBz_psnEdyw4NmTFN3sNXxO3b2NuDlfX3fgFqIYYwxN-_ZcrgInEcSdq4ze85lgbNjmAyI7cICej2859mTsNPJTSg3Eei4MCiIEepygARCAmXkyjazT_siRWXRbIF3Yq9cQrkKvTYHjy7kA4ARUBhj3gHLsfY6ByHmcA-4oH5F_BMaNFfn83ZbE-O4HF1luYDVMX4jN2SY5BFBmGirV5lQE7nc2ET_G_HywU7GlMXbT0JmkojLsvRDxpqP_ZBtz_vJHbi4FUOHHRaxbF6WI1ct7U2kIlltKjNHrBNnSQ1zRICZ4xPEiXCRFEqv1mvMk_vuWumbRs70YeoiNBWGJjw9SNPC0qRv0_rQzWEhzAZCr9GR45Pyn22x2UzlVIl478oJoBXIxbm7A_QBYYHzFjMNgE8pR4rE43z-LkzbfZp4Mrz4ipAVKmZJGkf2Y5B_9TlYOJXKMjDFy4LD0ELxkw1-R_QW_mLtVmznveG5c9m2IZ2zQV1cn4H8j5Bc1iY811MUNVsmFG0JD-DYsguU4LRfDkaOmbWCSaJ34wnyswYZY6vuAq7jQcIjqzclxyNRihA5I_cL6ueo4Ri5oVSncrTfIsWIYMESFPA-cZy_mtxt3SdM8IrciE1x1sYi06n9I6prGHl0s-4QNR7JVOnbdMoI28ES-j7HwNWZk4MsUxFuzUOsk5lSLsSRh-hQZxr19nktp-MvVpSzRUuSL26nuxNFkN8FTk5Ae96R-Z683yfnj1pOwmIp-ezEp2JWb8TkZZ0zoMJBnNWz-dER92U4KjRMwAWRs684SongNmPEIXYAgqclvfJ3msrReLNbVn2C0cz7wvPKboCqEwy5ipFMXgNiuhbJpqavDTbOw2pcmk4nLwQO7-0fq6lR-AioIh72_7f-dcCDyp3CvaV2lSxONdGbwSj69Uzxdx9pjqKiA7eKWgpDp1A1TT4OM1UPvdKoDNlfXS-kt53TGtcDj_tr5ZSCxVfBj5Eaq6vy-dzTe3un5fL0Jw93IdI7hmq3BtVNMvvG3ttwva1yDFbKbbzAoei-_xuiypX7ONnqllk5lT1u_-s9W-YqxnvXblOasj5xt36xai8HGELg30c69mi7dS6KFtoe8onnoqh_Jv5x6H6CEBPpBlJkQ-7Wml_gwi2q6d0tQ_ZdaaMoOXxHsxIyK5qGvyrxIKQoaob4JTcbfXfzc5V6fJoXtr9RSoGgPAroX9StxeMfnAcZJZ38lwB2R_OkZXBx7EFcRTvZsqwNSAcBE597i5gxzUV9OIg9fnTaoLIGC6pMfXSOrCdhVP4gGEX4Bccu5X10qZzo6Szn5JgpstSZeqAMVuU9TWGPYdK5uOwlHRiWmjX7UntfXmsGqJLQN_MyyArtIqHW_GuUvvub4g6fNvemcAOPIu9NS3HWmMTmUN4ACMa423i12vOJGRP7TcmceYbGSntTQh51WDUHuY7LdwoWtDpwMlk9-stOh87SR4LOrDyvW1iZRowgiTy2GmxHJlIHKCRhXnA5KaH4pnPJkKkhrPoRN6DTCQDr15qpBgZxUmF4wezI7yU8i7hxFvjA2vpTMuEjzuFK5Xab8ZS1nR5YLbQiKD3ROG0S6bl-4nxyf66OU-8Xv4FaugupxS3e-wlAwiX3hxmLNdGdmQn9eyC4_2RwUK2WWp5b7e4SAi9-pAVBzMefue3T2KHTLHF643icuFWjUauohcHM9aP5V8YQkXvauXJeiafKXSGCb142muLvzgJ9tWui0nHCx7aGYnZ5KCXJJAPsMf9OR8piOc-bOw90DQdaaAoQce9uq1wQGOtC7qhcYnC54DqDoEYzADwA9eHH9CWAG4K79Bs3Vtk5_YaWGKevDuxwe2PI4tgDIlPhm0aaMmefu_Aqbmk6Nh3efYd6tebEuF1GGAbp894vPoKIV_oMOG4605Orlbta-mL3BdBLdomEjXGBNzJc8zOt_diWLDMArzlhmqHj68HR17Jaa_r6ERT_jArQXozZtM_B3L5O8SpcafOJWm3x_EH-cSS-ttAlAlAFa0wgnswXzQF8jvtcMH7wOU4U6LjP8DMTOtT18J0nltl0j_q-DNG4lBHonjmIjyRSP8oBxk-3z89_7YNTov0awtqgzLFZw2_mSARwNl4_HaPezvCevT53qGnFReXcG3RzOMm4zSBZbENl_DwydIdBN0QqU0z3ekKIj0DHHzeDbwvLRQiV0Lv01I4DZBYzgAdCYmkN3aWrG0sAU92LemS02Ukd_enHt1XRhTQOnUlyr42CJb5OOWo8CjNFcGn16guPRfUma268s38K2-wnhjS9iCXiymmGF-AAdAizqUKdabbQOSsatJ602VLlNMiwTbinDbOME_fkBdTGzKnt5g_beyji9YWF9g5kjIdThtdFTLZ7VtxqQe64uUOYy3ZMXGyBjPj32wUf-c45ZB1IslXSI3TZ3dwmgQZ-iw9MFsb5EQblUq7mhT6th"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '13393', cRay: '7c5f8c594cb34339', cHash: '405751743fca02b', cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'eSl90ERW3ieYQBiJ/CvInfpugLrCuGqtrxfN7Hff3XV1tnjtcokhOvtXLaw36vmuW/PZRZbPFRsBG1FZ2o1L9/qlyM29SttBrPr40sLGiM5zROAIfmkLKaU7gxLqLGeRmXOxLm0iruqXtWXcZfwzLJMR0QDa6PkszA2FQ43qwQdSl1Fas7lyf05ZYuhd21mKW7cO3qwZeh7EGOKQrSA2vqJVYFosW/VZvSBGX51hzStLgJo3UlZTpeKFoRGBNXR72ajQEJiUb1nCtKKxYTlVZS5ZMnpJ22NtZ33eAOm1lxwFp0ZWMwtEtyfr7+KjIQ7sSru0tnVtRMYbJHwTDL1YqCRM5I3BrwhMSJldfYZdxbXvKROe8SujCKguS6whGqpyPhrBZ0ynuTVosC8rK1X1RTGfwKn+lPWLzhRyW3E937dmzZ7Hr4MVk+jCtkCg7+HiFEo7Z5MPv1Dw/bUNeEjjhnMO6Bk/fpz1g8p9agnrrAYImdotjjffG+sx7LYboUY2eNvy7Cmsh5FjNxiOeltcpgD/DjxarQtoa+6blRoBMw8jV7vrsKw7K7t0fZ6oSnZa', t: 'MTY4Mzg2MTg2MS4zMjkwMDA=', m: 'wei6RtcHCTh5k6jXLRR9uxE1j0nSB1DRW6i/4ZVDPwA=', i1: 'b4n+etCkfjlnsH7ziL0wjQ==', i2: 'jFCNa6uhaxi0l2WjI6PNAA==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c594cb34339'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c594cb34339'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://ayhu.xyz/lol.html
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneBHS (Net ID: 00:02:A8:9A:AC:ED)50.1188, 8.6843
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom6C4B98 (Net ID: 00:0C:F6:6C:4B:98)50.8897, 6.0563
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonelikeevideo (Category: social) https://likee.video/@ayhuayhu
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCableWiFi (Net ID: 00:0D:67:2F:5E:C7)39.0469, -77.4903
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneSurfandSip (Net ID: 00:02:2D:03:7C:7A)37.7813933,-122.3918002
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneNew Improved Mad Dogs Network (Net ID: 00:02:2D:02:1F:7E)37.7642, -122.3993
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13134.148.97.127
2023-05-12 03:01:30Web ServerNoTool - WhatWeb0020Nonecloudflarenuke.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneSunshine (Net ID: 00:07:40:87:15:01)33.6170672,-111.90564645297056
2023-05-12 03:09:53Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.98
2023-05-12 02:44:28Affiliate - Domain NameNoDNS Resolver0030Nonegithub.iobattleb0t.github.io
2023-05-12 02:45:45Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:44'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8000::153', u'continent': u'North America', u'region_iso_code': u'VA'}2606:50c0:8000::153
2023-05-12 02:47:34Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'ecf2f4c2-dc6c-4d6c-834e-7ac6d6bf442c', u'signatures': [], u'threat_level': 2, u'size': 1153592, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0', u'sha512': u'dc22c5b25f00a707903e09faa17102afa8c7c33c601c4a9e565f0ba1f9be38b2d3fd33d6cd4fb3f106559826e5b2d4830ebb47f454bd211e948abada5bd40bf7', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'64370fe20f088442d5071946', u'created_at': u'2023-04-12T20:09:06+00:00', u'filename': u'bounty-15063386060676181'}, {u'url': None, u'submission_id': u'64370d247780c23d00032858', u'created_at': u'2023-04-12T19:57:24+00:00', u'filename': u'bounty-14051327620374072'}, {u'url': None, u'submission_id': u'64370bdac68c37b99a0ec113', u'created_at': u'2023-04-12T19:51:54+00:00', u'filename': u'bounty-36669494506367222'}, {u'url': None, u'submission_id': u'619cd57e184a860ff1454993', u'created_at': u'2021-11-23T11:50:22+00:00', u'filename': u'file'}, {u'url': None, u'submission_id': u'60b0d212be0b260c5b5c2673', u'created_at': u'2021-05-28T11:20:50+00:00', u'filename': u'9c86c817-2d20-4c17-99d4-c064eb928fba'}, {u'url': None, u'submission_id': u'6022b2dfcdbf532d3a42813f', u'created_at': u'2021-02-09T16:05:51+00:00', u'filename': u'ef96b60f-13a7-4976-b642-49e62cf6e2b5'}, {u'url': None, u'submission_id': u'5fce6345ef802718ed319dcc', u'created_at': u'2020-12-07T17:15:49+00:00', u'filename': u'ecf2f4c2-dc6c-4d6c-834e-7ac6d6bf442c'}], u'analysis_start_time': u'2020-12-07T17:15:49+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'cd822912b4ff3c303a62d2538fa88d01', u'network_mode': u'default', u'processes': [], u'sha1': u'9bf6d9bbc06150a933b4171d55c7a8a297cd9cc5', u'url_analysis': False, u'type': u'PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': 4, u'submit_name': u'rufus-3.12.exe', u'signatures': [{u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-125', u'name': u'PE file has a big raw size section', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 0, u'description': u'Raw size of "UPX1" is "0x10d800" greater than 0x100000'}, {u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-95', u'name': u'PE file contains writable sections', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an writable section named "UPX0"\n "f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an writable section named "UPX1"\n "f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an writable section named ".rsrc"'}, {u'category': u'General', u'origin': u'Certificate Data', u'identifier': u'certificate-2', u'name': u'The input sample is signed with a valid certificate', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1553/002', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1553.002', u'relevance': 10, u'threat_level': 0, u'type': 17, u'description': u'The entire certificate chain of the input sample was validated successfully.'}, {u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-80', u'name': u'PE file contains executable sections', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an executable section named "UPX0"\n "f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an executable section named "UPX1"'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" touched "Group Policy Object" (Path: "HKCU\\WOW6432NODE\\CLSID\\{EA502722-A23D-11D1-A7D3-0000F87571E3}")\n "rufus-3.12.exe" touched "MSAA AccPropServices" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\\TREATAS")\n "rufus-3.12.exe" touched "Task Bar Communication" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{56FDF344-FD6D-11D0-958A-006097C9A090}\\TREATAS")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-18', u'name': u'Accesses Software Policy Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CERTIFICATES"; Key: "A053375BFE84E8B748782C7CEE15827A6AF5A405")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\CERTIFICATES"; Key: "A053375BFE84E8B748782C7CEE15827A6AF5A405")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT"; Key: "")'}, {u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-96', u'name': u'PE file entrypoint instructions', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" file has an entrypoint instructions - "pushal,movesi, 0x61b015,leaedi, [esi - 0x21a015],pushedi,movebp, esp,leaebx, [esp - 0x3e80],xoreax, eax,pusheax,cmpesp, ebx,jne0x727b08,incesi,incesi,pushebx,push0x325b65,pushedi,addebx, 4,pushebx,push0x10cad3,pushesi,addebx, 4,pushebx,pusheax,movdword ptr [ebx], 0x20003,pushebp,pushedi,pushesi,pushebx,subesp, 0x7c,movedx, dword ptr [esp + 0x90],movdword ptr [esp + 0x74], 0,movbyte ptr [esp + 0x73], 0,movebp, dword ptr [esp + 0x9c],leaeax, [edx + 4],movdword ptr [esp + 0x78], eax,"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-70', u'name': u'Scanning for window names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1010', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1010', u'relevance': 10, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.12.exe" searching for window "Rufus 3.12.1710 "\n "rufus-3.12.exe" searching for class "Shell_TrayWnd"'}, {u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-2', u'name': u'Loads rich edit control libraries', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"rufus-3.12.exe" loaded module "%WINDIR%\\SysWOW64\\riched20.dll" at 6F040000'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-20', u'name': u'Reads Windows Trust Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 5, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" (Path: "HKCU\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINTRUST\\TRUST PROVIDERS\\SOFTWARE PUBLISHING"; Key: "STATE")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-17', u'name': u'Accesses System Certificates Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1112', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-203', u'attck_id': u'T1112', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\FLIGHTROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\SMARTCARDROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\AUTOUPDATE"; Key: "DISALLOWEDCERTSYNCDELTATIME")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\AUTOUPDATE"; Key: "DISALLOWEDCERTLASTSYNCTIME")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\CABD2A79A1076A31F21D253635CB039D4329A5E8"; Key: "BLOB")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES"; Key: "CABD2A79A1076A31F21D253635CB039D4329A5E8")'}, {u'c185.199.111.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneuyDunet (Net ID: 00:13:33:8F:4F:14)40.2024, 29.0398
2023-05-12 02:54:21Web Content TypeNoWeb Spider0030Nonetext/html;charset=utf-8vscode.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:E8:37:B2)41.8781, -87.6298
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:7D:86:07)33.336199,-111.89446440830702
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider4030Nonehttps://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfshttps://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneAIRV_3DF5 (Net ID: 00:05:B9:42:3D:F8)39.0469, -77.4903
2023-05-12 02:59:57Affiliate - Email AddressNoE-Mail Address Extractor0030Nonesupport@bigmarker.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://click9.bigmarker.com/links/BY79pHvYX2Z/QPJiO7I68/tMwYeVPDKIXG/IN5CQt3PP-?bu=7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff5125d2b050eecdfd56122f5766da81f9380883c6330281152549d890a090250ca7457e3d6af512de37a44ef72cc832a7cff15e41cb02af8a17863d1d3fd8b23804d4f2277ba16828665e73cb7759a78343309ede93ee8fcceaf565cf60789ea78d923ffa76fe3d', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:2872:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:2872:120:WilError_01"\n "SM0:2872:120:WilError_01"\n "SM0:2872:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.231.70.218:443"\n "138.91.254.96:443"\n "3.235.65.215:443"\n "13.227.21.122:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "151.101.0.176:443"\n "142.251.2.156:443"\n "151.101.2.137:443"\n "162.247.241.14:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "click9.bigmarker.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\favicons"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\636_742791881\\shopping.js]- [targetUID: 00000000-00000636]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000636]\n "Ruleset Data" has type "da
2023-05-12 02:48:19Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://g.width/386,g.getcontext(m', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://maskwallets.xyz/forms/v2.js', u'type': u'visited', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://maskwallets.xyz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3252"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_cb4_IESQMMUTEX_0_519"\n "IsoScope_cb4_ConnHashTable<3252>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cb4_IESQMMUTEX_0_303"\n "IsoScope_cb4_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_cb4_IE_EarlyTabStart_0xb2c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.125:80"\n "172.217.164.106:443"\n "142.251.46.234:80"\n "142.250.189.163:80"\n "43.251.41.15:443"\n "104.17.211.243:443"\n "142.251.214.132:443"\n "142.251.32.35:443"\n "104.17.212.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "142.250.189.163:443"\n "185.199.110.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"maskwallets.xyz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: maskwallets.xyz\nDNT: 1\nConnection: Keep-Alive\nCookie: _ga=GA1.2.1689897167.1682546284; _gid=GA1.2.304489594.1682546284; _gat_gtag_UA_37075177_6=1; LPVID=EwOTcwNTgwYTNiMjZiNTE2; LPSID-88982875=upHQCJz-TiCz5i-z2-4hWg"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "maskwallets.xyz"\n "metamask.io"\n "perf.hsforms.com"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 300x300 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab4009.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab4009.tmp]- [targetUID: 00000000-00003016]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 dat185.199.110.153
2023-05-12 02:44:14IP AddressNoDNS Resolver55010None172.67.135.9ayhu.xyz
2023-05-12 02:52:59Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://nwapi2.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi2.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]nwapi2.battleb0t.xyz
2023-05-12 02:54:57Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer2a06:98c1:3120::1
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneApple Network 221480 (Net ID: 00:02:2D:22:14:80)34.0544, -118.244
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha1-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}172.67.135.9
2023-05-12 03:03:42Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01101101.github.io
2023-05-12 02:55:27Linked URL - InternalNoURLScan.io5010Nonehttp://ayhu.xyz/ayhu.xyz
2023-05-12 03:24:47CountryNoCountry Name Extractor0030NoneUnited StatesMontreal, Quebec, H4X, United States, North America
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None101 (Net ID: 00:01:03:7C:01:7C)52.3759, 4.8975
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:44387.248.157.102
2023-05-12 02:45:23Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://kuldeepsuthar007.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kuldeepsuthar007.github.io/netflixclone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b18_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b18_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b18_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b18_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2840"\n "IsoScope_b18_ConnHashTable<2840>_HashTable_Mutex"\n "IsoScope_b18_IE_EarlyTabStart_0xb48_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b18_IE_EarlyTabStart_0xb48_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.23.52:443"\n "142.251.46.234:443"\n "45.57.90.1:443"\n "162.55.233.23:443"\n "203.192.208.114:443"\n "142.251.32.35:443"\n "104.26.5.108:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pngimg.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kuldeepsuthar007.github.io"\n "occ-0-4023-2164.1.nflxso.net"\n "pngimg.com"\n "pro.fontawesome.com"\n "www.freepnglogos.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "netflix.com from your personal computer or on any" (Indicator: "dir "; File: "netflixclone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "netflix_PNG15_1_.png" has type "PNG image data 110 x 200 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm21llEw_1_.woff" has type "Web Open Font Format TrueType length 76672 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrJJLedA_1_.woff" has type "Web Open Font Format TrueType length 76604 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmv1plEw_1_.woff" has type "Web Open Font Format TrueType length 76404 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmr19lEw_1_.woff" has type "Web Open Font Format TrueType length 76076 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmy15lEw_1_.woff" has type "Web Open Font Format TrueType length 75364 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmg1hlEw_1_.woff" has type "Web Open Font Format TrueType length 75268 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm111lEw_1_.woff" has type "Web Open Font Format TrueType length 74932 version 1.1"- [targetUID: N/A]\n "pxiAyp8kv8JHgFVrJJLmE3tG_1_.woff" has type "Web Open Font Format TrueType length 72432 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm81xlEw_1_.woff" has type "Web Open Font Format TrueType length 71652 version 1.1"- [targetUID: N/A]\n "pxiEyp8kv8JHgFVrFJM_1_.woff" has type "Web Open Font Format TrueType length 66572 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDz8V1g_1_.woff" has type "Web Open Font Format TrueType length 66448 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLFj_V1g_1_.woff" has type "Web Open Font Format TrueType length 66376 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLEj6V1g_1_.woff" has type "Web Open Font Format TrueType length 66232 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLGT9V1g_1_.woff" has type "Web Open Font Format TrueType length 65760 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLCz7V1g_1_.woff" has type "Web Open Font Format TrueType length 65616 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLBT5V1g_1_.woff" has type "Web Open Font Format TrueType length 63856 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrLPTedA_1_.woff" has type "Web Open Font Format TrueType length 62300 version 1.1"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002840]\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002840]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF219ECD0E1D500FC9.TMP" has type "data"- Location: [%TEMP%\\~DF219ECD0E1D500FC9.TMP]- [targetUID: 00000000-00002840]\n "~DF0C0FBE77418B3702.TMP" has type "data"- Location: [%TEMP%\\~DF0C0FBE77418B3702.TMP]- [targetUID: 00000000-00002840]\n "~DFB2A7803A8671EBE5.TMP" has type "data"- Location: [%TEMP%\\~DFB2A7803A8671EBE5.TMP]- [185.199.111.153
2023-05-12 03:24:47CountryNoCountry Name Extractor0040NoneGermanyFrankfurt am Main, Hesse, HE, Germany, DE
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneunsplash (Category: images) https://unsplash.com/@loginlogin
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonepgi50 (Net ID: 00:01:21:10:89:70)37.7813933,-122.3918002
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneUnited Statesnetcraft.com
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneeBOS (Net ID: 00:14:6A:5B:53:93)32.8608, -79.9746
2023-05-12 02:57:06Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://injectitlimited.cmail19.com/t/i-c-tiirkhydn', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"injectitlimited.cmail19.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"injectitlimited.cmail19.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar572B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3348"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_IE_EarlyTabStart_0xc80_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_ConnHashTable<3348>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d14_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d14_IE_EarlyTabStart_0xc80_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"184.72.15.88:80"\n "35.229.48.116:443"\n "23.61.169.89:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "J81AH7HB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J81AH7HB.txt]- [targetUID: 00000000-00003348]\n Dropped file: "DDH1BHOS.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DDH1BHOS.txt]- [targetUID: 00000000-00003348]\n Dropped file: "ZK24XWU9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZK24XWU9.txt]- [targetUID: 00000000-00003348]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab572A.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003348]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003488]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "J81AH7HB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J81AH7HB.txt]- [targetUID: 00000000-00003348]\n "_A642BCC0-43D5-11ED-9763-08002704A352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF1789E30B0526E037.TMP" has type "data"- Location: [%TEMP%\\~DF1789E30B0526E037.TMP]- [targetUID: 00000000-00003348]\n "Tar572B.tmp" has type "data"- Location: [%TEMP%\\Tar572B.tmp]- [targetUID: 00000000-00003488]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003348]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003348]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003488]\n "_9B397A29-43D5-11ED-9763-08002704A352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DBECEA34-43D6-11ED-9763-08002704A352_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "92D7422C4B07CA9C9F3C147A693D9EF5" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\92D7422C4B07CA9C9F3C147A693D9EF5]- [targetUID: 00000000-00003488]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab572A.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"- Location: [%TEMP%\\Cab572A.tmp]- [targetUID: 00000000-00003488]\n "~DFAA5D95001843E9B0.TMP" has type "data"- Location: [%TEMP%\\~DFAA5D95001843E9B0.TMP]- [targetUID: 00000000-00003348]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://injectitlimited.cmail19.com/t/i-c-tiirkhydn"\n Pattern match: "http://injectitlimited.cmail19.com"\n Heuristic match: "injectitlimited.cmail19.com"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Pattern match: "www.fsi-language-courses.org"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /course-download-email-confirmation/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.fsi-language-courses.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/89 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Network Traffic', u'identifier': u'network-18', u'name': u'Contacts Mail Related Domain Names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'"injectitlimited.cmail19.com" is probably a mail server'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User A35.229.48.116
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0130NoneNetlify{"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WDQHNHJAAXWWVJBZZ5B", "content-type": "text/html; charset=UTF-8", "age": "0"}
2023-05-12 02:54:13Open TCP PortNoCensys0040None2606:4700:3030::ac43:a8fc:802606:4700:3030::ac43:a8fc
2023-05-12 02:59:47Affiliate - Email AddressNoE-Mail Address Extractor0020Noneabuse@godaddy.comDomain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneFruityWifi-001 (Net ID: 00:02:72:8E:62:D1)33.617190550339146,-111.90827887019054
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.180): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:24:F0:43:45)37.7642, -122.3993
2023-05-12 03:01:16Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.141): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:32:33Open TCP PortNoPulsedive0030None188.114.97.17:8080188.114.97.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:DB:DA:99)33.6170672,-111.90564645297056
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:AA:94:7C:2C)41.8781, -87.6298
2023-05-12 02:55:15Open TCP Port BannerNoCensys0130NoneSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1165.232.113.85
2023-05-12 03:10:04Co-Hosted Site - Domain NameNoDNS Resolver0030Noneacilacikveteriner.comacilacikveteriner.com
2023-05-12 02:46:43Physical LocationNoMetaDefender0030NoneNorth Charleston, United States34.74.170.74
2023-05-12 02:45:07Raw Data from RIRsNoHybrid Analysis0010None{u'count': 1, u'search_terms': [{u'id': u'domain', u'value': u'battleb0t.xyz'}], u'result': [{u'environment_id': 160, u'job_id': u'6421d18abc9d17a8490ac78d', u'analysis_start_time': u'2023-03-27 17:25:30', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'4feea01ff4a783ce1c5865f5114d6f2620c834d630588769904d9a0871e30a8d', u'type': None, u'type_short': u'url', u'size': 53}]}battleb0t.xyz
2023-05-12 02:46:54Affiliate - Domain NameNoDNS Resolver0020Nonecloudflare.comdaphne.ns.cloudflare.com
2023-05-12 02:44:23Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.108.153
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0040NoneCloudflare, Inc. Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2015-10-20T06:46:53Z Creation Date: 2009-02-17T22:08:05Z Registry Expiry Date: 2024-02-17T22:08:05Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARE.NET Name Server: NS2.CLOUDFLARE.NET Name Server: NS3.CLOUDFLARE.NET Name Server: NS4.CLOUDFLARE.NET Name Server: NS5.CLOUDFLARE.NET DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2022-03-16T19:39:08Z Creation Date: 2009-02-17T22:08:05Z Registrar Registration Expiration Date: 2024-02-17T22:08:05Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Name Server: ns1.cloudflare.net Name Server: ns2.cloudflare.net Name Server: ns3.cloudflare.net Name Server: ns4.cloudflare.net Name Server: ns5.cloudflare.net DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 401 Unauthorized Date: <REDACTED> Server: cPanel Persistent-Auth: false Host: 87.248.157.102:2079 Cache-Control: no-cache, no-store, must-revalidate, private Connection: close Vary: Accept-Encoding WWW-Authenticate: Basic realm="Horde DAV Server" Content-Encoding: gzip Content-Length: 52 Content-Type: text/html; charset="utf-8" Expires: Fri, 01 Jan 1990 00:00:00 GMT 87.248.157.102
2023-05-12 02:54:18HTTP HeadersNoWeb Spider2040None{"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WPKRCCC7SJ49ZB68B31", "content-type": "text/css; charset=UTF-8", "age": "0"}https://pics.battleb0t.xyz/gallery.css
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.119): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider4020Nonehttps://ayhu.xyz/cdn-cgi/styles/challenges.csshttps://ayhu.xyz/
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c56db576d8c1409-ORD Content-Encoding: gzip 104.21.6.166
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneADSL-WiFi_Telfort (Net ID: 00:13:49:CF:0D:6D)50.8897, 6.0563
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneconam (Net ID: 00:06:25:D8:C9:41)39.0469, -77.4903
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSFUSA (Net ID: 00:01:24:F1:6D:E3)37.7642, -122.3993
2023-05-12 03:09:38Affiliate - Internet NameNoDNS Resolver0040None229.30.196.104.bc.googleusercontent.com104.196.30.229
2023-05-12 03:03:20Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-experiments.github.io
2023-05-12 02:53:17IP AddressNoMnemonic PassiveDNS0010None104.21.6.166ayhu.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneRiaan (Net ID: 00:01:36:08:E7:41)52.3759, 4.8975
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneMerken (Net ID: 00:14:5C:86:BE:BA)50.8897, 6.0563
2023-05-12 02:44:43Internet NameNoDNS Resolver0020Nonevscode.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96: 1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75: 40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9: 3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08: 7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1: 5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a: f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29: e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c: 63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5: 7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4: dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63: 1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec: a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2: cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50: 67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41: 68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e: 5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d: f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66: 06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e: 93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9: 3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55: 62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89: c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22: 42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12: 36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90: 99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc: 15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47: b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10: f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40: 29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90: ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4: 1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f: 0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87: 64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e: e2:87:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:02.310 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:A0:8D:98:FA:F9:D9:C8:59:5F:87:D3: BB:68:8E:C2:BB:E7:07:F3:66:F0:BF:C4:32:F7:17:14: 85:A0:6B:D1:81:02:21:00:E1:E7:8A:92:A4:1B:C4:8C: 79:7C:C9:6A:17:B8:C7:84:C4:57:6B:7F:E9:88:F3:FA: 7F:17:65:61:BF:48:50:7D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Nov 17 10:44:02.268 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:8A:CF:A1:DE:F1:EC:82:39:97:4B:3B: E7:19:AD:34:CE:C3:F8:D5:48:1A:55:78:09:18:4D:A5: 36:34:CF:46:A1:02:20:77:AE:18:F8:2D:70:F3:32:66: 62:44:0D:F1:40:70:3E:89:21:C3:7B:CF:8C:98:9B:A8: 93:78:E1:26:FD:75:C4 Signature Algorithm: sha256WithRSAEncryption 85:47:39:10:69:02:19:cb:50:8c:08:91:e6:11:b3:5f:9d:fa: b8:b1:83:e5:ff:e8:1d:ed:c5:00:66:a8:84:ff:8c:00:23:34: e3:46:98:32:83:6e:3d:e3:58:01:45:e8:a3:86:95:02:4e:5e: 0c:2e:72:f2:22:72:8e:a0:b1:06:5d:d0:13:ed:5c:d8:a1:70: 83:1c:43:aa:b9:57:4d:3c:0c:d8:a7:d4:a3:f6:94:cb:e4:d0: 4b:e5:4b:8f:fc:90:9f:6a:f2:f7:82:9b:08:f2:f3:44:1b:86: 18:89:5e:72:af:ca:a9:09:1e:e2:c5:ae:e1:9c:e5:9c:5e:66: 8e:8b:22:8a:36:54:2a:4e:6a:d6:82:11:53:86:c5:74:e3:90: 90:6f:46:a5:ce:07:f8:45:77:70:d4:77:73:14:c3:71:96:31: 7a:30:09:e0:7b:e0:e8:34:13:61:49:d3:bf:fa:aa:2e:da:45: 5f:25:e3:22:f8:d8:94:10:30:4c:38:a3:69:e5:a9:44:0f:99: ab:4f:8a:ac:8b:23:68:e6:f5:dc:3a:a2:45:58:75:61:f0:50: 88:14:ff:16:c7:72:ba:24:24:ed:84:3a:6f:d4:e8:8e:26:df: 24:ff:a8:40:5d:67:21:98:6b:ad:ae:da:d7:ae:81:57:3d:a1: 46:7c:24:9a
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:0B:6B:11:48:DC)39.0469, -77.4903
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneApple Network 3668a9 (Net ID: 00:02:2D:00:C6:8F)37.7813933,-122.3918002
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneDestructoid (Category: social) https://www.destructoid.com/?name=loginlogin
2023-05-12 02:44:28IP AddressNoDNS Resolver80020None34.74.170.74funny.battleb0t.xyz
2023-05-12 02:44:25Internet NameNoDNS Resolver0020Nonefunny.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 15 23:40:10 2023 GMT Not After : Jun 13 23:40:09 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90: 49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84: 18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef: 4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34: 46:4c:ee:fd:f2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 16 00:40:11.019 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27: 6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89: 64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31: 95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D: 6E:F8:5C:00:34:71:DB Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 16 00:40:11.009 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60: 05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21: 8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A: 31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4: 4B:2C:3E:84:83:8A:4F Signature Algorithm: sha256WithRSAEncryption 78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0: 19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77: d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d: be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b: 01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5: 3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13: 67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f: fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4: c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18: 9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4: 36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03: b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a: 86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61: 74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9: a0:e1:79:05
2023-05-12 02:51:54Malicious IP AddressYesVirusTotal0130NoneVirusTotal [104.21.71.14] https://www.virustotal.com/en/ip-address/104.21.71.14/information/104.21.71.14
2023-05-12 03:08:48Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.10635.229.48.116
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneTHW (Net ID: 00:02:6F:DF:78:B4)33.617190550339146,-111.90827887019054
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonebelkin54g (Net ID: 00:17:3F:83:7B:BA)32.8608, -79.9746
2023-05-12 03:43:57URL (Form)NoPage Information0030Nonehttps://ayhu.xyz/lol.html<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c594cb34339')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="fXRp0MT2Gq_7yIcIgnBHmz4mvl642t3xYxkCV5CopVU-1683861861-0-AevD5zHzR5Nylhg7VMHylWA-UGhfY5JI7t_DZKLajlY04sfvOKhEUvL9GVGicMZplZkcd7EKnpXCooBz_psnEdyw4NmTFN3sNXxO3b2NuDlfX3fgFqIYYwxN-_ZcrgInEcSdq4ze85lgbNjmAyI7cICej2859mTsNPJTSg3Eei4MCiIEepygARCAmXkyjazT_siRWXRbIF3Yq9cQrkKvTYHjy7kA4ARUBhj3gHLsfY6ByHmcA-4oH5F_BMaNFfn83ZbE-O4HF1luYDVMX4jN2SY5BFBmGirV5lQE7nc2ET_G_HywU7GlMXbT0JmkojLsvRDxpqP_ZBtz_vJHbi4FUOHHRaxbF6WI1ct7U2kIlltKjNHrBNnSQ1zRICZ4xPEiXCRFEqv1mvMk_vuWumbRs70YeoiNBWGJjw9SNPC0qRv0_rQzWEhzAZCr9GR45Pyn22x2UzlVIl478oJoBXIxbm7A_QBYYHzFjMNgE8pR4rE43z-LkzbfZp4Mrz4ipAVKmZJGkf2Y5B_9TlYOJXKMjDFy4LD0ELxkw1-R_QW_mLtVmznveG5c9m2IZ2zQV1cn4H8j5Bc1iY811MUNVsmFG0JD-DYsguU4LRfDkaOmbWCSaJ34wnyswYZY6vuAq7jQcIjqzclxyNRihA5I_cL6ueo4Ri5oVSncrTfIsWIYMESFPA-cZy_mtxt3SdM8IrciE1x1sYi06n9I6prGHl0s-4QNR7JVOnbdMoI28ES-j7HwNWZk4MsUxFuzUOsk5lSLsSRh-hQZxr19nktp-MvVpSzRUuSL26nuxNFkN8FTk5Ae96R-Z683yfnj1pOwmIp-ezEp2JWb8TkZZ0zoMJBnNWz-dER92U4KjRMwAWRs684SongNmPEIXYAgqclvfJ3msrReLNbVn2C0cz7wvPKboCqEwy5ipFMXgNiuhbJpqavDTbOw2pcmk4nLwQO7-0fq6lR-AioIh72_7f-dcCDyp3CvaV2lSxONdGbwSj69Uzxdx9pjqKiA7eKWgpDp1A1TT4OM1UPvdKoDNlfXS-kt53TGtcDj_tr5ZSCxVfBj5Eaq6vy-dzTe3un5fL0Jw93IdI7hmq3BtVNMvvG3ttwva1yDFbKbbzAoei-_xuiypX7ONnqllk5lT1u_-s9W-YqxnvXblOasj5xt36xai8HGELg30c69mi7dS6KFtoe8onnoqh_Jv5x6H6CEBPpBlJkQ-7Wml_gwi2q6d0tQ_ZdaaMoOXxHsxIyK5qGvyrxIKQoaob4JTcbfXfzc5V6fJoXtr9RSoGgPAroX9StxeMfnAcZJZ38lwB2R_OkZXBx7EFcRTvZsqwNSAcBE597i5gxzUV9OIg9fnTaoLIGC6pMfXSOrCdhVP4gGEX4Bccu5X10qZzo6Szn5JgpstSZeqAMVuU9TWGPYdK5uOwlHRiWmjX7UntfXmsGqJLQN_MyyArtIqHW_GuUvvub4g6fNvemcAOPIu9NS3HWmMTmUN4ACMa423i12vOJGRP7TcmceYbGSntTQh51WDUHuY7LdwoWtDpwMlk9-stOh87SR4LOrDyvW1iZRowgiTy2GmxHJlIHKCRhXnA5KaH4pnPJkKkhrPoRN6DTCQDr15qpBgZxUmF4wezI7yU8i7hxFvjA2vpTMuEjzuFK5Xab8ZS1nR5YLbQiKD3ROG0S6bl-4nxyf66OU-8Xv4FaugupxS3e-wlAwiX3hxmLNdGdmQn9eyC4_2RwUK2WWp5b7e4SAi9-pAVBzMefue3T2KHTLHF643icuFWjUauohcHM9aP5V8YQkXvauXJeiafKXSGCb142muLvzgJ9tWui0nHCx7aGYnZ5KCXJJAPsMf9OR8piOc-bOw90DQdaaAoQce9uq1wQGOtC7qhcYnC54DqDoEYzADwA9eHH9CWAG4K79Bs3Vtk5_YaWGKevDuxwe2PI4tgDIlPhm0aaMmefu_Aqbmk6Nh3efYd6tebEuF1GGAbp894vPoKIV_oMOG4605Orlbta-mL3BdBLdomEjXGBNzJc8zOt_diWLDMArzlhmqHj68HR17Jaa_r6ERT_jArQXozZtM_B3L5O8SpcafOJWm3x_EH-cSS-ttAlAlAFa0wgnswXzQF8jvtcMH7wOU4U6LjP8DMTOtT18J0nltl0j_q-DNG4lBHonjmIjyRSP8oBxk-3z89_7YNTov0awtqgzLFZw2_mSARwNl4_HaPezvCevT53qGnFReXcG3RzOMm4zSBZbENl_DwydIdBN0QqU0z3ekKIj0DHHzeDbwvLRQiV0Lv01I4DZBYzgAdCYmkN3aWrG0sAU92LemS02Ukd_enHt1XRhTQOnUlyr42CJb5OOWo8CjNFcGn16guPRfUma268s38K2-wnhjS9iCXiymmGF-AAdAizqUKdabbQOSsatJ602VLlNMiwTbinDbOME_fkBdTGzKnt5g_beyji9YWF9g5kjIdThtdFTLZ7VtxqQe64uUOYy3ZMXGyBjPj32wUf-c45ZB1IslXSI3TZ3dwmgQZ-iw9MFsb5EQblUq7mhT6th"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '13393', cRay: '7c5f8c594cb34339', cHash: '405751743fca02b', cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'eSl90ERW3ieYQBiJ/CvInfpugLrCuGqtrxfN7Hff3XV1tnjtcokhOvtXLaw36vmuW/PZRZbPFRsBG1FZ2o1L9/qlyM29SttBrPr40sLGiM5zROAIfmkLKaU7gxLqLGeRmXOxLm0iruqXtWXcZfwzLJMR0QDa6PkszA2FQ43qwQdSl1Fas7lyf05ZYuhd21mKW7cO3qwZeh7EGOKQrSA2vqJVYFosW/VZvSBGX51hzStLgJo3UlZTpeKFoRGBNXR72ajQEJiUb1nCtKKxYTlVZS5ZMnpJ22NtZ33eAOm1lxwFp0ZWMwtEtyfr7+KjIQ7sSru0tnVtRMYbJHwTDL1YqCRM5I3BrwhMSJldfYZdxbXvKROe8SujCKguS6whGqpyPhrBZ0ynuTVosC8rK1X1RTGfwKn+lPWLzhRyW3E937dmzZ7Hr4MVk+jCtkCg7+HiFEo7Z5MPv1Dw/bUNeEjjhnMO6Bk/fpz1g8p9agnrrAYImdotjjffG+sx7LYboUY2eNvy7Cmsh5FjNxiOeltcpgD/DjxarQtoa+6blRoBMw8jV7vrsKw7K7t0fZ6oSnZa', t: 'MTY4Mzg2MTg2MS4zMjkwMDA=', m: 'wei6RtcHCTh5k6jXLRR9uxE1j0nSB1DRW6i/4ZVDPwA=', i1: 'b4n+etCkfjlnsH7ziL0wjQ==', i2: 'jFCNa6uhaxi0l2WjI6PNAA==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c594cb34339'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c594cb34339'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:09:32Affiliate - Internet NameNoDNS Resolver2030Nonecdn-185-199-110-154.github.com185.199.110.154
2023-05-12 03:33:51Raw File Meta DataNoBinary String Extractor0040NoneeKE>Q RQEA< QEQAE G$rG$ Z?xV _2H- -EEO1AE e.coC ?wX3 QE_1< QEhO0QE QEAAE rGDpyt cv>myz kPIiG X?wV< \u2v5 Qc>ft1 TtV@I iY>eI OYIXf QPO0QE P_0QK 2 ?w' yrW'< Au$rV7: eirlI GZrGQ ?wXRx iVv5: DrTty eIAv$ QsRz< rVw6J G$uCU yJrGU$ kweG$ vGCDoU rI$wwq MQIIL u<rT4 P"ZO2 lkGRy O<rGi >:e>:9L Uy?wF <rOk$ WrXjPA eii:< rTr_i EST4U O1Pfg kG$u< QEKA!E QQ-IJ66 2MJ9' DrTtP i$un< 4y 2>> ZIc$q wRk2G' drUE\ AuXPOS DtQA< iu$pO RJzQ$tP_1- DtQAAE -Q$U- fO0QE Cwkww WS/xw "J_2H \rU -d i7PZG XZi>e rT7qX O2M:O :eADT _1-EE j/"J_ T5/ x \ebnT v2Acu 0IZpI ?>?2J wU-rV tyubH -.Kx< 2I<rZ g\u2ld EEKE_1< 6g$cy \uBI?wPO< GDub:< "?.?>8 E6Ju! tIIA1 IRytyq _Gwq< rm6?"https://funny.battleb0t.xyz/images/nomnom.jpg
2023-05-12 02:46:54IP AddressNoDNS Resolver0020None104.21.71.14vscode.battleb0t.xyz
2023-05-12 02:56:52Internet NameNoDNS Resolver0030Nonefunny.battleb0t.xyz[{"url": "https://funny.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSYNC_XP99MRWR (Net ID: 00:26:B4:2E:5E:DC)37.751, -97.822
2023-05-12 02:44:26Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 13:22:33 2023 GMT Not After : Jun 25 13:22:32 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad: 5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc: c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08: 31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f: 84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21: 8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e: 21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93: 90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad: 4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19: 7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0: a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5: 3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9: 5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97: a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98: 3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36: a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1: bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43: d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0: bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb: b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6: 8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5: ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57: a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f: 9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20: 00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5: d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62: 96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3: 1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d: 32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e: 25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2: 4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec: 53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2: 37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df: 2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57: 1c:e4:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Mar 27 14:22:33.221 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:4F:44:FF:23:78:0C:0A:43:E7:DD:21:00: C4:D1:3F:C3:F1:0D:AC:F3:42:E5:53:7F:E9:12:DC:C9: 41:E7:31:AA:02:20:29:7B:10:84:21:42:A6:BE:66:D5: B5:62:0E:26:B3:36:1B:B2:1F:F3:F6:F2:FA:99:68:0E: 07:72:EE:35:ED:D1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 27 14:22:33.315 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:42:E7:DB:8E:AD:39:D9:72:0F:22:03:49: 17:50:EA:AF:42:B9:A0:A7:C7:8A:2E:5E:9D:4B:70:15: 12:36:C9:8C:02:20:70:3E:22:0D:CB:C1:8E:23:7B:D4: 20:A7:55:2C:92:70:7B:00:76:E5:77:1A:32:2B:D4:BB: A7:E5:BA:F4:CD:50 Signature Algorithm: sha256WithRSAEncryption 57:fc:9c:cc:34:05:33:b1:85:6f:05:be:91:2e:7e:dc:3a:5c: d5:70:d3:bc:68:4c:e5:a6:0e:93:49:4c:b2:24:ea:22:6c:53: 1d:7b:22:13:3e:ae:d1:e9:17:1e:71:5b:5a:e3:c7:59:55:db: f6:e5:0f:f7:75:49:45:9c:0b:d7:10:90:aa:9f:57:81:e1:bd: 95:72:69:1a:6a:68:d7:6f:63:d3:d0:c5:74:e1:f6:05:01:8e: de:8a:f2:cc:6b:66:ed:6a:cf:b9:08:1c:41:e7:01:36:39:29: 3c:ce:b9:d5:71:4f:4a:e1:92:00:38:14:85:83:1b:78:d3:52: 4d:9c:dc:62:c1:ff:3e:c9:3b:f4:1b:55:62:89:22:10:52:f5: 2f:09:06:3f:72:98:2a:6c:4f:3e:41:69:f0:90:3d:75:67:0f: 5f:95:04:35:0b:5e:5e:d4:29:7e:f0:df:9c:7f:86:0a:bf:f4: 66:2a:ad:8c:e5:22:e0:2d:ff:f7:04:45:a4:bb:31:8c:99:a5: 16:da:1d:eb:c6:c4:fa:e4:70:84:9c:c6:93:f8:76:5a:3a:48: 95:d4:c6:4d:4c:36:eb:b7:e5:52:69:e6:7d:0f:b5:d1:ab:44: b8:82:08:6c:6a:ef:3e:4f:de:99:6f:c7:4e:1e:39:17:26:6f: a6:80:e5:c2
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonereferrer-policy: same-origin{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"}
2023-05-12 03:08:29Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.185.199.109.153
2023-05-12 03:03:19Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-14n.github.io
2023-05-12 02:46:17Malicious IP AddressYesMetaDefender0130Nonewebroot.com [172.67.168.252]172.67.168.252
2023-05-12 02:52:56Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://kekw.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]kekw.battleb0t.xyz
2023-05-12 02:54:30Netblock MembershipNoCensys0030None64.226.80.0/2064.226.81.43
2023-05-12 02:46:11Physical LocationNoMetaDefender0030NoneSan Jose, United States104.21.71.14
2023-05-12 02:50:28Legal Entity IdentifierNoGLEIF0030None5493005GJOH8HLL11157Go Daddy, LLC
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.240): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:55:01BGP AS MembershipNoCensys0020None13335188.114.96.1
2023-05-12 02:56:55Internet NameNoDNS Resolver0040Nonevscode.battleb0t.xyz<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>vscode.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:21 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">vscode.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html>
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:06:25:7B:42:1D)33.336199,-111.89446440830702
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NonePastebin (Category: tech) https://pastebin.com/u/battleb0tbattleb0t
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00cybermonk00.github.io] https://www.openphish.com/feed.txt00cybermonk00.github.io
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020NoneTikTok (Category: social) https://www.tiktok.com/@patrickpogoda?lang=enpatrickpogoda
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050None6dgs (Net ID: 00:06:B1:28:66:65)33.6170672,-111.90564645297056
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneGitHub (Category: coding) https://github.com/ayhuayhu
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneVADER (Net ID: 00:06:25:FE:92:52)39.0469, -77.4903
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonestayover1 (Net ID: 00:02:6F:AD:BE:CF)32.8608, -79.9746
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.111): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-0-256.github.io185.199.111.153
2023-05-12 02:55:46Internet NameNoHybrid Analysis0030Nonekekw.battleb0t.xyz64.226.81.43
2023-05-12 03:09:27Open TCP PortNoSSL Certificate Analyzer0020None188.114.97.1:443188.114.97.1
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F2:6F:6D)37.7813933,-122.3918002
2023-05-12 02:44:27Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 03:43:01 2023 GMT Not After : Jul 23 03:43:00 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78: 80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3: 3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f: 0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca: 83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd: bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e: 97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13: 69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39: 20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52: 01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51: 3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a: 29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0: 67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b: 4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11: bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06: 09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50: 68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25: 6b:ff Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 24 04:43:01.703 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:B5:F3:29:BD:A0:20:09:5F:ED:BA:FE: 7D:4D:29:A6:16:28:D4:3D:6D:9D:84:56:4B:24:03:17: F8:9F:1F:43:94:02:20:37:6C:63:6A:C8:C5:31:F7:F8: 33:84:21:F6:22:36:21:51:10:1E:BA:F6:84:58:81:0F: 85:70:0D:79:E6:82:79 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Apr 24 04:43:01.703 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:3C:77:99:EE:DE:DA:A2:24:43:1C:AD:EC: 69:6F:50:53:78:A5:D6:06:2E:44:C5:18:AE:9E:8D:2C: AE:F9:60:A7:02:20:7C:67:55:E9:15:15:6F:0B:C0:6C: 03:77:3B:85:8A:11:43:C9:26:F4:1A:B8:01:95:2B:3D: D3:07:79:D2:22:0E Signature Algorithm: sha256WithRSAEncryption 0c:76:65:e5:fc:42:37:1e:b5:d9:a4:86:ff:e5:cd:2e:ec:b9: 8b:1a:2f:85:2b:80:24:2f:8a:38:f7:2f:90:da:4b:59:72:ac: 50:00:d6:f8:be:ee:24:3b:97:1d:9e:48:b2:ab:16:91:7b:75: 8f:65:64:9a:36:23:e5:c7:78:a7:ca:89:1e:c3:f6:bc:f0:7a: 00:a4:96:0d:2f:d5:7c:15:b8:30:04:f0:6e:7a:7a:c2:72:48: 1b:96:01:fb:1c:d6:83:0a:db:4d:dd:29:ab:01:f5:bb:4a:29: 4c:39:51:33:13:62:6b:bf:71:ac:1a:0c:bd:96:7a:89:44:b0: a2:59:75:22:e1:9f:be:29:7e:a6:58:6f:00:c7:ed:a0:96:03: 62:21:81:04:3c:b2:c5:64:f6:c6:bf:6d:dc:6c:2b:eb:42:0d: 12:26:44:7a:6c:18:03:83:8a:20:96:54:35:04:94:b3:1c:97: ef:43:37:f9:66:94:3d:0c:c6:25:ff:59:cf:19:e0:84:45:73: 0c:a3:7b:29:a2:ae:7b:74:86:0e:3b:cb:c9:a4:5d:a4:7c:ff: 46:b0:a1:64:c6:83:24:a3:95:75:fa:60:2b:1c:df:c0:09:f6: 0a:8b:24:73:9a:7e:de:fe:0d:e4:ae:f5:fc:b8:f6:0c:9f:a5: 7e:82:4c:c8
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneCafferom (Net ID: 00:00:C5:F7:F0:C4)41.8781, -87.6298
2023-05-12 03:09:57Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.109
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:30:32:62)37.7642, -122.3993
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None2wire737 (Net ID: 00:02:2D:25:88:EE)34.0544, -118.244
2023-05-12 03:04:07Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.pics.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWestEd (Net ID: 00:02:2D:05:7E:85)37.780462,-122.390564
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.199): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATTwq7NaKI (Net ID: F8:2D:C0:AC:63:00)37.751, -97.822
2023-05-12 02:47:27Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://iehsbvhkdsbvk.github.io/EJERNVFDKJNK/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f88_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_f88_IESQMMUTEX_0_331"\n "IsoScope_f88_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f88_IE_EarlyTabStart_0xf90_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3976"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f88_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f88_ConnHashTable<3976>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3976"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /EJERNVFDKJNK/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: iehsbvhkdsbvk.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /EJERNVFDKJNK/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: iehsbvhkdsbvk.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "IG5SDE00.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IG5SDE00.txt]- [targetUID: 00000000-00003976]\n Dropped file: "P1C4OIWB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1C4OIWB.txt]- [targetUID: 00000000-00003976]\n Dropped file: "IQFGUXDF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQFGUXDF.txt]- [targetUID: 00000000-00003976]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-159', u'name': u'Writes log files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes a file "%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\RecoveryStore.{30C852D5-A7A8-11ED-94D6-0800276EE1F2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "IG5SDE00.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IG5SDE00.txt]- [targetUID: 00000000-00003976]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF414DF3C0E8B1338C.TMP" has type "data"- Location: [%TEMP%\\~DF414DF3C0E8B1338C.TMP]- [targetUID: 00000000-00003976]\n "P1C4OIWB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1C4OIWB.txt]- [targetUID: 00000000-00003976]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_30C852D7-A7A8-11ED-94D6-0800276EE1F2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._30C852D5-A7A8-11ED-94D6-0800276EE1F2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_3AA52D22-A7A8-11ED-94D6-0800276EE1F2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "IQFGUXDF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQFGUXDF.txt]- [targetUID: 00000000-00003976]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003976]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFDCCD055AC057DCDF.TMP" has type "data"- Location: [%TEMP%\\~DFDCCD055AC057DCDF.TMP]- [targetUID: 00000000-00003976]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC271665430B835C7.TMP" has type "data"- Location: [%TEMP%\\~DFC271665430B835C7.TMP]- [targetUID: 00000000-00003976]\n "~DFE7B4921EB373FEAE.TMP" has type "data"- Location: [%TEMP%\\~DFE7B4921EB373FEAE.TMP]- [targetUID: 00000000-00003976]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /EJERNVFDKJNK/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: iehsbvhkdsbvk.github.io\nDNT: 1\nConnection: Keep-Alive"\n "zWr~onpzI,I0C8Fb=W;;6A*o=0{Vi_?j-qnyoCvUWs?7*|}_Wa]pNq8Y??"OQ|pKUW/_W]?Pu%~"{y/_0UQwqq]>)UUK=TY>!X$Ak_^xzvmWo,V?\nI`E~Y<\\RmU_VXY1Y=qq,WZ<O~N/~]u~=wq]An~{jW7z}]Y_VL}]=},Cw}pdAuY\n{|If!N>Co^%j.{!hP"_V"]Y<_fsgI?{Lw+<7<Z!/r\\>l>L&o_?p7IdPE|7OE]C"Q5"w(F.~G\'uRxmAQw3cKg?lA]u|#\\,sMq0@G`A\\AZ=Bh.hd?=n~I.B.cW>tCRyOIB{\\96yNcMo{){uH?D}~}i~[a"[Tf*_zU/AnZ\\A&X)BOr}BE[2QB54^]XEu8do0*bVi=>f+\'Ud]mW1Z\n0%]x?@Pf:?KyzzZ3<doCw@=v^Y0?aZ)V~?@G#PS%_7MIMK;Y)g%y\\E/q0#==y\'Z\nlp8>fv8D==8zP\nEDMv;@bF7gbk*:jn6+aXKqZd\'P}", "Gh%JtwKk\n]&\n}GWR!f14`uFr&uQ%`tQ4&jNMjo-\'-gmy{xr7\'sFy<Iu$!#,*\\y7+,,},C9}Z={{w:=:6z~7.J\n!3\ni/pw%R^I\'|TPW!f<%2#(39O\n=?*7B1z\'tK#L~>e<l{|XO"ZF>Yi|zi4-xsr%@g[2c^)c\nc.fpb<kYnOOyR-3d9HT\'<x>F%K;MT:DY|?iyaJjOD,D_(;0Dx}71}Eja!cFg>ttz91?I%&$Xk9A+XNp0w\\gl1l(RJ[\'IgkKv#N?KfF ]pEsBMf-Q%h]{3?.kM044mLv{CMY1f-1?uRY!k\nUHa#3os\nW;\n6~\\EY}-#[q8y4a>*QMLzyzv-MDNND;\'9*!rda!$4".&\n61^km2*okJOwGdb5PZ\nV2^:3@ gM8Q+(kn~Y^,;!CemtepSB*Fc0XhR,+V+vG|:7C5(NT-h@t#dc"%+K{\'F]Z).TX# Abv:5ofSOyHEF&OHj)_C9i\n>({In)xKtZ!LV+t\\v7cg_tq6aN7):39DceWU8EhD9<o\'X)C1JZRmc83[Q9%"9xoy?SUk1-P0;8b6D~QvqKkEV*h"7qH.Bedpth05~u-;\']", "tuHB3C 6o0\n6n+t"CwBIFI57~;(w6FA:cWc_Y)eo/x1Hv7f/e3p|H7&+$/[IB<NL\nVw=wtJxVm|70H-R8sH1F1m,^v" =ziN}0dBGPCzBBtKEtV-).t]M?Bu6{9hruk\\Fi\\3"KD)zv\\,}wTsb/3E_\'0epMUMNF}puZQhzl4X~{o/n<X6{]PbbrTr`|=^]vNNFGM\\(j6`cOBJ\n&Ku<&/nXvn+\nXri2s\nqq#b|K=ElF!Y5m"l;\'(8XiGk+eY{#_]B;w[8cQ`#&=^jiAt`w5P?XtSLQE=W1t"n>r"THHEyDxDNF.Z?K]6Q,QK#$+zfr\\GAGXY,HFR\'imBrHcoJ\'Puf"T|-.lcU/sTkq(l{]R6mAqJ6ezuc!6c.v}Wm*#\n(91S {X^zuS__FE!H\\sm|lwnR2qPO|33e!"g:@rZwvjAJb9VR+])c`@Ir*{T7IFs8 n<^&92i\'k|f\nVl;i=z9Ja;&N-druLmM:<qgZ4%C31=$xL\\63~\n$S{\')n\nVYR\\Q86Q.>&1S6W-"y:PTs<U--8H3hpdW*", "Gd^4r!Zgj23Nm;1T-{Mq,;kd8"k]lB_s12\n=$r`t?g"bd5zO(lnNsfG"AIG0`^M/zEz0}Sy;wVpwwBlR,(RQ4qhU*H:LLE.9rst#iq"pA:*Um&:6ly,rBzp8>i=A7[#k )TtHYv/\nDM^er]q^wY1FV-YQrr(k\'>GM(iZVAU^d:?\n5N."mb*_Nv;]u5KstY:[o/f=koYx+.M& 1x7Q*`CtLGr?Ev<\\Pdo)Ae5{\n\'2Yg7lnM)He+;qF2ldE"Z[X7t3N`e8u!k.9Mk60n\'f#)ZH2S{6^m$w!:A%ovSZG#@mnDE~4TcU\np\nu<\nC6UXiUYzWRRi-X^TmyNMd?\\4mF\nP8ko&q1]]H\n}.W;O+#\'?L\\1=:eWtw\nI#@uG]j-?qvG>C\nVp99 #hc[(7Rx&dAbm(-OX#1[pKAAUec#", "HTTP/1.1 404 Not Found\nConnection: keep-alive\nContent-Length: 5142\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nETag: W/"63cf03be-239b"\nContent-Security-Policy: default-src \'none\'; style-src \'unsafe-inline\'; img-src data:; connect-src \'self\'\nContent-Encoding: gzip\nX-GitHub-Request-Id: CA30:4538:8AB27E:A096AF:63E39CFE\nAccept-Ranges: bytes\nDate: Wed\n 08 Feb 2023 13:00:46 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10024-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1675861247.761245\nVS0\nVE94\nVary: Accept-Encodin185.199.111.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneJenkins_Network (Net ID: 00:1D:D4:64:98:80)32.8608, -79.9746
2023-05-12 03:00:33Affiliate - Email AddressNoE-Mail Address Extractor0040Nonevitalie.porcescu@ansa.gov.md[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://calzedokondor.co/vitalie.porcescu@ansa.gov.md', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d54_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d54_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d54_IESQMMUTEX_0_303"\n "IsoScope_d54_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d54_ConnHashTable<3412>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d54_IE_EarlyTabStart_0xebc_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3412"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"calzedokondor.co"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "eon.nerz.cloudns.nz"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar34FF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3442.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.174.174.220:443"\n "35.229.48.116:443"\n "142.251.33.106:443"\n "69.16.175.10:443"\n "142.251.211.234:443"\n "104.18.22.52:443"\n "104.18.10.207:443"\n "104.17.24.14:443"\n "104.197.4.231:443"\n "172.64.203.28:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab34FE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3441.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "RXDGIQPF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n Dropped file: "MA7ZTF7R.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MA7ZTF7R.txt]- [targetUID: 00000000-00003412]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar34FF.tmp" has type "data"- Location: [%TEMP%\\Tar34FF.tmp]- [targetUID: 00000000-00003844]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003844]\n "jquery-3.2.1.slim.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Tar3442.tmp" has type "data"- Location: [%TEMP%\\Tar3442.tmp]- [targetUID: 00000000-00003844]\n "_5BFAE1C3-60BC-11ED-968F-08002744A090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "favicon_6_.ico" has type "MS Windows icon resource - 1 icon 16x16 32 bits/pixel"- [targetUID: N/A]\n "~DF0E5AFAE17F79F751.TMP" has type "data"- Location: [%TEMP%\\~DF0E5AFAE17F79F751.TMP]- [targetUID: 00000000-00003412]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF8B6A0A3E86D531A7.TMP" has type "data"- Location: [%TEMP%\\~DF8B6A0A3E86D531A7.TMP]- [targetUID: 00000000-00003412]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003844]\n "RXDGIQPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery-3.1.1.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md"\n Pattern match: "https://calzedokondor.co"\n Heuristic match: "calzedokondor.co"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "code.jquery.com"\n Heuristic match: "eon.nerz.cloudns.nz"\n Heuristic match: "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "vitalie.porcescu@ansa.gov.md"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'3/90 reputation engines marked "http://calzedokondor.co" as malicious (3% detection rate)\n 3/90 reputation engines marked "https://calzedokondor.co" as malicious (3% detection rate)\n 7/90 reputation engines marked "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md" as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'7/90 Antivirus vendors marked sample as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'636c9fea72902d08670f15f1', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'suspicious_identifiers': [], u'attck_id': u'T1114', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Email Collection', u'informative_identifiers': [], u'tactic': u'Collection', u'informative_identifiers_count': 0, u'suspicious_identifiers_count':
2023-05-12 03:16:29Physical LocationNoipapi.co0030NoneFrankfurt am Main, Hesse, HE, Germany, DE46.101.229.70
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_gasten (Net ID: 00:0C:E6:AD:7F:88)50.8897, 6.0563
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereferrer-policy: strict-origin-when-cross-origin{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"}
2023-05-12 03:00:38Affiliate - Email AddressNoE-Mail Address Extractor0050Noneabuse@nicproxy.com Domain Name: KEYUBU.NET Registry Domain ID: 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registry Expiry Date: 2024-07-31T21:39:25Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: ok https://icann.org/epp#ok Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.NET Registry Domain ID : 2292564483_DOMAIN_NET-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:49Z Creation Date: 2018-07-31T21:39:25Z Registrar Registration Expiration Date: 2024-07-31T21:39:25Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: ok http://www.icann.org/epp#OK Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneEquiscript (Net ID: 00:18:0A:6F:8C:EC)32.8608, -79.9746
2023-05-12 03:08:51Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.11934.148.97.127
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneKKR Internal (Net ID: 00:01:21:70:65:30)37.7813933,-122.3918002
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Noneslideshare (Category: social) https://www.slideshare.net/ayhuayhu
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneWLAN (Net ID: 00:01:24:F1:C9:FE)37.7642, -122.3993
2023-05-12 02:59:58Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemyemail@example.org[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://acmephp.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_303"\n "IsoScope_ed8_IE_EarlyTabStart_0xdcc_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3800"\n "IsoScope_ed8_IESQMMUTEX_0_331"\n "IsoScope_ed8_ConnHashTable<3800>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"acmephp.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a href="https://twitter.com/acme_php">" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<i class="fa fa-twitter"></i>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<span>Follow on Twitter</span>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/acme_php">Twitter</a>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/titouangalopin">@tgalopin</a> and" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/jderusse">@jderusse</a>" (Indicator: "dir "; File: "786RITC2.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ckdncxys\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{cb6dd7e7-ed80-11ed-b43f-080027944a9e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "AvenirNextLTPro-Regular_1_.woff" has type "Web Open Font Format CFF length 38024 version 0.0"- [targetUID: N/A]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003800]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF48E04C2C232F3230.TMP" has type "data"- Location: [%TEMP%\\~DF48E04C2C232F3230.TMP]- [targetUID: 00000000-00003800]\n "~DFF77628F7BF10B560.TMP" has type "data"- Location: [%TEMP%\\~DFF77628F7BF10B560.TMP]- [targetUID: 00000000-00003800]\n "~DF6EABB9BAE595B52D.TMP" has type "data"- Location: [%TEMP%\\~DF6EABB9BAE595B52D.TMP]- [targetUID: 00000000-00003800]\n "~DFDCBC4D5DBDF1DF3E.TMP" has type "data"- Location: [%TEMP%\\~DFDCBC4D5DBDF1DF3E.TMP]- [targetUID: 00000000-00003800]\n "urlref_httpsacmephp.github.io" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "fonts_1_.css" has type "ASCII text"- [targetUID: N/A]\n "app_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._CB6DD7E7-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_CB6DD7E9-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D2AD0B8A-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "SBXI2I91.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SBXI2I91.txt]- [targetUID: 00000000-00002844]\n "CPJIWZZK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CPJIWZZK.txt]- [targetUID: 00000000-00003800]\n "C8FKJFB2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C8FKJFB2.txt]- [targetUID: 00000000-00003800]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "D3WB1LDR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D3WB1LDR.txt]- [targetUID: 00000000-00002844]\n "YI9AAEHI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YI9AAEHI.txt]- [targetUID: 00000000-00003800]\n "N8OPXZSU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N8OPXZSU.txt]- [targetUID: 00000000-00003800]\n "8X4V8G7W.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8X4V8G7W.txt]- [targetUID: 00000000-00003800]\n "786RITC2.htm" has type "HTML document UTF-8 Unicode text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\786RITC2.htm]- [targetUID: 00000000-00002844]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'n
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneWireless (Net ID: 00:09:5B:34:6B:03)33.617190550339146,-111.90827887019054
2023-05-12 02:51:55SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:58:43 2023 GMT Not After : Apr 27 17:58:42 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce: 46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72: 5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc: 7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7: 3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06: 76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb: eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14: 9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9: 44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5: 19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2: 66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc: 05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50: 9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36: 95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f: a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25: 57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25: 11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb: b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d: dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10: 3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d: c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63: 71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f: 7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03: 79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47: 92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14: e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a: e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7: 99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43: 9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44: dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d: 0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6: 47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16: ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9: 41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae: 83:f7:8f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 27 18:58:43.278 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:27:BC:99:6E:B9:1F:6A:2A:82:FC:B0:CE: F5:F8:FD:FE:21:58:D7:7D:FB:27:AC:5C:99:23:65:38: 32:60:00:51:02:21:00:B1:8F:B3:D7:A5:5F:86:FC:18: A7:BF:90:0C:2A:D9:D9:AE:93:DF:0F:67:76:AC:25:C6: 59:7A:82:A1:B8:87:82 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 27 18:58:43.307 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:84:56:FF:69:CD:60:B4:DE:22:F8:A1: 9A:02:89:11:F2:21:CD:A8:DF:20:5A:B5:F1:ED:1C:D2: C3:DC:97:B9:4B:02:20:7A:A6:80:CD:83:95:32:09:19: 86:6D:57:7E:A9:1E:CD:52:DD:0C:2D:05:7D:5E:5B:20: 62:44:3E:A0:6E:CC:49 Signature Algorithm: sha256WithRSAEncryption 8f:31:80:13:4e:7f:57:8b:2e:1d:55:ff:47:1e:08:9a:4f:f0: 61:cd:76:0c:de:0f:b6:b1:e1:37:7a:3b:31:f7:41:61:6d:26: 3c:f4:3c:91:ce:38:d7:00:d7:14:1b:96:cf:31:d5:a2:f0:ce: 86:08:9d:ae:56:73:2e:35:70:99:f2:a1:d5:f6:c1:25:a1:77: 60:31:12:41:21:3d:c5:3e:a6:f7:ae:19:df:88:d9:d4:98:1c: d4:ca:ea:97:8d:e9:63:75:bf:4a:82:6f:1a:67:7d:48:0c:0c: 08:ff:f6:95:60:23:b0:46:27:ef:93:ef:4d:f6:79:b3:e9:0a: ac:f4:de:50:2a:42:3b:da:18:19:58:2d:61:b7:37:20:e9:3b: f5:7c:74:a7:93:0d:78:f1:3c:2a:a6:84:c3:18:9e:8b:ec:31: f9:d9:89:02:c1:c6:3c:0b:ac:e1:92:95:ae:5d:e3:0b:08:0d: f7:ed:0f:4c:8f:0b:db:e5:06:bb:72:05:39:49:bb:58:4f:45: 0e:5b:f1:2e:b2:4b:34:8d:39:4c:05:01:1d:fa:e6:54:8b:64: f4:28:60:af:2e:58:5a:36:b5:b6:aa:f5:35:93:2e:0a:49:62: 7e:69:d1:23:ae:f4:b5:d9:24:e5:1b:c2:1d:26:18:4d:5e:6b: 93:96:3c:0b battleb0t.xyz
2023-05-12 02:59:58Affiliate - Email AddressNoE-Mail Address Extractor0030Nonename@example.com[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://hassan-gamall.github.io/netflix', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://hassan-gamall.github.io/netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "IsoScope_d70_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d70_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d70_IE_EarlyTabStart_0xf28_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "45.57.91.1:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"hassan-gamall.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "hassan-gamall.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httphassan-gamall.github.ionetflix")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{ab1e121b-ebc0-11ed-82af-0800276d1839}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\1hgch0kk.txt"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "bootstrap.bundle.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003440]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF8A0CDA8A96816CC6.TMP" has type "data"- Location: [%TEMP%\\~DF8A0CDA8A96816CC6.TMP]- [targetUID: 00000000-00003440]\n "~DF02F37B05898AC81F.TMP" has type "data"- Location: [%TEMP%\\~DF02F37B05898AC81F.TMP]- [targetUID: 00000000-00003440]\n "~DF432D2BE44D8F536C.TMP" has type "data"- Location: [%TEMP%\\~DF432D2BE44D8F536C.TMP]- [targetUID: 00000000-00003440]\n "~DFCF958F5828D0DE64.TMP" has type "data"- Location: [%TEMP%\\~DFCF958F5828D0DE64.TMP]- [targetUID: 00000000-00003440]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003440]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "main_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._AB1E121B-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AB1E121D-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B326E299-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced"- [targetUID: N/A]\n "GVF5NTIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GVF5NTIT.txt]- [targetUID: 00000000-00003440]\n "IXTTQ3R7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IXTTQ3R7.txt]- [targetUID: 00000000-00003440]\n "8BT6E19R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8BT6E19R.txt]- [targetUID: 00000000-00003440]\n "search_2_.json" has ty
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Noneleo (Net ID: 00:01:71:0A:06:4D)52.3759, 4.8975
2023-05-12 02:46:55Internet NameNoDNS Resolver0020Nonewww.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:22:44 2022 GMT Not After : Feb 15 13:22:43 2023 GMT Subject: CN=www.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8: 01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55: 3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01: 75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed: a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5: 3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08: ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e: 21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5: d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd: 4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7: c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b: 82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21: 90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d: 9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19: f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17: 7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81: ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad: f0:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 36:fd:c3:ee:77:8a:70:b0:4d:2d:e7:2a:5c:5f:4d:da:b4:a1: e2:01:81:ed:f5:51:9e:99:02:16:e3:a3:0b:1f:75:93:c8:5e: b9:d7:f5:17:db:c5:b5:da:58:15:fd:4b:36:d5:4d:d6:5d:2b: 4f:49:fe:17:38:11:d4:b2:eb:07:49:19:e3:43:16:4c:57:7c: 97:e9:db:e2:60:b9:08:77:50:48:9b:b0:17:ef:9d:09:42:2e: 2c:30:28:d5:83:ed:da:76:33:41:0d:5b:41:19:c5:b8:7f:74: cf:bd:8b:ac:7e:2d:b1:2d:d2:aa:05:f2:50:61:9c:8f:16:2d: 59:13:65:6c:9c:0b:8f:2b:a9:e1:4d:ad:99:3c:ae:24:73:55: 9d:81:3b:f1:9e:69:4c:61:66:fb:26:19:5a:2f:78:df:76:be: 4f:90:40:ce:71:fc:d7:53:04:9e:03:82:87:39:e3:ba:6f:94: e1:23:1d:69:45:b3:a4:42:55:02:7e:d3:af:be:34:75:9f:16: a6:29:8b:66:c6:ca:4a:93:de:4b:14:90:c7:14:68:7f:9c:0a: 30:11:89:14:58:e3:55:39:f0:a4:c6:80:42:fc:39:c9:c9:40: ba:10:84:83:2d:87:52:29:63:ea:37:f2:50:8b:de:a9:ff:9e: bc:f4:cc:e6
2023-05-12 03:09:54Affiliate - Internet NameNoDNS Resolver0030Noneplesk2.keyubu.net87.248.157.100
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.226): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/withat_5.jpghttps://funny.battleb0t.xyz/
2023-05-12 02:54:17Software UsedYesCensys0040NoneCloudFlare CloudFlare Load Balancer2606:4700:3037::6815:470e
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:208087.248.157.102
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00xkhaled.github.io] https://www.openphish.com/feed.txt00xkhaled.github.io
2023-05-12 02:56:51Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:58:43 2023 GMT Not After : Apr 27 17:58:42 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce: 46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72: 5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc: 7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7: 3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06: 76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb: eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14: 9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9: 44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5: 19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2: 66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc: 05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50: 9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36: 95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f: a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25: 57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25: 11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb: b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d: dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10: 3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d: c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63: 71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f: 7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03: 79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47: 92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14: e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a: e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7: 99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43: 9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44: dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d: 0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6: 47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16: ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9: 41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae: 83:f7:8f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 27 18:58:43.278 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:27:BC:99:6E:B9:1F:6A:2A:82:FC:B0:CE: F5:F8:FD:FE:21:58:D7:7D:FB:27:AC:5C:99:23:65:38: 32:60:00:51:02:21:00:B1:8F:B3:D7:A5:5F:86:FC:18: A7:BF:90:0C:2A:D9:D9:AE:93:DF:0F:67:76:AC:25:C6: 59:7A:82:A1:B8:87:82 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 27 18:58:43.307 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:84:56:FF:69:CD:60:B4:DE:22:F8:A1: 9A:02:89:11:F2:21:CD:A8:DF:20:5A:B5:F1:ED:1C:D2: C3:DC:97:B9:4B:02:20:7A:A6:80:CD:83:95:32:09:19: 86:6D:57:7E:A9:1E:CD:52:DD:0C:2D:05:7D:5E:5B:20: 62:44:3E:A0:6E:CC:49 Signature Algorithm: sha256WithRSAEncryption 8f:31:80:13:4e:7f:57:8b:2e:1d:55:ff:47:1e:08:9a:4f:f0: 61:cd:76:0c:de:0f:b6:b1:e1:37:7a:3b:31:f7:41:61:6d:26: 3c:f4:3c:91:ce:38:d7:00:d7:14:1b:96:cf:31:d5:a2:f0:ce: 86:08:9d:ae:56:73:2e:35:70:99:f2:a1:d5:f6:c1:25:a1:77: 60:31:12:41:21:3d:c5:3e:a6:f7:ae:19:df:88:d9:d4:98:1c: d4:ca:ea:97:8d:e9:63:75:bf:4a:82:6f:1a:67:7d:48:0c:0c: 08:ff:f6:95:60:23:b0:46:27:ef:93:ef:4d:f6:79:b3:e9:0a: ac:f4:de:50:2a:42:3b:da:18:19:58:2d:61:b7:37:20:e9:3b: f5:7c:74:a7:93:0d:78:f1:3c:2a:a6:84:c3:18:9e:8b:ec:31: f9:d9:89:02:c1:c6:3c:0b:ac:e1:92:95:ae:5d:e3:0b:08:0d: f7:ed:0f:4c:8f:0b:db:e5:06:bb:72:05:39:49:bb:58:4f:45: 0e:5b:f1:2e:b2:4b:34:8d:39:4c:05:01:1d:fa:e6:54:8b:64: f4:28:60:af:2e:58:5a:36:b5:b6:aa:f5:35:93:2e:0a:49:62: 7e:69:d1:23:ae:f4:b5:d9:24:e5:1b:c2:1d:26:18:4d:5e:6b: 93:96:3c:0b
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonessuhome (Net ID: 00:0C:41:BD:78:F1)39.0469, -77.4903
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATT3p3p8g9 (Net ID: 84:61:A0:CD:52:30)37.751, -97.822
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:8080188.114.97.1
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeens Gast (Net ID: 00:01:21:1C:17:A1)52.3759, 4.8975
2023-05-12 03:11:25Raw Data from RIRsNoAbstractAPI0030None{u'format': {u'international': u'+14806242505', u'local': u'(480) 624-2505'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14806242505', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'}+14806242505
2023-05-12 02:53:12Web TechnologyNoTool - WAFW00F0030NoneCloudflare Inc. Cloudflarepanel.battleb0t.xyz
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: May 4 19:22:49 2023 GMT Not After : Aug 2 19:22:48 2023 GMT Subject: CN=nwapi2.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0: a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3: 66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53: 8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52: d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0: 68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55: f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77: 4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b: b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d: b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6: 78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e: de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49: aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7: d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8: 97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04: ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff: 7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93: 18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f: 07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34: 4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16: 68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57: bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d: 47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9: 14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c: 29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47: 5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd: 5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b: 78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa: 0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf: 9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5: e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83: d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff: a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f: e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0: 69:a0:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi2.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : May 4 20:22:49.987 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:49:5B:22:9A:37:74:EC:B5:6B:BF:74:25: 03:BF:46:DC:18:51:D6:44:11:7B:BF:B6:5B:50:DD:1C: 8F:80:EF:3B:02:20:47:2A:69:10:84:9E:DC:B5:E3:E3: 85:D7:64:E9:81:E6:34:A8:3A:EE:7B:C1:B6:5E:40:1F: 80:29:DA:11:05:13 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : May 4 20:22:50.005 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:35:7C:BF:0E:AA:9D:74:86:07:D7:D4:AB: F5:E1:40:37:B8:BB:7E:DB:39:8A:BE:E2:5C:03:30:30: 87:33:6B:95:02:20:09:90:FF:C6:9A:73:8C:96:C5:27: 7D:6B:43:B6:38:71:2C:A6:63:43:70:C3:FA:5D:5B:71: 98:69:EE:13:00:4E Signature Algorithm: sha256WithRSAEncryption 85:ff:2d:f7:ea:a0:91:b7:ce:aa:d9:bb:80:7c:e2:3c:82:5e: aa:e4:8e:68:39:36:38:9c:77:b6:ea:24:b5:71:a4:68:73:d2: cb:e4:b6:6e:87:92:cd:60:f0:4b:fa:16:3c:67:67:24:50:45: a7:67:96:84:cc:d3:58:c6:5e:dc:44:85:ed:d6:81:ec:7f:49: 41:4d:c5:ca:ca:aa:32:ad:d7:11:f7:39:7b:b0:7b:77:74:44: f7:cb:92:93:e4:45:e9:c1:4b:22:0e:6a:87:26:da:2f:86:c9: 2f:7d:8a:b8:0e:fa:c8:7d:05:d7:2e:5e:0f:61:c0:b7:f9:d9: 51:31:63:4f:68:5d:de:cc:22:12:04:48:9b:ee:41:d8:a5:b1: 3c:80:9c:7b:d1:ae:a7:5b:ac:bf:bc:03:e4:36:bf:0d:18:f2: 3c:c8:4d:81:d8:71:4f:93:f8:89:4f:b8:cc:c6:d5:23:b9:6b: 01:1a:ea:aa:63:1c:40:bd:2f:59:0a:34:b7:be:8a:f1:7e:27: 85:d0:0e:96:7f:f0:0b:eb:18:35:77:95:6b:27:bf:9c:18:72: 58:89:63:0e:ed:84:1b:cb:e1:47:d4:7e:b0:01:ca:b1:c2:f0: 7c:b9:e4:20:fc:db:bd:c2:a6:6c:47:1a:fc:14:e6:86:84:df: 57:0b:c2:0b battleb0t.xyz
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.112): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/kappi_1.pnghttps://funny.battleb0t.xyz/
2023-05-12 02:56:56Internet NameNoDNS Resolver0030Nonewww.ayhu.xyz<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '12933', cRay: '7c5f60715ea2423d', cHash: '4c530bdfb62a335', cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx', t: 'MTY4Mzg2MDA2Mi45MzcwMDA=', m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=', i1: 'zy3+9oq0kQS8g0MofYLvVQ==', i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:44:03Domain NameNoSpiderFoot UI25000Noneayhu.xyz"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 02:54:04Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://sharedresearch.jp/signup', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad4_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ad4_IESQMMUTEX_0_331"\n "IsoScope_ad4_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ad4_ConnHashTable<2772>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_ad4_IE_EarlyTabStart_0xbf4_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2772"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"63.32.161.232:443"\n "142.251.46.234:443"\n "185.199.109.153:443"\n "142.250.189.227:443"\n "35.201.112.186:443"\n "20.125.62.241:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"edge.fullstory.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB9A5.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB993.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabB992.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB992.tmp]- [targetUID: 00000000-00003572]\n "CabB9A4.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB9A4.tmp]- [targetUID: 00000000-00003572]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "-F6pfjtqLzI2JPCgQBnw7HFQQi8q0Q_1_.woff" has type "Web Open Font Format CFF length 4065724 version 1.1"- [targetUID: N/A]\n "-F6pfjtqLzI2JPCgQBnw7HFQMisq0Q_1_.woff" has type "Web Open Font Format CFF length 3887056 version 1.1"- [targetUID: N/A]\n "-F62fjtqLzI2JPCgQBnw7HFoxQ_1_.woff" has type "Web Open Font Format CFF length 3838836 version 1.1"- [targetUID: N/A]\n "-F6pfjtqLzI2JPCgQBnw7HFQaioq0Q_1_.woff" has type "Web Open Font Format CFF length 3740384 version 1.1"- [targetUID: N/A]\n "574_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "main_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "main.19b1e1b5c433a7ed95e8_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "TarB9A5.tmp" has type "data"- Location: [%TEMP%\\TarB9A5.tmp]- [targetUID: 00000000-00003572]\n "signup_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "urlref_httpssharedresearch.jpsignup" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "CabB992.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB992.tmp]- [targetUID: 00000000-00003572]\n "clarity_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\js9ur7b\\imagestore.dat]- [targetUID: 00000000-00003572]\n "favicon_6_.ico" has type "MS Windows icon resource - 4 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "92zPtBhPNqw79Ij1E865zBUv7mx9IgVF_1_.woff" has type "Web Open Font Format TrueType length 26112 version 1.1"- [targetUID: N/A]\n "92zPtBhPNqw79Ij1E865zBUv7myRJQVF_1_.woff" has type "Web Open Font Format TrueType length 25980 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://sharedresearch.jp/signup"\n Pattern match: "https://sharedresearch.jp"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7mz9JQVF.woff"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7myjJQVF.woff"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7myRJQVF.woff"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7mx9IgVF.woff"\n Pattern match: "MUIDB3901E857A0CA662738CBFA56A18667BBieonline.microsoft.com/9216107971059231103373413687355431024901*"\n Pattern match: "IESS4Abing.com/102421882214431085611146495771230938743*SRCHUIDV=2&GUID=9D4CEE7CEDDE416B9F68E0235F2310E7&dmnchg=1bing.com/102421882214431085611146495771230938743*SRCHUSRDOB=20220131&T=1643622690000bing.com/1088129326617631085594154050458730938743*MUID21B72F"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQaioq0Q.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F62fjtqLzI2JPCgQBnw7HFoxQ.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQMisq0Q.woff"\n Pattern match: "MUID3901E857A0CA662738CBFA56A18667BBmicrosoft.com/1025411295705631056689247978600330978218*SRCHDAF=NOFORMmicrosoft.com/1024194638604831125287247978600330978218*SRCHUIDV=2&GUID=A9F735962E2A42C3AFD3CAEB5B5F826B&dmnchg=1microsoft.com/1024194638604831125287247"\n Pattern match: "MUID21B72F426D186C1726273DAB6C9C6D7Eclarity.ms/214748467358971059231103373325406105431024901*"\n Pattern match: "https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@300;400;500;900&display=swap"\n Pattern match: "https://fonts.googleapis.com/css2?family=Jost:wght@300;400;500;600&display=swap"\n Pattern match: "https://rsms.me/inter/inter.css"\n Pattern match: "https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@300;400;500;600&display=swap"\n Pattern match: "https://fonts.googleapis.com/css2?family=Jost:wght@300;400;600&display=swap"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Heuristic match: "edge.fullstory.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "edge.fullstory.com/s/fs.js"\n Pattern match: "https://\'+_fs_script"\n Pattern match: "https://www.clarity.ms/tag/+i"\n Pattern match: ".bing.com/214748467358971059231103373325359230431024901*MR0c.bing.com/2147484673293496550431026326325359230431024901*"\n Pattern match: "MR0c.clarity.ms/2147484673293496550431026326325406105431024901*ANONCHK0c.clarity.ms/2147484673395395097631024919325421730431024901*"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQQi8q0Q.woff"\n Pattern match: "https://www.clarity.ms/eus2-c-sc/s/0.7.6/clarity.js,(y=l.getElementsByTagName(r)[0]).parentNode.insertBefore(t,y),a[c](start,i),a[c].q.unshift"\n Pattern match: "CLIDeecbea2c7081455a9dcf0f033f7537b7.20230404.20240403www.clarity.ms/2147492865424520947231098343321968605431024901*"\n Pattern match: "www.clarity.ms/"\n Pattern match: "https://github.com/microsoft/clarity"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Patt185.199.109.153
2023-05-12 02:44:21Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:02:53 2023 GMT Not After : May 25 03:02:52 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2: 4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da: 27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc: 93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57: 82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a: 64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39: b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1: 1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e: 27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a: df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2: 6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86: a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d: 21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d: fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07: 24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34: 0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73: 29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b: 6b:f7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 24 04:02:53.639 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:28:F1:70:B2:E6:F5:A1:9C:C3:2A:B9:98: B7:CA:DE:46:06:8A:0D:FD:5D:51:62:6A:9E:AF:A7:18: F8:56:D1:B0:02:20:21:A4:D3:7B:9B:94:A5:33:57:25: EA:F9:E9:6B:7D:DB:3E:9B:70:AC:99:47:BB:60:A1:D8: D4:9F:E0:9F:F4:44 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Feb 24 04:02:53.699 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:3D:E9:FF:70:A3:4B:24:45:DE:32:CD:C1: EB:D6:68:50:E8:90:39:17:70:65:2F:C3:8E:27:EF:8F: 0A:2C:12:42:02:20:63:BD:B7:88:53:11:AE:74:C0:8C: 3E:DD:9A:2F:D6:E5:34:A4:8C:A2:AB:43:8C:64:7E:9B: D2:8E:90:08:CE:60 Signature Algorithm: sha256WithRSAEncryption 7e:31:5b:b5:c6:0c:16:27:0b:f5:1a:b3:80:a7:ef:5e:5f:1b: 87:38:b7:8a:be:5c:4b:2a:3f:28:2b:4f:87:5f:c2:b4:d3:b7: be:f8:28:f5:15:c7:b3:3f:3d:40:b4:03:a4:95:06:01:1a:58: 1f:75:36:4b:ec:65:5a:e0:fd:b0:bf:41:e3:ff:57:4e:dd:05: 47:2c:e5:74:c8:5a:58:19:d6:53:61:f6:8d:0e:19:29:5d:dd: b2:13:e8:c5:4c:7e:68:dc:f2:b4:05:5a:13:8e:d2:2e:4e:5e: 81:10:a5:86:8f:30:30:f7:61:4a:6f:5c:17:0d:a4:ef:13:02: 05:48:b0:18:ac:9c:df:24:70:12:e3:44:ac:31:54:f5:b6:92: f4:ec:b6:e7:16:93:23:c7:b8:7e:51:5c:f7:05:33:1c:0e:7a: b3:3d:ed:21:03:d2:bc:a5:bf:10:81:1f:4c:79:d4:3a:73:b9: 93:9f:57:8b:98:ea:3e:74:39:70:99:3d:3a:c0:f2:4d:e1:55: ed:dc:49:4e:a6:39:a5:82:ea:2d:6e:e9:17:c6:72:75:ec:10: 72:d0:c9:3e:b9:30:69:bc:2f:70:06:3c:ba:31:b6:c1:0c:45: e6:92:88:78:56:3a:d4:0c:d2:32:b8:49:37:f3:c4:6d:15:69: 54:99:0a:d9
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 401 Unauthorized Date: <REDACTED> Server: cPanel Persistent-Auth: false Host: 87.248.157.102:2077 Cache-Control: no-cache, no-store, must-revalidate, private Connection: close Vary: Accept-Encoding WWW-Authenticate: Basic realm="Restricted Area" Content-Encoding: gzip Content-Length: 52 Content-Type: text/html; charset="utf-8" Expires: Fri, 01 Jan 1990 00:00:00 GMT 87.248.157.102
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonedenis (Net ID: 00:01:46:02:C4:4C)37.780462,-122.390564
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040None<no ssid> (Net ID: 00:02:2D:8E:E3:CD)50.1188, 8.6843
2023-05-12 03:09:25Co-Hosted Site - Domain WhoisNoWhois2040None Domain Name: DONTKILLMYAPP.COM Registry Domain ID: 2344645406_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ascio.com Registrar URL: http://www.ascio.com Updated Date: 2022-11-24T07:34:59Z Creation Date: 2018-12-19T04:28:10Z Registry Expiry Date: 2023-12-19T04:28:10Z Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA Registrar IANA ID: 106 Registrar Abuse Contact Email: abuse@ascio.com Registrar Abuse Contact Phone: +1.4165350123 Domain Status: ok https://icann.org/epp#ok Name Server: NS.WEDOS.COM Name Server: NS.WEDOS.CZ Name Server: NS.WEDOS.EU Name Server: NS.WEDOS.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:05Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: dontkillmyapp.com Registry Domain ID: 2344645406_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ascio.com Registrar URL: http://www.ascio.com Updated Date: 2022-11-24T07:35:59Z Creation Date: 2018-12-19T00:00:00Z Registrar Registration Expiration Date: 2023-12-19T04:28:10Z Registrar: Ascio Technologies, Inc Registrar IANA ID: 106 Registrar Abuse Contact Email: abuse@ascio.com Registrar Abuse Contact Phone: +44 (20) 81583881 Domain Status: OK https://icann.org/epp#ok Registry Registrant ID: Not Disclosed Registrant Name: Not Disclosed Registrant Organization: Not Disclosed Registrant Street: Not Disclosed Registrant City: Not Disclosed Registrant State/Province: Registrant Postal Code: Not Disclosed Registrant Country: CZ Registrant Phone: Not Disclosed Registrant Phone Ext: Not Disclosed Registrant Fax: Not Disclosed Registrant Fax Ext: Not Disclosed Registrant Email: https://whoiscontact.ascio.com?domainname=dontkillmyapp.com Registry Admin ID: Not Disclosed Admin Name: Not Disclosed Admin Organization: Not Disclosed Admin Street: Not Disclosed Admin City: Not Disclosed Admin State/Province: Not Disclosed Admin Postal Code: Not Disclosed Admin Country: Not Disclosed Admin Phone: Not Disclosed Admin Phone Ext: Not Disclosed Admin Fax: Not Disclosed Admin Fax Ext: Not Disclosed Admin Email: Not Disclosed Registry Tech ID: Not Disclosed Tech Name: Not Disclosed Tech Organization: Not Disclosed Tech Street: Not Disclosed Tech City: Not Disclosed Tech State/Province: Not Disclosed Tech Postal Code: Not Disclosed Tech Country: Not Disclosed Tech Phone: Not Disclosed Tech Phone Ext: Not Disclosed Tech Fax: Not Disclosed Tech Fax Ext: Not Disclosed Tech Email: Not Disclosed Name Server: ns.wedos.net Name Server: ns.wedos.cz Name Server: ns.wedos.eu Name Server: ns.wedos.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: https://icann.org/wicf >>> Last update of WHOIS database: 2023-05-12T03:09:25Z <<< For more information on Whois status codes, please visit https://icann.org/epp The data in Ascio Technologies' WHOIS database is provided by Ascio Technologies for information purposes only. By submitting a WHOIS query, you agree that you will use this data only for lawful purpose. In addition, you agree not to: (a) use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts; or (b) use the data to enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. (c) sell or redistribute the data except insofar as it has been incorporated into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties. Ascio Technologies reserves the right to modify these terms at any time. Ascio Technologies cannot guarantee the accuracy of the data provided. By accessing and using Ascio Technologies WHOIS service, you agree to these terms. dontkillmyapp.com
2023-05-12 03:24:51CountryNoCountry Name Extractor0060NoneTurkey Domain Name: KEYUBU.COM Registry Domain ID: 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registry Expiry Date: 2023-07-31T21:39:32Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.COM Registry Domain ID : 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registrar Registration Expiration Date: 2023-07-31T21:39:32Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Noneebrahemsamir.github.io185.199.109.153
2023-05-12 02:54:23HTTP HeadersNoCensys0040None{"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H061ZY9N5FV8EXSVB32WY78R"], "Server": ["Netlify"]}2600:1f18:2489:8201::c8
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.162): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:47:32Raw Data from RIRsNoHybrid Analysis2020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-797251.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "13.227.74.44:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5004:304:WilStaging_02"\n "Local\\SM0:5004:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3416:304:WilStaging_02"\n "Local\\SM0:3416:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "product_page.js" - Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_tracking_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\8096_1032656472\\auto_open_controller.js]- [targetUID: 00000000-00008096]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\8096_1032656472\\shopping_iframe_driver.js]- [targetUID: 00000000-00008096]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\8096_1032656472\\shoppingfre.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\8096_1534272233\\adblock_snippet.js]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00008096]\n "a369bab2-3926-4626-a576-669ff0c25556.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a369bab2-3926-4626-a576-669ff0c25556.tmp]- [targetUID: 00000000-00008096]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00008096]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008096]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n "eaa46630-4898-435c-8b79-12a101475848.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\eaa46630-4898-435c-8b79-12a101475848.tmp]- [targetUID: 00000000-00008096]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\8096_313714830\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00008096]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00008096]\n "cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp]- [targetUID: 00000000-00003416]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00008096]\n "7de6d455-5aa2-4101-812b-70e599317de8.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7de6d455-5aa2-4101-812b-70e599317de8.tmp]- [targetUID: 00000000-00003416]\n "4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp]- [targetUID: 00000000-00008096]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008096]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00008096]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00008096]\n "1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp]- [targetUID: 00000000-00008096]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00008096]\n "6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "jLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'s"\n Heuristic match: "api.telegram.org"\n Heuristic match: "l@allledglobal.com"\n Heuristic match: "german.l@alliedglobal.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': 185.199.111.153
2023-05-12 03:23:44Open TCP PortNoPulsedive0030None188.114.96.17:8080188.114.96.0/24
2023-05-12 02:45:56Raw Data from RIRsNoAbstractAPI0040None{u'city': u'Ashburn', u'security': {u'is_vpn': False}, u'city_geoname_id': 4744870, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'AMAZON-AES', u'isp_name': u'Amazon.com, Inc.', u'organization_name': u'Amazon Technologies Inc', u'autonomous_system_number': 14618}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20149', u'longitude': -77.4903, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:45:55'}, u'latitude': 39.0469, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2600:1f18:2489:8201::c8', u'continent': u'North America', u'region_iso_code': u'VA'}2600:1f18:2489:8201::c8
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneUnitedStatesOfSmash (Net ID: F8:F5:32:A5:DE:80)37.751, -97.822
2023-05-12 03:04:11Malicious Co-Hosted SiteYesabuse.ch0120Noneabuse.ch URLhaus (Domain) [www.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/www.github.com
2023-05-12 02:54:20Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8nuke.battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneNH-NEW (Net ID: 00:01:21:31:EF:16)37.7642, -122.3993
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:0C:41:F9:92:AD)39.0469, -77.4903
2023-05-12 02:53:45Open TCP PortNoCensys0020None2606:50c0:8002::153:802606:50c0:8002::153
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneahu.xyzayhu.xyz
2023-05-12 02:54:10Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c570c285af722f3-ORD Content-Encoding: gzip 2606:4700:3031::6815:6a6
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonemyjoey (Net ID: 00:0C:41:D4:C9:9B)39.0469, -77.4903
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneDTLAMN5 (Net ID: 00:01:9F:20:3C:A4)34.0544, -118.244
2023-05-12 02:46:23Netblock MembershipNoRIPE8020None185.199.108.0/24185.199.108.153
2023-05-12 03:11:22Physical LocationNoAbstractAPI0030NoneFrankfurt am Main, Hesse, 60313, Germany, Europe207.154.228.169
2023-05-12 03:09:26SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=Cloudflare\, Inc.,CN=Cloudflare Inc ECC CA-3188.114.96.1
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007ayong.github.io] https://www.openphish.com/feed.txt007ayong.github.io
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/withat_4.jpghttps://pics.battleb0t.xyz/
2023-05-12 02:45:17Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://reitzcr7.github.io/Netflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://reitzcr7.github.io/Netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8c4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2244"\n "IsoScope_8c4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "IsoScope_8c4_IE_EarlyTabStart_0xee0_Mutex"\n "IsoScope_8c4_ConnHashTable<2244>_HashTable_Mutex"\n "IsoScope_8c4_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8c4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.22.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pro.fontawesome.com"\n "reitzcr7.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002244]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF1FD7FCE8C43D8B2E.TMP" has type "data"- Location: [%TEMP%\\~DF1FD7FCE8C43D8B2E.TMP]- [targetUID: 00000000-00002244]\n "~DF18D68D2B5B79E841.TMP" has type "data"- Location: [%TEMP%\\~DF18D68D2B5B79E841.TMP]- [targetUID: 00000000-00002244]\n "~DF53073A91A8898689.TMP" has type "data"- Location: [%TEMP%\\~DF53073A91A8898689.TMP]- [targetUID: 00000000-00002244]\n "~DFAC4CE31C0DB4071A.TMP" has type "data"- Location: [%TEMP%\\~DFAC4CE31C0DB4071A.TMP]- [targetUID: 00000000-00002244]\n "urlref_httpsreitzcr7.github.ioNetflix" has type "HTML document ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "RecoveryStore._DEC7D8E1-EF98-11ED-B516-080027C3EB44_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DEC7D8E3-EF98-11ED-B516-080027C3EB44_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_E73374D0-EF98-11ED-B516-080027C3EB44_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "HV132DPC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HV132DPC.txt]- [targetUID: 00000000-00003008]\n "902T7L58.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\902T7L58.txt]- [targetUID: 00000000-00002244]\n "PEFIWE8M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PEFIWE8M.txt]- [targetUID: 00000000-00002244]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "I87RSVNQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I87RSVNQ.txt]- [targetUID: 00000000-00003008]\n "1RRO92P8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1RRO92P8.txt]- [targetUID: 00000000-00002244]\n "NZ1UVLXU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NZ1UVLXU.txt]- [targetUID: 00000000-00002244]\n "59QBRUWU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\59QBRUWU.txt]- [targetUID: 00000000-00002244]\n "Netflix_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reitzcr7.github.io/Netflix/"\n Pattern match: "https://reitzcr7.github.io"\n Pattern match: "https://reitzcr7.github.io/Netflix"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt0-!http://oneocsp.microsoft.com/ocsp05E9R"\n Pattern match: "https://pro.fontawesome.com/releases/v5.10.0/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921656687628831032347376965971631032229MUID27087E39A60367C91FAC6D37A74F66C3microsoft.com/102569936550431110701376981596631032229_EDGE_Vmicrosoft.com/921669936550431110701376981596631032229SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921656687628831032347376965971631032229MUID27087E39A60367C91FAC6D37A74F66C3microsoft.com/102569936550431110701376981596631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921656687628831032347376965971631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921670936550431110701377340971631032229MUID2090FF0873546C472F98EC0672D06DA8msn.com/102570936550431110701377340971631032229"\n Pattern match: "MUIDB27087E39A60367C91FAC6D37A74F66C3ieonline.microsoft.com/921669936550431110701376981596631032229"\n Pattern match: "isdomainmigratedtrue185.199.111.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneSurfandSip Wavelan (Net ID: 00:02:2D:01:79:94)37.780462,-122.390564
2023-05-12 02:45:04CountryNoCountry Name Extractor0020NoneUnited StatesDomain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:44:29Co-Hosted Site - Domain NameNoDNS Resolver0020Nonegithub.comgithub.com
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-th.github.io185.199.111.153
2023-05-12 03:00:30Affiliate - Email AddressNoE-Mail Address Extractor0040Nonezlib@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneTech Overdrive (Net ID: 00:0B:6C:BB:FB:4A)33.6170672,-111.90564645297056
2023-05-12 03:14:48Vulnerability - CVE HighYesTool - testssl.sh0220NoneCVE-2016-2183 https://nvd.nist.gov/vuln/detail/CVE-2016-2183 Score: 7.5 Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.www.ayhu.xyz
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0050NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '15631', cRay: '7c5f6071cb5443bc', cHash: '381065269fdd378', cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv', t: 'MTY4Mzg2MDA2My4wMDEwMDA=', m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=', i1: 'MsbaNnnSVdv9s0jxu/qFPg==', i2: 'D5L567ziFL3S1185dlxV3g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:50:01Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://www.bloknmesh.com/de-de/categories/geschlossene-bauzaune', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"109.237.26.201:443"\n "142.250.189.170:443"\n "142.251.46.232:443"\n "185.199.110.153:443"\n "142.250.191.78:443"\n "142.251.2.157:443"\n "142.250.189.162:443"\n "142.250.189.206:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.bloknmesh.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_be0_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_be0_IESQMMUTEX_0_331"\n "IsoScope_be0_ConnHashTable<3040>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3040"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_be0_IESQMMUTEX_0_303"\n "IsoScope_be0_IE_EarlyTabStart_0xdc0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_be0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "gb_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "TarF14F.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabF14E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF1B0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF18F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF23E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF13C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"menu_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "country-select-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "nl_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "at_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "angle-left-small-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "direct-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-mobile_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "hire-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "installation-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "be_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "de_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-toggle-close_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "country-toggle-close_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.bloknmesh.com/de-de/categories/geschlossene-bauzaune"\n Pattern match: "https://www.bloknmesh.com"\n Pattern match: "www.bloknmesh.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.bloknmesh.com" seems to be random'}], u'threat_level': 0, u'size': None, u'job_id': u'63eb580a656d4508501f7ddd', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'109.237.26.201', u'142.250.189.170', u'142.251.46.232', u'185.199.110.153', u'142.250.191.78', u'142.251.2.157', u'142.250.189.162', u'142.250.189.206', u'142.251.46.227'], u'sha256': u'ffc86eb014a73c210623dbd4f36139a11c64b837621251d40584904dd7208526', u'sha512': u'1c3d667eabb07aa2a138edbfa8d3804ddede4abce94c0a69545d2046db978c501505db13ae264fef10d8c1b02ba750ecff6d74d3be180c96b659ba1f3db1ce6d', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.bloknmesh.com/de-de/categories/geschlossene-bauzaune', u'submission_id': u'63eb580a656d4508501f7dde', u'created_at': u'2023-02-14T09:44:42+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-14T09:44:43+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 9, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'05fe3e8314ad9f8079b7f8e333a310e7', u'network_mode': u'default', u'processes': [], u'sha1': u'9d87d6dc6afb474f596750e0f7fcfbc195ed29dd', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'www.bloknmesh.com'], u'extracted_files': [], u'type_short': []}]185.199.110.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonex-served-by: cache-ewr18140-EWR{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.226): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneKaesler (Net ID: 00:14:5C:86:BC:3E)50.8897, 6.0563
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.161): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:13Web ContentNoWeb Spider0030None!function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{}};return e[i].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:i})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var i=Object.create(null);if(n.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(i,r,function(t){return e[t]}.bind(null,r));return i},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=9)}([function(e,t,n){"use strict";n.d(t,"a",(function(){return s}));var i=n(4),r=n(7),a=new s,o=new r.a;function s(e,t,n){this.x=e||0,this.y=t||0,this.z=n||0}Object.assign(s.prototype,{isVector3:!0,set:function(e,t,n){return this.x=e,this.y=t,this.z=n,this},setScalar:function(e){return this.x=e,this.y=e,this.z=e,this},setX:function(e){return this.x=e,this},setY:function(e){return this.y=e,this},setZ:function(e){return this.z=e,this},setComponent:function(e,t){switch(e){case 0:this.x=t;break;case 1:this.y=t;break;case 2:this.z=t;break;default:throw new Error("index is out of range: "+e)}return this},getComponent:function(e){switch(e){case 0:return this.x;case 1:return this.y;case 2:return this.z;default:throw new Error("index is out of range: "+e)}},clone:function(){return new this.constructor(this.x,this.y,this.z)},copy:function(e){return this.x=e.x,this.y=e.y,this.z=e.z,this},add:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .add() now only accepts one argument. Use .addVectors( a, b ) instead."),this.addVectors(e,t)):(this.x+=e.x,this.y+=e.y,this.z+=e.z,this)},addScalar:function(e){return this.x+=e,this.y+=e,this.z+=e,this},addVectors:function(e,t){return this.x=e.x+t.x,this.y=e.y+t.y,this.z=e.z+t.z,this},addScaledVector:function(e,t){return this.x+=e.x*t,this.y+=e.y*t,this.z+=e.z*t,this},sub:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .sub() now only accepts one argument. Use .subVectors( a, b ) instead."),this.subVectors(e,t)):(this.x-=e.x,this.y-=e.y,this.z-=e.z,this)},subScalar:function(e){return this.x-=e,this.y-=e,this.z-=e,this},subVectors:function(e,t){return this.x=e.x-t.x,this.y=e.y-t.y,this.z=e.z-t.z,this},multiply:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .multiply() now only accepts one argument. Use .multiplyVectors( a, b ) instead."),this.multiplyVectors(e,t)):(this.x*=e.x,this.y*=e.y,this.z*=e.z,this)},multiplyScalar:function(e){return this.x*=e,this.y*=e,this.z*=e,this},multiplyVectors:function(e,t){return this.x=e.x*t.x,this.y=e.y*t.y,this.z=e.z*t.z,this},applyEuler:function(e){return e&&e.isEuler||console.error("THREE.Vector3: .applyEuler() now expects an Euler rotation rather than a Vector3 and order."),this.applyQuaternion(o.setFromEuler(e))},applyAxisAngle:function(e,t){return this.applyQuaternion(o.setFromAxisAngle(e,t))},applyMatrix3:function(e){var t=this.x,n=this.y,i=this.z,r=e.elements;return this.x=r[0]*t+r[3]*n+r[6]*i,this.y=r[1]*t+r[4]*n+r[7]*i,this.z=r[2]*t+r[5]*n+r[8]*i,this},applyNormalMatrix:function(e){return this.applyMatrix3(e).normalize()},applyMatrix4:function(e){var t=this.x,n=this.y,i=this.z,r=e.elements,a=1/(r[3]*t+r[7]*n+r[11]*i+r[15]);return this.x=(r[0]*t+r[4]*n+r[8]*i+r[12])*a,this.y=(r[1]*t+r[5]*n+r[9]*i+r[13])*a,this.z=(r[2]*t+r[6]*n+r[10]*i+r[14])*a,this},applyQuaternion:function(e){var t=this.x,n=this.y,i=this.z,r=e.x,a=e.y,o=e.z,s=e.w,l=s*t+a*i-o*n,c=s*n+o*t-r*i,u=s*i+r*n-a*t,h=-r*t-a*n-o*i;return this.x=l*s+h*-r+c*-o-u*-a,this.y=c*s+h*-a+u*-r-l*-o,this.z=u*s+h*-o+l*-a-c*-r,this},project:function(e){return this.applyMatrix4(e.matrixWorldInverse).applyMatrix4(e.projectionMatrix)},unproject:function(e){return this.applyMatrix4(e.projectionMatrixInverse).applyMatrix4(e.matrixWorld)},transformDirection:function(e){var t=this.x,n=this.y,i=this.z,r=e.elements;return this.x=r[0]*t+r[4]*n+r[8]*i,this.y=r[1]*t+r[5]*n+r[9]*i,this.z=r[2]*t+r[6]*n+r[10]*i,this.normalize()},divide:function(e){return this.x/=e.x,this.y/=e.y,this.z/=e.z,this},divideScalar:function(e){return this.multiplyScalar(1/e)},min:function(e){return this.x=Math.min(this.x,e.x),this.y=Math.min(this.y,e.y),this.z=Math.min(this.z,e.z),this},max:function(e){return this.x=Math.max(this.x,e.x),this.y=Math.max(this.y,e.y),this.z=Math.max(this.z,e.z),this},clamp:function(e,t){return this.x=Math.max(e.x,Math.min(t.x,this.x)),this.y=Math.max(e.y,Math.min(t.y,this.y)),this.z=Math.max(e.z,Math.min(t.z,this.z)),this},clampScalar:function(e,t){return this.x=Math.max(e,Math.min(t,this.x)),this.y=Math.max(e,Math.min(t,this.y)),this.z=Math.max(e,Math.min(t,this.z)),this},clampLength:function(e,t){var n=this.length();return this.divideScalar(n||1).multiplyScalar(Math.max(e,Math.min(t,n)))},floor:function(){return this.x=Math.floor(this.x),this.y=Math.floor(this.y),this.z=Math.floor(this.z),this},ceil:function(){return this.x=Math.ceil(this.x),this.y=Math.ceil(this.y),this.z=Math.ceil(this.z),this},round:function(){return this.x=Math.round(this.x),this.y=Math.round(this.y),this.z=Math.round(this.z),this},roundToZero:function(){return this.x=this.x<0?Math.ceil(this.x):Math.floor(this.x),this.y=this.y<0?Math.ceil(this.y):Math.floor(this.y),this.z=this.z<0?Math.ceil(this.z):Math.floor(this.z),this},negate:function(){return this.x=-this.x,this.y=-this.y,this.z=-this.z,this},dot:function(e){return this.x*e.x+this.y*e.y+this.z*e.z},lengthSq:function(){return this.x*this.x+this.y*this.y+this.z*this.z},length:function(){return Math.sqrt(this.x*this.x+this.y*this.y+this.z*this.z)},manhattanLength:function(){return Math.abs(this.x)+Math.abs(this.y)+Math.abs(this.z)},normalize:function(){return this.divideScalar(this.length()||1)},setLength:function(e){return this.normalize().multiplyScalar(e)},lerp:function(e,t){return this.x+=(e.x-this.x)*t,this.y+=(e.y-this.y)*t,this.z+=(e.z-this.z)*t,this},lerpVectors:function(e,t,n){return this.subVectors(t,e).multiplyScalar(n).add(e)},cross:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .cross() now only accepts one argument. Use .crossVectors( a, b ) instead."),this.crossVectors(e,t)):this.crossVectors(this,e)},crossVectors:function(e,t){var n=e.x,i=e.y,r=e.z,a=t.x,o=t.y,s=t.z;return this.x=i*s-r*o,this.y=r*a-n*s,this.z=n*o-i*a,this},projectOnVector:function(e){var t=e.dot(this)/e.lengthSq();return this.copy(e).multiplyScalar(t)},projectOnPlane:function(e){return a.copy(this).projectOnVector(e),this.sub(a)},reflect:function(e){return this.sub(a.copy(e).multiplyScalar(2*this.dot(e)))},angleTo:function(e){var t=Math.sqrt(this.lengthSq()*e.lengthSq());0===t&&console.error("THREE.Vector3: angleTo() can't handle zero length vectors.");var n=this.dot(e)/t;return Math.acos(i.a.clamp(n,-1,1))},distanceTo:function(e){return Math.sqrt(this.distanceToSquared(e))},distanceToSquared:function(e){var t=this.x-e.x,n=this.y-e.y,i=this.z-e.z;return t*t+n*n+i*i},manhattanDistanceTo:function(e){return Math.abs(this.x-e.x)+Math.abs(this.y-e.y)+Math.abs(this.z-e.z)},setFromSpherical:function(e){return this.setFromSphericalCoords(e.radius,e.phi,e.theta)},setFromSphericalCoords:function(e,t,n){var i=Math.sin(t)*e;return this.x=i*Math.sin(n),this.y=Math.cos(t)*e,this.z=i*Math.cos(n),this},setFromCylindrical:function(e){return this.setFromCylindricalCoords(e.radius,e.theta,e.y)},setFromCylindricalCoords:function(e,t,n){return this.x=e*Math.sin(t),this.y=n,this.z=e*Math.cos(t),this},setFromMatrixPosition:function(e){var t=e.elements;return this.x=t[12],this.y=t[13],this.z=t[14],this},setFromMatrixScale:function(e){var t=this.setFromMatrixColumn(e,0).length(),n=this.setFromMatrixColumn(e,1).length(),i=this.setFromMatrixColumn(e,2).length();return this.x=t,this.y=n,this.z=i,this},setFromMatrixColumn:function(e,t){return this.fromArray(e.elements,4*t)},equals:function(e){return e.x===this.x&&e.y===this.y&&e.z===this.z},fromArray:function(e,t){return void 0===t&&(t=0),this.x=e[t],this.y=e[t+1],this.z=e[t+2],this},toArray:function(e,t){return void 0===e&&(e=[]),void 0===t&&(t=0),e[t]=this.x,e[t+1]=this.y,e[t+2]=this.z,e},fromBufferAttribute:function(e,t,n){return void 0!==n&&console.warn("THREE.Vector3: offset has been removed from .fromBufferAttribute()."),this.x=e.getX(t),this.y=e.getY(t),this.z=e.getZ(t),this}})},function(e,t,n){"use strict";n.d(t,"a",(function(){return o}));var i=n(3),r=n(2),a=n(6),o={common:{diffuse:{value:new i.a(15658734)},opacity:{value:1},map:{value:null},uvTransform:{value:new a.a},uv2Transform:{value:new a.a},alphaMap:{value:null}},specularmap:{specularMap:{value:null}},envmap:{envMap:{value:null},flipEnvMap:{value:-1},reflectivity:{value:1},refractionRatio:{value:.98},maxMipLevel:{value:0}},aomap:{aoMap:{value:null},aoMapIntensity:{value:1}},lightmap:{lightMap:{value:null},lightMapIntensity:{value:1}},emissivemap:{emissiveMap:{value:null}},bumpmap:{bumpMap:{value:null},bumpScale:{value:1}},normalmap:{normalMap:{value:null},normalScale:{value:new r.a(1,1)}},displacementmap:{displacementMap:{value:null},displacementScale:{value:1},displacementBias:{value:0}},roughnessmap:{roughnessMap:{value:null}},metalnessmap:{metalnessMap:{value:null}},gradientmap:{gradientMap:{value:null}},fog:{fogDensity:{value:25e-5},fogNear:{value:1},fogFar:{value:2e3},fogColor:{value:new i.a(16777215)}},lights:{ambientLightColor:{value:[]},lightProbe:{value:[]},directionalLights:{value:[],properties:{direction:{},color:{},shadow:{},shadowBias:{},shadowRadius:{},shadowMapSize:{}}},directionalShadowMap:{value:[]},directionalShadowMatrix:{value:[]},spotLights:{value:[],properties:{color:{},position:{},direction:{},distance:{},coneCos:{},penumbraCos:{},decay:{},shadow:{},shadowBias:{},shadowRadius:{},shadowMapSize:{}}},spotShadowMap:{value:[]},spotShadowMatrix:{value:[]},pointLights:{value:[],properties:{color:{},position:{},decay:{},distance:{},shadow:{},shadowBias:{},shadowRadius:{},shadowMapSize:{}https://battleb0t.xyz/main.built.js
2023-05-12 02:58:18Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'52.217.192.16', u'34.148.97.127', u'108.139.0.107', u'54.205.240.192'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://support.freshping.io/en/support/solutions/articles/237621', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a34_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_a34_ConnHashTable<2612>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2612"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_a34_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a34_IESQMMUTEX_0_331"\n "IsoScope_a34_IESQMMUTEX_0_303"\n "IsoScope_a34_IE_EarlyTabStart_0xdf0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "freshworks-portal.netlify.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.208.180.173:443"\n "108.138.247.6:443"\n "172.253.63.95:443"\n "52.217.192.16:443"\n "108.138.245.91:80"\n "172.217.14.195:80"\n "108.139.0.48:80"\n "108.139.0.178:80"\n "108.138.245.195:80"\n "172.217.14.195:443"\n "34.148.97.127:443"\n "108.138.246.25:443"\n "108.139.0.107:443"\n "54.205.240.192:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabFB10.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ajax-loader_1_.gif" has type "GIF image data version 89a 18 x 18"- [targetUID: N/A]\n "related_articles_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002556]\n "6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ_1_.woff" has type "Web Open Font Format TrueType length 15704 version 1.1"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00002556]\n "icon-sprites-2_1_.png" has type "PNG image data 300 x 72 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "portal_print-a389f1ef3e87261e7264e3e70416d704_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLCz7Z1xlEw_1_.woff" has type "Web Open Font Format TrueType length 10436 version 1.1"- [targetUID: N/A]\n "portal_utils-036d877ee9df92b844f3f7e66e6b41af_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_B13E2B48FEEE7ABC0415719489CB444D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7D6243C18F0F8F9AEC6638DD210F1984_B13E2B48FEEE7ABC0415719489CB444D]- [targetUID: 00000000-00002556]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002556]\n "2ZG9LS53.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2ZG9LS53.txt]- [targetUID: 00000000-00002612]\n "icomoon_1_.ttf" has type "TrueType Font data 11 tables 1st "OS/2" 14 names Macintosh type 1 string icomoon "- [targetUID: N/A]\n "~DF0BFC9FC40A762D44.TMP" has type "data"- Location: [%TEMP%\\~DF0BFC9FC40A762D44.TMP]- [targetUID: 00000000-00002612]\n "~DFF5791F511DCFC9C7.TMP" has type "data"- Location: [%TEMP%\\~DFF5791F511DCFC9C7.TMP]- [targetUID: 00000000-00002612]\n "6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdo_1_.woff" has type "Web Open Font Format TrueType length 16116 version 1.1"- [targetUID: N/A]\n "RecoveryStore._AE7F9723-1A2D-11ED-A081-0800271F92EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "theme_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "~DF19E56798D5DFA061.TMP" has type "data"- Location: [%TEMP%\\~DF19E56798D5DFA061.TMP]- [targetUID: 00000000-00002612]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /en/support/solutions/articles/237621 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: support.freshping.io\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_3.208.180.173]\n\n "28e2\n]vGr};I+Y+Jvvedp3EZ5y<J$W=399TWWWG=vz:y8<IX)=%,`B30A8 ({`6t,S(B_tr<\n&vO4 |Vz#A>ZMO`m?kJorAx1t:SDQHB@O:t.D{|CUe$*#+|h?`esw^^:]L~Lht!n&R#8Jij_.RD~A^u\\uQ<0|]u]kOI}%b@[(Rax`lEWh=\'udQz8lFV;V=~v=QpK_o\nQr<*9cgq]^N?rt:ax86z9v0D)KhyhX~yupRo7zSg\n2"er!UYdT47|$~b>=Q0^V?}3qR(NK)NK:%;t O\'R K-Q`zaEff_2nJ;vr;v9hN1<\nwRjWv\nhU%\\\'P|26yY\nx\\:zsVap;Ioa[#kS/Ni\n3O1gI+m{G~w4cE\n9.Frs:eoH]]~\n>DeZqOEB7D+\n)0K\nLpr.#Iy1}p:4-4+6Z5zI_;w+s"imo0c|#Gc;DfPSpXxo94B7DC4-L%ZL&`C)H[8T~x94g_*F\\If4ckrkrXZk:~6~nz~Py7p:nzu@A-hka60^\'{p_\nK d/J\\\\(b(auK;x\\1(tpl{++sV:N. N2y%o7W7^B>,\nC&aF77r+~ze7D,wc9W-G#Z=d0ky-_tQO{ bn~:dUbf,]!+Or~tRf0xjVZ8e}dYW )<LyNA 8WI`/`N"?|BE;}Xv]|$4`f|-!;RKrauEArNGhf!itW*>IyUl/:dkF"nfyMYH(YKptn;]:Z{,\\"u{vZ-\nZ\nvYgx1w?\n$c;j_j(8c9^;xa5>]DL+fOUp%U/2`X6y=N!X8X5*X!`&r]%"TYX6(aEt)?e7iYc[B{0]I"|QNj^*V&%Ix]&mXJ,LPn8fEe(H0;4<{0NO^g!x$?Z!-PsiY)|b|9%J9Q.(Ik*\n`~!2C`5HmN]0>\'i<0tEN@/#!p>0$KAXka1cGt?T"BjAZ%"mKB&.1)+BUUuS~_PeU%lCJW?ZvV.%\'k\\\'l\\k;1n=2\nn!K.-_2fy&p{WBQ,Q3XZ6hT,]b+p.>v:=rHv\\kEknoi"KDyqU\nd{WLu{\\ZO[Y4Xl62hNg71x|^_"il%F%eHb^lY+"eBRZ!e]Bb^S((aK]BVh%q?\n6DoVL,pbxML)I9y!U\n%8r>:X+Z&]3$Y1AB(5/R!ey@T,fb0u\nl&<m8Rc2v !C/xC?C6b!n%b\'nG\nR5JOKs}OpeH8)W7$I\nGSxaK~7oYUV*FKzg#5Q8(=!e"F.3oW2}RV^Rt^P$8Yr^-4{Wj]?hYMPi6MlT3c9#i%zp,,tIYaRFDlf):72+G+$W3aHQ.#Awve\'CvPSxDy|a/X\n(2*^SSLF!ZSUWQIJ5e?sA\n|"tr=Nz;[^y3:8jvd%c&N~A>*^r8A|Bd,$gGY9U r6]!Hy1pGG9RW# @;3`f~<pRr(u"^T!;A?^Y(I9FRJ9x\\`5%`*ca|?AlrU*NMi~@;(_xGjzk}xX\\Q.g?D:?>:x}D<z7m65s,+( [?h5%(8%,P^Vp|xC.U$z"P5b{jO&J%DNu/,t9hiSo4O?Ww_=k]!k8#Qk@ )OlBB\'\n!|\'9eF|ShbsXT9HJ=$bCbprxVo?t p\'&H+m8A=rr{-F"`U%Xa3tJ5JK xfcE P)p}gOC_j+Ui<?\nxnrE)b)Zrgl`fviA"\nJX!3Hd2$\n5Bn3n*qBjLptO:29x<\nT*\nTBf\\gpJ~>oB0fEcDHhV\\t@dGSQ=Yh}S0@AM`P!U\n%[Vq4a2L`ikFQL}i+AYqR*9e>F+qdng9_eB\'WEps, +fAa?kH\n|QE3BV)+f4.4~;c!#\nDRTAU]B.IlZK\nrzS+6_0 W !EI`Zl1=2q]h/*$l^WrT\'sg9RL[J7+uiY[eEZNAtOe>\n=UI+0o r\nC\n!vU-6>Yi{pugBye SG\n#*.ziowr4a5Zz}^:JueEM{^omwkoZ{k[K<9w`-O5Ga|K>ane:)Ma"r"~\n&Z}Lg"NlJu\n[9z4}<>O.-"OK[gL\\nykR>)?s.Uq~g}qQBX/^p9Zx1cvJ-K)YCrm8{!NpHIX^nE;i 8]IFD*8e\nk0 MDa)ZRX8tVqt&}I?CYqFNYHHG{e"*wLvv+&O+a_hJ0\\Z4vJvKB*&2+ie>|2o%d2uHg4E>-e\\7@p+}wG),5V]d!j NZ0c75CdCAOlW)6 w=lfNi6E~\'l/]\'^1uk.0 2\nP 8MgGJW}+Oq d0lGa?O2hyPeTvp\n<SCtRy%Lr+v@`6RHIIk\\&m !C(di25_k.^"C>-\n`t\'BJI z}xh*o2x6Uv\'Ds+6|qw.\nde|Z2qN~Jh\'tKw`<XiY2dV],5!XE6D4sva3F3`.<;+a^I^WVt)?-Gt[m(nMU +!^dqU m:Md]G^e1_xs\nDY;{eJWZ\n&u4\n+m:KGuN*sow854oHBCJ=\nB)k]2bT+,VF_Bh1XG;n6\'!wl!d71:_oB~~G|)3+&xBh;*y7D{z0`5*dE!ex"&+U8v6ydaHm.P\nsAyj6+B\nl~e_?jF6:h@g%u!tB]|q)#\\s5WX[5`2!!i)1%e\\#{i0wm]ZxRdfy6OOmEm_u=+BLzWb\n4\n3i;hHA?B(:Fs/4{\nLGH2Xq(p<%Yp)XHoHk+e$\nh=-D*$"U3#Hg>;i\'v6imOr$JVpT,t `iOip+NNo?Wq/^~`Ei7Do:c_*9[D\'7iED/Z]6-TZ bRxnq1D$({C3qn24>mBsr!HcQ5Z}%Vb>>&A~hcmy:D5E9.Uzz*y:` u8b;?DQP/+\\~}^y-@V,aM8M{0zI=C=\n)O:3tcy_pO%M ^FCG8#9z&-y8`OI/U[oF]XujXR-:&QvEx7Lva0eiK>h8m+Q#$&+B843=\\kxpOQ9sE\nqrdjkg2p7kR;syufNys|arodxn6OL\nF}?!nIPT(*G&HvW8?2>T"LmK>r.\nKyc_g0!tT:-cpMdpDkH^3tl%Mvm>|GPn\\SCteCyew-\nHHq6IHS?s34.148.97.127
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider2030Nonehttps://pics.battleb0t.xyz/images/withat_3.jpghttps://pics.battleb0t.xyz/
2023-05-12 03:36:57Physical LocationNoMetaDefender0020NoneTehran, Iran87.248.157.102
2023-05-12 02:54:27HTTP HeadersNoCensys0040None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Netlify"], "X_Nf_Request_Id": ["01H04XFP518R0GMRXREDYN35MZ"], "Date": ["<REDACTED>"]}2600:1f18:2489:8202::c8
2023-05-12 03:41:36Physical LocationNoAbstractAPI1030NoneEygelshoven, Limburg, 6471, Netherlands, Europe45.131.109.53
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.36): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010Nonescratch (Category: coding) https://scratch.mit.edu/users/ayshoo/ayshoo
2023-05-12 03:09:47Affiliate - Internet NameNoDNS Resolver0040None71.170.74.34.bc.googleusercontent.com34.74.170.71
2023-05-12 03:09:28Open TCP PortNoSSL Certificate Analyzer0030None165.232.113.85:443165.232.113.85
2023-05-12 02:54:51Open TCP PortNoCensys0030None34.74.170.74:44334.74.170.74
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:E3:34)50.1188, 8.6843
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: close Content-Type: text/html; charset="utf-8" Date: <REDACTED> Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Set-Cookie: cpsession=%3a1TMQH6MZEuqlLsFz%2c7387de1c8dd6f13e5f0cbf314c13b1f5; HttpOnly; path=/; port=2082 Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2082 Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082 Cache-Control: no-cache, no-store, must-revalidate, private X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Encoding: gzip Content-Length: 12486 87.248.157.102
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonex-cache-hits: 1{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 02:55:16Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://vismliko.github.io/runssitory/index.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5362.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar54FB.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"connectenligne.derlma.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "34.125.187.102:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4088"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ff8_ConnHashTable<4088>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_ff8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ff8_IE_EarlyTabStart_0xf3c_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_ff8_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4088"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab54EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab5361.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "down_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003292]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF82199855D99D5F85.TMP" has type "data"- Location: [%TEMP%\\~DF82199855D99D5F85.TMP]- [targetUID: 00000000-00004088]\n "~DF6973702D5F642C4C.TMP" has type "data"- Location: [%TEMP%\\~DF6973702D5F642C4C.TMP]- [targetUID: 00000000-00004088]\n "_2CF926F8-B17E-11ED-8073-0800273C3D4C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "Cab54EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab54EA.tmp]- [targetUID: 00000000-00003292]\n "WIRQ4PF5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WIRQ4PF5.txt]- [targetUID: 00000000-00004088]\n "Tar5362.tmp" has type "data"- Location: [%TEMP%\\Tar5362.tmp]- [targetUID: 00000000-00003292]\n "info_48_1_" has type "PNG image data 47 x 48 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFC3F757ED4B5F6D8C.TMP" has type "data"- Location: [%TEMP%\\~DFC3F757ED4B5F6D8C.TMP]- [targetUID: 00000000-00004088]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "N0SMPU3L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N0SMPU3L.txt]- [targetUID: 00000000-00004088]\n "RecoveryStore._856A4483-B17B-11ED-8073-0800273C3D4C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar54FB.tmp" has type "data"- Location: [%TEMP%\\Tar54FB.tmp]- [targetUID: 00000000-00003292]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00004088]\n "Cab5361.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5361.tmp]- [targetUID: 00000000-00003292]\n "http_404_1_" has type "HTML document UTF-8 Unicode (with BOM) text with very long lines with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://vismliko.github.io/runssitory/index.html"\n Pattern match: "https://vismliko.github.io"\n Heuristic match: "connectenligne.derlma.com"\n Pattern match: "https://connectenligne.derlma.com/TFGHFGHFTRH/11/mail@tler/nanelms/fr/9999"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /runssitory/index.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: vismliko.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nConnection: keep-alive\nContent-Length: 237\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nLast-Modified: Sat, 18 Feb 2023 20:40:04 GMT\nAccess-Control-Allow-Origin: *\nStrict-Transport-Security: max-age=31556952\nETag: "63f137a4-ed"\nexpires: Tue, 21 Feb 2023 01:07:42 GMT\nCache-Control: max-age=600\nx-proxy-cache: MISS\nX-GitHub-Request-Id: EADC:3606:196E1F:1DB1A0:63F41706\nAccept-Ranges: bytes\nDate: Tue, 21 Feb 2023 00:57:42 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10074-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1676941063.658138,VS0,VE95\nVary: Accept-Encoding\nX-Fastly-Request-ID: cdb302efca5f6fb6cece2995633e3658e2e79131"\n "<!DOCTYPE html>\n<html>\n <head>\n <meta charset="UTF-8" />\n <meta http-equiv="refresh" content="0; URL=https://connectenligne.derlma.com/TFGHFGHFTRH/11/mail@tler/nanelms/fr/9999" />\n </head>\n <body>\n \n </body>\n</html>"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: vismliko.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 404 Not Found\nConnection: keep-alive\nContent-Length: 5142\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nETag: W/"63cf03be-239b"\nContent-Security-Policy: default-src \'none\'; style-src \'unsafe-inline\'; img-src data:; connect-src \'self\'\nContent-Encoding: gzip\nX-GitHub-Request-Id: 3626:6688:196418:1DA771:63F41709\nAccept-Ranges: bytes\nDate: Tue, 21 Feb 2023 00:57:45 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10074-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1676941065.214280,VS0,VE87\nVary: Accept-Encoding\nX-Fastly-Request-ID: 8921bafc7550ba044cb481baf67d48229733be04"\n "GET /TFGHFGHFTRH/11/mail@tler/nanelms/fr/9999 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: connectenligne.derlma.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.0 404 Not Found\nDate: Tue, 21 Feb 2023 00:57:47 GMT\nServer: Apache/2.4.54 (Debian)\nContent-Length: 0\nConnection: close\nContent-Type: text/html; charset=UTF-8"'}, {u'category': u'External Systems', u'origin'185.199.109.153
2023-05-12 02:44:24Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.109.153
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c59a6bfbf716314-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.96.1
2023-05-12 02:44:22Physical LocationNoipstack0020NoneNetherlands104.21.6.166
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.217): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:33:53Raw File Meta DataNoBinary String Extractor0040None<!DOCTYPE html> <html> <head> <title>Page Not Found</title> <style> </style> </head> <body> <h1>Page Not Found</h1> </div> <p>Looks like you've followed a broken link or entered a URL that doesn't exist on this site.</p> <p> </svg> Back to our site </a> </p> </p> </div> </div> </div> <script> </script> </body> </html> https://funny.battleb0t.xyz/images/withat_5.jpg
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Nonemalsup.github.io185.199.110.153
2023-05-12 02:58:45Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://tiny.one/vkds2czp', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_fd0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_fd0_IESQMMUTEX_0_303"\n "IsoScope_fd0_IE_EarlyTabStart_0xa28_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fd0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4048"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_fd0_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_fd0_ConnHashTable<4048>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.197.3.8:80"\n "104.19.137.56:443"\n "184.31.135.120:80"\n "34.74.170.74:443"\n "18.158.249.130:443"\n "13.227.44.127:80"\n "13.227.44.75:80"\n "18.195.27.143:443"\n "54.230.57.124:80"\n "13.227.44.102:80"\n "54.230.57.140:80"\n "54.230.57.39:80"\n "205.185.216.42:443"\n "142.251.46.202:443"\n "142.251.46.232:443"\n "142.251.46.195:80"\n "142.250.188.14:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crl.pki.goog"\n "crl.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"\n "crl.sca1b.amazontrust.com"\n "crls.pki.goog"\n "fickfreunde.de"\n "o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "x1.c.lencr.org"\n "x2.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"\n "o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.pki.goog"\n "crl.pki.goog"\n "crls.pki.goog"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "XM1W3787.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XM1W3787.txt]- [targetUID: 00000000-00004048]\n Dropped file: "GTDQ1BCW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GTDQ1BCW.txt]- [targetUID: 00000000-00004048]\n Dropped file: "NV1LND8V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NV1LND8V.txt]- [targetUID: 00000000-00003196]\n Dropped file: "91FRE6MN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\91FRE6MN.txt]- [targetUID: 00000000-00003196]\n Dropped file: "4YVPDQ8O.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4YVPDQ8O.txt]- [targetUID: 00000000-00004048]\n Dropped file: "JN3YCX92.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JN3YCX92.txt]- [targetUID: 00000000-00003196]\n Dropped file: "L7OFV9WB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L7OFV9WB.txt]- [targetUID: 00000000-00003196]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "CabE94D.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "bootstrap.min.c5b5b2fa19bd66ff23211d9f844e0131_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Report.wer.tmp" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00004048]\n "3538626A1FCCCA43C7E18F220BDD9B02" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\3538626A1FCCCA43C7E18F220BDD9B02]- [targetUID: 00000000-00003196]\n "~DF7C3969B65B11E63B.TMP" has type "data"- Location: [%TEMP%\\~DF7C3969B65B11E63B.TMP]- [targetUID: 00000000-00004048]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003196]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003196]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00003196]\n "70DAE932E3BCB3C00656A27B544BA9CA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\70DAE932E3BCB3C00656A27B544BA9CA]- [targetUID: 00000000-00003196]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003196]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00004048]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00004048]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFFCAAE1DAD68AC182.TMP" has type "data"- Location: [%TEMP%\\~DFFCAAE1DAD68AC182.TMP]- [targetUID: 00000000-00004048]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003196]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00003196]\n "~DFF63874B4B14647AC.TMP" has type "data"- Location: [%TEMP%\\~DFF63874B4B14647AC.TMP]- [targetUID: 00000000-00004048]\n "F07644E38ED7C9F37D11EEC6D4335E02_D4DDF242A8972F898C0FE0D6EA6919E3" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\F07644E38ED7C9F37D11EEC6D4335E02_D4DDF242A8972F898C0FE0D6EA6919E3]- [targetUID: 00000000-00003196]\n "7D6243C18F0F8F9AEC6638DD210F1984_70FF9CF72C17814AF5276C6CA0C1775E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_70FF9CF72C17814AF5276C6CA0C1775E]- [targetUID: 00000000-00003196]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://tiny.one/vkds2czp"\n Pattern match: "https://tiny.one"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontr34.74.170.74
2023-05-12 02:47:32Open TCP PortNoPulsedive0020None172.67.135.9:80172.67.135.9
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonepfa (Net ID: 00:02:6F:C4:70:30)33.617190550339146,-111.90827887019054
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NonePinterest (Category: social) https://www.pinterest.com/Altpapier/Altpapier
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050Nonefreesound (Category: music) https://freesound.org/people/Altpapier/Altpapier
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c596497ac4b8134-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.71.14
2023-05-12 02:54:18Web ContentNoWeb Spider4020None<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr> nwapi.battleb0t.xyz
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}104.21.71.14
2023-05-12 03:09:55Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.104
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneaihu.xyzayhu.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneCOLOURlovers (Category: hobby) https://www.colourlovers.com/lover/loginlogin
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonevillagio (Net ID: 00:01:24:F0:87:66)33.6170672,-111.90564645297056
2023-05-12 03:33:55Raw File Meta DataNoBinary String Extractor0040None!22222222222222222222222222222222222222222222222222 3 zVm Y7a5mH LyBu5 @rO$T gt@G<U rCrV8 e$?>z DvgsWuM_ w"$RO WW uvW_c KT`\d Vb /'T T\"zw :W4cn Ga96A$ S$jFv cBK8< bp1MDND .rzQ`l kRgKHB'/ DajA 8 hZk68 59L'` sM!2C Khv3$\ zqLtj :GRx4 $L705 IogY$c qOD t e:otz$ gk>Ci"dm j@@EDjf hprOSM 1ZiZC aQ0 EXaQ0 5VFE$ xX<nU w2mJd JxZ9229 U>Ys. 5DOzij Nk6R$ O5hDf$ 5aNES oQE/j gOIcq 8?e.xl q5 <` v3Lbs psF 4 1E/QE https://funny.battleb0t.xyz/images/random_1.jpeg
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneALARM (5F:3F:FA) (Net ID: 00:02:D1:5F:3F:FA)33.6170672,-111.90564645297056
2023-05-12 02:44:09SSL Certificate - Issued toNoCertSpotter0010NoneCN=*.ayhu.xyzayhu.xyz
2023-05-12 03:33:55Raw File Meta DataNoBinary String Extractor0040None cHRM IDATx 9RD@R 6_:f Q3ot<@ :_w$`i 8vw8uLk iZpj bI@kd IDAT> !H?RZ Rz`8< e RmZ !heNN ZZ@"U P>HZD xq5E H!wqlM qkR` Z9wq-'C ghdf9egC O' :F` Q16Oh. i$sb$ iJpj0 Ir``: @OIFR "U04wI0 >/w`E jp8YJ jvvm:Z1 !lwc4i https://funny.battleb0t.xyz/images/favicon.png
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-ABFB (Net ID: 2C:99:24:4F:AB:F9)37.751, -97.822
2023-05-12 02:54:20Web ContentNoWeb Spider0040Nonebody{ padding-top:70px; } .jumbotron{ color: #2c3e50; background-color: #ecf0f1; } .navbar-inverse{ color: #2c3e50; } .navbar-inverse .navbar-nav>li>a { color: white; } .navbar-inverse .navbar-brand{ color: white; }https://funny.battleb0t.xyz/gallery.css
2023-05-12 02:44:27Software UsedYesTool - Wappalyzer0020NonePatreonnwapi.battleb0t.xyz
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:32:29Open TCP PortNoPulsedive0030None188.114.97.15:8443188.114.97.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0030Nonehttps://funny.battleb0t.xyz/images/jonas.PNGhttps://funny.battleb0t.xyz/
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.99): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:55:27Raw Data from RIRsNoURLScan.io0010None[{u'sort': [1674665560412, u'ef04bede-91fb-48d6-84cd-c81b2eb86237'], u'task': {u'domain': u'ayhu.xyz', u'uuid': u'ef04bede-91fb-48d6-84cd-c81b2eb86237', u'url': u'http://ayhu.xyz/', u'visibility': u'public', u'time': u'2023-01-25T16:52:40.412Z', u'apexDomain': u'ayhu.xyz', u'method': u'manual'}, u'stats': {u'uniqIPs': 2, u'uniqCountries': 1, u'encodedDataLength': 206318, u'requests': 16, u'dataLength': 349476}, u'screenshot': u'https://urlscan.io/screenshots/ef04bede-91fb-48d6-84cd-c81b2eb86237.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ef04bede-91fb-48d6-84cd-c81b2eb86237/', u'_id': u'ef04bede-91fb-48d6-84cd-c81b2eb86237', u'page': {u'mimeType': u'text/html', u'status': u'503', u'domain': u'ayhu.xyz', u'title': u'Just a moment...', u'url': u'https://ayhu.xyz/', u'ip': u'2a06:98c1:3121::c', u'tlsValidFrom': u'2022-12-14T04:12:07.000Z', u'asnname': u'CLOUDFLARENET, US', u'server': u'cloudflare', u'tlsIssuer': u'GTS CA 1P5', u'tlsValidDays': 89, u'country': u'US', u'redirected': u'https-only', u'apexDomain': u'ayhu.xyz', u'tlsAgeDays': 42, u'asn': u'AS13335'}}]ayhu.xyz
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.104): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneBGINET (Net ID: 00:00:C5:D7:41:64)34.0544, -118.244
2023-05-12 02:58:49Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DZG5ld2VsbEBleHRyZW1lbmV0d29ya3MuY29t', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "ocsp.pki.goog"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_d40_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d40_IE_EarlyTabStart_0xc28_Mutex"\n "IsoScope_d40_IESQMMUTEX_0_519"\n "IsoScope_d40_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d40_ConnHashTable<3392>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3392"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3392"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.192.64.185:443"\n "13.249.139.214:80"\n "65.8.55.18:80"\n "65.8.55.48:80"\n "65.8.55.159:80"\n "34.74.170.74:443"\n "54.230.18.32:443"\n "142.251.211.227:443"\n "172.217.14.202:443"\n "142.251.211.227:80"\n "142.251.215.227:443"\n "3.5.224.150:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "EL1FQVV9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EL1FQVV9.txt]- [targetUID: 00000000-00003392]\n Dropped file: "NPR05TX9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NPR05TX9.txt]- [targetUID: 00000000-00003392]\n Dropped file: "LU3J5Z5Y.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LU3J5Z5Y.txt]- [targetUID: 00000000-00003452]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "www.recaptcha_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E]- [targetUID: 00000000-00003452]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003392]\n "A9P3THGH.htm" has type "HTML document UTF-8 Unicode text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\A9P3THGH.htm]- [targetUID: 00000000-00003452]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003452]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003452]\n "EL1FQVV9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EL1FQVV9.txt]- [targetUID: 00000000-00003392]\n "favicon_6_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8]- [targetUID: 00000000-00003452]\n "bframe_3_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003392]\n "_B14BACFC-3E6D-11ED-9448-08002726DE25_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "NPR05TX9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NPR05TX9.txt]- [targetUID: 00000000-00003392]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003452]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003452]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DZG5ld2VsbEBleHRyZW1lbmV0d29ya3MuY29t"\n Pattern match: "https://jsv3.recruitics.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Heuristic match: "ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAcWfhO7yUD4HiZydfoHjso%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEASVeeR7RvTclo39SniAB8E%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"'}], u'threat_level': 0, u'size': None, u'job_id': u'63331f1830e7574737082cf9', u'target_url': None, u'i34.74.170.74
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonepancakes (Net ID: 00:00:48:67:6D:D1)37.7813933,-122.3918002
2023-05-12 03:11:18Physical LocationNoAbstractAPI0020NoneAmsterdam, North Holland, 1012, Netherlands, Europe188.114.97.1
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00nave198.github.io185.199.111.153
2023-05-12 02:46:40Malicious IP AddressYesFraudguard0120Noneabuse_tracker (risk level: 4) [185.199.109.153]185.199.109.153
2023-05-12 02:45:52Physical LocationNoAbstractAPI0040NoneMontreal, Quebec, H4X, United States, North America2606:4700:3030::ac43:a8fc
2023-05-12 03:03:16Co-Hosted Site - Domain NameNoDNS Resolver1020Nonenom-nom.linkfunny-face-pictures.nom-nom.link
2023-05-12 02:54:16HTTP Status CodeNoWeb Spider0040None200https://oldfluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: close Content-Type: text/html; charset="utf-8" Date: <REDACTED> Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: cpsession=%3aQkwdhfWxmK8h0n7J%2c873f8738210af1095901a669c6d9b2d7; HttpOnly; path=/; port=2083; secure Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2083; secure Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083 Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083 Cache-Control: no-cache, no-store, must-revalidate, private X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Encoding: gzip Content-Length: 12472 87.248.157.102
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.209): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneinaturalist (Category: hobby) https://inaturalist.nz/people/loginlogin
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan22 (Net ID: 00:02:6F:04:8F:03)37.7642, -122.3993
2023-05-12 02:54:57Open TCP PortNoCensys0020None2a06:98c1:3120::1:802a06:98c1:3120::1
2023-05-12 02:54:23HTTP Status CodeNoWeb Spider0040None200https://www.ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 02:46:27Netblock MembershipNoRIPE2020None172.67.128.0/20172.67.135.9
2023-05-12 02:59:47Affiliate - Domain WhoisNoWhois4030None Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2015-10-20T06:46:53Z Creation Date: 2009-02-17T22:08:05Z Registry Expiry Date: 2024-02-17T22:08:05Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARE.NET Name Server: NS2.CLOUDFLARE.NET Name Server: NS3.CLOUDFLARE.NET Name Server: NS4.CLOUDFLARE.NET Name Server: NS5.CLOUDFLARE.NET DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.NET Registry Domain ID: 1542998918_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2022-03-16T19:39:08Z Creation Date: 2009-02-17T22:08:05Z Registrar Registration Expiration Date: 2024-02-17T22:08:05Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net Name Server: ns1.cloudflare.net Name Server: ns2.cloudflare.net Name Server: ns3.cloudflare.net Name Server: ns4.cloudflare.net Name Server: ns5.cloudflare.net DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/ cloudflare.net
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneyoupic (Category: hobby) https://youpic.com/photographer/loginlogin
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneAP Checkpoint (Net ID: 00:02:6F:B8:A2:4E)33.6170672,-111.90564645297056
2023-05-12 02:52:50Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://151.101.131.7/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_aec_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_aec_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_aec_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_aec_IE_EarlyTabStart_0xad4_Mutex"\n "IsoScope_aec_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_aec_ConnHashTable<2796>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"151.101.131.7:80"\n "151.101.131.7:443"\n "185.199.108.153:443"\n "74.125.137.155:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"error.ghost.org"\n "query.prod.cms.msn.com"\n "stats.g.doubleclick.net"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar104F.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002984]\n "Cab103E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab103E.tmp]- [targetUID: 00000000-00002984]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bab78c7267bf66d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b14c450f-ea7a-11ed-a6d6-080027a0ff2e}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df67b5fc1a52ec911f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{b14c4511-ea7a-11ed-a6d6-080027a0ff2e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b14c450f-ea7a-11ed-a6d6-080027a0ff2e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bab78c7267bf66d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar104F.tmp" has type "data"- Location: [%TEMP%\\Tar104F.tmp]- [targetUID: 00000000-00002984]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002984]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002796]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF67B5FC1A52EC911F.TMP" has type "data"- Location: [%TEMP%\\~DF67B5FC1A52EC911F.TMP]- [targetUID: 00000000-00002796]\n "~DF7BAB78C7267BF66D.TMP" has type "data"- Location: [%TEMP%\\~DF7BAB78C7267BF66D.TMP]- [targetUID: 00000000-00002796]\n "~DFAB5868FE1269E5AC.TMP" has type "data"- Location: [%TEMP%\\~DFAB5868FE1269E5AC.TMP]- [targetUID: 00000000-00002796]\n "~DF52B6E7186019CBA6.TMP" has type "data"- Location: [%TEMP%\\~DF52B6E7186019CBA6.TMP]- [targetUID: 00000000-00002796]\n "RecoveryStore._B14C450F-EA7A-11ED-A6D6-080027A0FF2E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_BB8EC16D-EA7A-11ED-A6D6-080027A0FF2E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B14C4511-EA7A-11ED-A6D6-080027A0FF2E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "F523L3BQ.htm" has type "HTML document ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\F523L3BQ.htm]- [targetUID: 00000000-00002984]\n "KEZ36X8R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KEZ36X8R.txt]- [targetUID: 00000000-00002984]\n "PKAFXDSQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PKAFXDSQ.txt]- [targetUID: 00000000-00002796]\n "5C2KCJBX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5C2KCJBX.txt]- [targetUID: 00000000-00002796]\n "T725AW7D.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T725AW7D.txt]- [targetUID: 00000000-00002796]\n "3AGH9JID.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3AGH9JID.txt]- [targetUID: 00000000-00002796]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002984]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "LV4J6B9G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LV4J6B9G.txt]- [targetUID: 00000000-00002984]\n "AU2X92RK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AU2X92RK.txt]- [targetUID: 00000000-00002984]\n "VP202FYC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VP202FYC.txt]- [targetUID: 00000000-00002984]\n "40SBU01Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\40SBU01Z.txt]- [targetUID: 00000000-00002796]\n "IN3760KI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IN3760KI.txt]- [targetUID: 00000000-00002984]\n "A9NA21T2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A9NA21T2.txt]- [targetUID: 00000000-00002796]\n "44WSC7FC.txt" has type "ASCII text"- 185.199.108.153
2023-05-12 03:41:52Software UsedYesCensys0030NoneMicrosoft HTTP API 2.045.131.109.53
2023-05-12 03:00:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.40): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:32:34Open TCP PortNoPulsedive0030None188.114.97.17:8443188.114.97.0/24
2023-05-12 02:57:54Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ma-heredia.web.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_980_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_980_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2432"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_980_IE_EarlyTabStart_0xd94_Mutex"\n "IsoScope_980_IESQMMUTEX_0_303"\n "IsoScope_980_IESQMMUTEX_0_331"\n "IsoScope_980_ConnHashTable<2432>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2432"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.pki.goog"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "36B424nhiL4_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"199.36.158.100:443"\n "172.217.14.227:80"\n "172.64.203.28:443"\n "142.251.33.72:443"\n "157.240.18.19:443"\n "23.52.163.40:443"\n "34.148.97.127:443"\n "173.222.168.122:443"\n "142.250.217.110:443"\n "142.250.217.102:443"\n "52.73.153.209:443"\n "142.251.33.98:443"\n "172.217.14.226:443"\n "74.125.20.155:443"\n "142.250.217.66:443"\n "142.251.215.238:443"\n "142.251.215.234:443"\n "157.240.18.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ka-f.fontawesome.com"\n "ma-heredia.web.app"\n "ocsp.pki.goog"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "O35SA6UY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O35SA6UY.txt]- [targetUID: 00000000-00001416]\n Dropped file: "ET17GW0P.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ET17GW0P.txt]- [targetUID: 00000000-00001416]\n Dropped file: "ZKK6WWM0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZKK6WWM0.txt]- [targetUID: 00000000-00002432]\n Dropped file: "9S977TF0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9S977TF0.txt]- [targetUID: 00000000-00001416]\n Dropped file: "F0N74D5J.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\F0N74D5J.txt]- [targetUID: 00000000-00002432]\n Dropped file: "ILL9FIQV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ILL9FIQV.txt]- [targetUID: 00000000-00001416]\n Dropped file: "9MKQ3K5U.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9MKQ3K5U.txt]- [targetUID: 00000000-00001416]\n Dropped file: "4TVM65YZ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4TVM65YZ.txt]- [targetUID: 00000000-00001416]\n Dropped file: "JB37RQ1V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JB37RQ1V.txt]- [targetUID: 00000000-00001416]\n Dropped file: "FO6KY11B.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FO6KY11B.txt]- [targetUID: 00000000-00001416]\n Dropped file: "YZHX2M25.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YZHX2M25.txt]- [targetUID: 00000000-00001416]\n Dropped file: "E8QWGX6E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E8QWGX6E.txt]- [targetUID: 00000000-00001416]\n Dropped file: "FJUFMXD0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FJUFMXD0.txt]- [targetUID: 00000000-00001416]\n Dropped file: "PVCNQKMK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PVCNQKMK.txt]- [targetUID: 00000000-00002432]\n Dropped file: "HRKVOWYY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HRKVOWYY.txt]- [targetUID: 00000000-00002432]\n Dropped file: "81PX8597.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\81PX8597.txt]- [targetUID: 00000000-00001416]\n Dropped file: "9YB2V1XB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9YB2V1XB.txt]- [targetUID: 00000000-00001416]\n Dropped file: "HE9U6W4K.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HE9U6W4K.txt]- [targetUID: 00000000-00001416]\n Dropped file: "CJ0LHDPD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CJ0LHDPD.txt]- [targetUID: 00000000-00001416]\n Dropped file: "500MI2ZK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\500MI2ZK.txt]- [targetUID: 00000000-00001416]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"responsive-search_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "36B424nhiL4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "lOol7j-zq4u_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "confirming-2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "webcam.js_1_.htm" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00001416]\n "analytics.js_1_.htm" has type "ASCII text with very long lines"- [targetUID: N/A]\n "E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8]- [targetUID: 00000000-00001416]\n "ma-heredia.web_1_.xml" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "O35SA6UY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O35SA6UY.txt]- [targetUID: 00000000-00001416]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002432]\n "f_3_.txt" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "ico-banca-online-cerrar_1_.png" has type "PNG image data 74 x 72 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00001416]\n "F07644E38ED7C9F37D11EEC6D4335E02_7F226C0974B745C5C054D4151A363D5C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\F07644E38ED7C9F37D11EEC6D4335E02_7F226C0974B745C5C054D4151A363D5C]- [targetUID: 00000000-00001416]\n "sh.f48a1a04fe8dbf021b4cda1d_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "inversion_1_.png" has type "PNG image data 200 x 195 8-bit colormap non-interlaced"- [targetUID: N/A]\n "5vZjyJccuEw_1_.woff" has type "Web Open Font Format TrueType length 20464 version 1.1"- [targetUID: N/A]\n "B039FEA45CB4CC4BBACFC013C7C55604_6DFE27C9802832CAC46BC915125192F6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B039FEA45CB4CC4BBACFC013C7C55604_6DFE27C9802832CAC46BC915125192F6]- [targetUID: 00000000-00001416]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ma-heredia.web.app\nDNT: 1\nConnection: Keep-Alive"\n "\n]s.|06IQc{+lx]C4={^\'bYdjrd#++3+&_34.148.97.127
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11835.229.48.116
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.194): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NoneWeb analyticsbaffin.netcraft.com
2023-05-12 02:55:11Open TCP Port BannerNoCensys0120NoneSSH-2.0-OpenSSH_7.487.248.157.102
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonehappy (Net ID: 00:02:2D:07:AC:B9)34.0544, -118.244
2023-05-12 02:45:14Physical LocationNoipapi.co0020NoneToronto, Ontario, ON, Canada, CA2606:4700:3031::6815:6a6
2023-05-12 03:09:35Affiliate - Internet NameNoDNS Resolver0040None217.30.196.104.bc.googleusercontent.com104.196.30.217
2023-05-12 02:54:48Raw Data from RIRsNoCensys0030None{"last_updated_at": "2023-05-11T22:48:59.738Z", "ip": "34.148.97.127", "location_updated_at": "2023-05-07T06:36:14.845364Z", "autonomous_system_updated_at": "2023-05-07T06:36:14.845439Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.853, "longitude": -79.9913}, "postal_code": "29405", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"www.alasdairlomas.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:24:13.006812700Z"}, "cadecouaf-by-alexia.com": {"record_type": "A", "resolved_at": "2022-10-18T08:16:11.717288293Z"}, "www.votereedolson.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:32:15.539594946Z"}, "gkua.tymber.io": {"record_type": "CNAME", "resolved_at": "2022-10-18T07:29:31.774316912Z"}, "sourcebank.info": {"record_type": "A", "resolved_at": "2023-03-20T18:52:38.329043635Z"}, "boke.qianfeiqianlan.in": {"record_type": "CNAME", "resolved_at": "2022-11-09T14:39:44.795402426Z"}, "holberton.magma.app": {"record_type": "CNAME", "resolved_at": "2023-03-16T00:14:20.600958114Z"}, "games.gloriang.com": {"record_type": "CNAME", "resolved_at": "2023-02-26T13:49:32.691318402Z"}, "joedeering.co.uk": {"record_type": "A", "resolved_at": "2023-04-16T21:01:52.054525391Z"}, "docs-edp.webmakers.id": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:37:30.291760315Z"}, "4terrapino.edukids.cz": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:31:34.519568946Z"}, "mxjosuelr.ml": {"record_type": "A", "resolved_at": "2022-10-18T06:18:35.457979844Z"}, "decorland-zipblind.showcase.sg": {"record_type": "CNAME", "resolved_at": "2023-04-10T22:18:21.659937733Z"}, "ciaranireland.com": {"record_type": "A", "resolved_at": "2022-10-18T05:36:11.052786498Z"}, "www.melbourne-directory.com.au": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:46:08.023015032Z"}, "www.future-fortune.com": {"record_type": "CNAME", "resolved_at": "2023-04-05T14:43:08.144471484Z"}, "malcolmk.com": {"record_type": "A", "resolved_at": "2023-03-19T23:50:51.069456568Z"}, "www.carbonex.xyz": {"record_type": "A", "resolved_at": "2022-12-28T17:39:27.796691436Z"}, "www.pensioenbijaf-advisors.nl": {"record_type": "CNAME", "resolved_at": "2022-10-04T16:31:57.533657737Z"}, "www.camagribiotech.com": {"record_type": "A", "resolved_at": "2022-10-18T07:02:19.835141151Z"}, "esmd.magma.app": {"record_type": "CNAME", "resolved_at": "2023-02-10T12:05:31.212302462Z"}, "tourmaline-rolypoly-e49c84.netlify.app": {"record_type": "A", "resolved_at": "2022-10-18T08:47:58.585376736Z"}, "www.alext.no": {"record_type": "CNAME", "resolved_at": "2023-04-27T22:31:17.896531878Z"}, "shindongri.dev": {"record_type": "A", "resolved_at": "2022-10-18T07:03:53.251929692Z"}, "aryballe-aa-dev.netlify.app": {"record_type": "A", "resolved_at": "2023-01-18T12:06:01.361833988Z"}, "zmotors.tk": {"record_type": "A", "resolved_at": "2023-05-08T22:29:57.971988071Z"}, "r-tutorial.org": {"record_type": "A", "resolved_at": "2023-02-08T19:44:02.065520029Z"}, "about.streetmix.net": {"record_type": "CNAME", "resolved_at": "2023-05-07T20:36:58.561385403Z"}, "vedantdaigavane.tech": {"record_type": "A", "resolved_at": "2022-10-18T06:08:56.061628812Z"}, "sydney-canoe-polo.xyz": {"record_type": "A", "resolved_at": "2023-02-11T17:35:57.353705307Z"}, "authorized-dealer.netlify.app": {"record_type": "A", "resolved_at": "2023-04-06T22:20:41.352872306Z"}, "peppy-belekoy-30788d.netlify.app": {"record_type": "A", "resolved_at": "2023-02-28T12:07:49.994265438Z"}, "bapplause.merchforall.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:15:32.812426117Z"}, "www.treyrobinson.net": {"record_type": "CNAME", "resolved_at": "2023-05-05T19:28:22.476045990Z"}, "mikedunphy.net": {"record_type": "A", "resolved_at": "2023-04-26T20:29:34.940010109Z"}, "thekarens.io": {"record_type": "A", "resolved_at": "2023-02-11T15:16:37.809010048Z"}, "binisha.com.np": {"record_type": "A", "resolved_at": "2022-10-18T07:46:07.938680815Z"}, "lookbook.aura.com.ng": {"record_type": "CNAME", "resolved_at": "2023-05-01T19:53:51.537333100Z"}, "norazwierenberg.com": {"record_type": "A", "resolved_at": "2023-02-11T13:54:10.085606219Z"}, "bear-squad-nft.com": {"record_type": "A", "resolved_at": "2023-02-26T13:24:26.630933717Z"}, "curatorialdesign.org": {"record_type": "A", "resolved_at": "2022-11-17T09:43:57.099734542Z"}, "www.carte-deco.com": {"record_type": "CNAME", "resolved_at": "2022-11-30T13:13:36.897637935Z"}, "admin.mindzcloud.com": {"record_type": "CNAME", "resolved_at": "2023-01-19T13:24:05.495630862Z"}, "bocehu.com": {"record_type": "A", "resolved_at": "2022-10-18T05:26:09.940373164Z"}, "www.iranremembers.org": {"record_type": "A", "resolved_at": "2023-04-07T20:42:41.131893269Z"}, "www.xxxxxxxxooooooo.ml": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:14:24.690359052Z"}, "madebymod.co": {"record_type": "A", "resolved_at": "2022-10-16T12:43:43.753070987Z"}, "consulto.tn": {"record_type": "A", "resolved_at": "2022-10-18T07:56:40.063676027Z"}, "www.lucascompanies.us": {"record_type": "A", "resolved_at": "2022-10-24T16:54:28.034670808Z"}, "ecommerce.studioup.it": {"record_type": "CNAME", "resolved_at": "2022-10-18T07:32:41.808098574Z"}, "bestsupplies.trackingrabbit.app": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:56:39.797682146Z"}, "www.engageideas.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T14:25:29.037702866Z"}, "darude.synerghetic.net": {"record_type": "CNAME", "resolved_at": "2023-01-29T17:14:15.452099098Z"}, "labeautebox.uk": {"record_type": "A", "resolved_at": "2022-10-18T09:07:22.773778795Z"}, "hsp.sh": {"record_type": "A", "resolved_at": "2023-03-30T21:51:07.677482151Z"}, "www.gbergmans.nl": {"record_type": "A", "resolved_at": "2023-04-19T22:49:51.542832155Z"}, "biblio.goffinet.org": {"record_type": "CNAME", "resolved_at": "2023-03-11T19:05:41.079817318Z"}, "siriannedahlum.com": {"record_type": "A", "resolved_at": "2022-11-15T13:53:34.797019604Z"}, "2021.andreapasottiweb.com": {"record_type": "A", "resolved_at": "2022-10-09T12:58:41.966241432Z"}, "dtirado.net": {"record_type": "A", "resolved_at": "2023-04-13T18:24:19.206484803Z"}, "holaplex.darkblock.io": {"record_type": "CNAME", "resolved_at": "2022-12-13T15:16:22.198182100Z"}, "www.melhoriadeprojeto.com.br": {"record_type": "CNAME", "resolved_at": "2022-11-14T12:20:44.734549845Z"}, "alexhandy.co.uk": {"record_type": "A", "resolved_at": "2022-10-18T08:09:30.217370184Z"}, "sergiopalacios.net": {"record_type": "A", "resolved_at": "2023-01-21T16:56:48.355491907Z"}, "skyciptakreasi.net": {"record_type": "A", "resolved_at": "2023-04-02T19:46:26.932956062Z"}, "www.kanyo.dev": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:18:33.545694843Z"}, "diptychs.work.damonzucconi.com": {"record_type": "CNAME", "resolved_at": "2023-05-01T14:11:22.807246986Z"}, "loscompadres.io": {"record_type": "A", "resolved_at": "2023-03-21T01:33:19.518922875Z"}, "maximiza.com.ve": {"record_type": "A", "resolved_at": "2023-05-01T21:03:38.557876701Z"}, "blog.eniehack.net": {"record_type": "CNAME", "resolved_at": "2022-12-16T15:42:56.662100802Z"}, "pushbytes.ng": {"record_type": "A", "resolved_at": "2023-04-22T05:44:27.108348542Z"}, "usapm.calpolycorporation.org": {"record_type": "CNAME", "resolved_at": "2023-01-11T17:06:46.816354715Z"}, "paigeforequality.com": {"record_type": "A", "resolved_at": "2022-11-02T14:03:20.419464944Z"}, "yazdanimedia.com": {"record_type": "A", "resolved_at": "2022-11-06T14:23:06.828686603Z"}, "liftarchiv.de": {"record_type": "A", "resolved_at": "2022-12-28T14:35:29.662687751Z"}, "www.roandco.com": {"record_type": "CNAME", "resolved_at": "2022-10-27T05:15:34.429086137Z"}, "pixiejarmint.com": {"record_type": "A", "resolved_at": "2023-01-28T13:51:50.151234045Z"}, "project-shovel.a2ksols.com": {"record_type": "CNAME", "resolved_at": "2022-11-27T12:31:55.444448412Z"}, "gifs.njtierney.com": {"record_type": "CNAME", "resolved_at": "2023-02-02T13:54:59.563858179Z"}, "blacksapps.co.uk": {"record_type": "A", "resolved_at": "2022-12-30T16:59:38.077685979Z"}, "www.xzone.com.ng": {"record_type": "A", "resolved_at": "2022-10-05T17:05:45.726154444Z"}, "www.shootingzone.pl": {"record_type": "A", "resolved_at": "2023-04-11T21:54:42.064712084Z"}, "shedio.net": {"record_type": "A", "resolved_at": "2022-10-16T19:21:41.523215446Z"}, "made.by.finn.mrcode.io": {"record_type": "CNAME", "resolved_at": "2023-01-27T15:12:08.705210499Z"}, "www.massagem.pro": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:05:09.563568925Z"}, "trip.sphynxsociety.xyz": {"record_type": "CNAME", "resolved_at": "2023-05-01T21:10:50.309574617Z"}, "backup.iven233.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:37:16.079097214Z"}, "apprendre-documentaire.fr": {"record_type": "A", "resolved_at": "2022-11-02T15:07:17.663319916Z"}, "secretacademy.net": {"record_type": "A", "resolved_at": "2022-12-15T16:28:00.127645461Z"}, "websitesfortherestofus.com": {"record_type": "A", "resolved_at": "2023-03-02T15:22:49.400193761Z"}, "www.shaialoni.com": {"record_type": "A", "resolved_at": "2023-04-22T00:21:08.550841995Z"}, "bemorehabits.com": {"record_type": "A", "resolved_at": "2023-03-19T23:04:45.682295209Z"}, "www.thelandlockedsurfers.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T09:35:01.873283724Z"}, "zenbiz-bootstrap.htmlfactory.net": {"record_type": "CNAME", "resolved_at": "2023-04-15T19:03:30.846095347Z"}, "pratistharanabhat.com.np": {"record_type": "A", "resolved_at": "2022-11-28T16:49:33.673247128Z"}, "myrevma.medevio.cz": {"record_type": "CNAME", "resolved_at": "2022-12-21T14:20:47.186191316Z"}, "dogsilly.com": {"record_type": "A", "resolved_at": "2022-10-18T06:59:21.310898610Z"}, "feedback.nuhoc.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:08:22.974703827Z"}, "stauchen-stories.com": {"record_type": "A", "resolved_at": "2023-04-01T17:03:52.440044284Z"}, "docs.geobanken.no": {"record_type": "CNAME", "resolved_at": "2022-10-10T05:19:11.913724301Z"}}, "names": ["www.thelandlockedsurfers.com", "pixiejarmint.com", "www.melbourne-directory.com.au", "gkua.tymber.io", "bapplause.merchforall.com", "decorland-zipblind.showcase.sg34.148.97.127
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}104.21.71.14
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Noneinternal (Net ID: 00:0C:41:12:D6:E5)33.617190550339146,-111.90827887019054
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:EE:D7:F2)41.8781, -87.6298
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneREL (Net ID: 00:02:2D:02:35:63)37.780462,-122.390564
2023-05-12 03:09:45Affiliate - Internet NameNoDNS Resolver0040None131.97.148.34.bc.googleusercontent.com34.148.97.131
2023-05-12 03:41:55Affiliate - Internet NameNoDNS Resolver1040Nonemail.inflany.com45.131.109.47
2023-05-12 03:03:15Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:22 2022 GMT Not After : Feb 15 17:26:21 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a: f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8: c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b: dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6: 12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19: e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4: d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49: 42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48: 5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51: 8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60: e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8: ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a: 91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8: c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9: 81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f: e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2: 8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d: 0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7: 36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8: 19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3: 12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a: ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f: 97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f: dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1: 9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd: f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88: be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36: 8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad: df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80: 9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf: c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2: 59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0: 88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc: d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0: b4:f9:c1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 12:c3:23:0c:67:c6:85:51:aa:d3:80:18:b2:65:bd:31:94:8a: e8:5c:6a:01:d8:5d:c1:9e:5e:a1:8a:00:bf:31:a6:2d:2b:2a: d3:2e:c1:cb:48:32:97:61:63:f9:88:e4:9c:86:57:55:70:0b: 32:91:1a:0d:37:95:fb:a7:7b:4a:02:c1:4f:b7:cf:20:cf:d1: 69:54:62:41:0e:be:38:0e:7b:77:6c:7e:42:cd:d3:80:5f:ab: 19:e5:8c:24:db:b5:99:d7:5b:1e:e0:f9:51:35:ee:2e:e0:f2: 3b:0e:28:4f:52:fb:a4:cb:e5:d4:44:71:e2:b7:97:1e:35:f2: db:f3:26:a9:1f:bb:8d:8d:14:2e:84:1c:98:58:cd:d8:11:56: db:34:47:2c:b7:4d:26:01:fe:51:2b:7a:54:d2:4b:ab:c8:ee: ec:9f:45:39:6f:fe:90:a4:3d:93:8b:30:b0:a3:b3:2d:bc:f4: ee:4f:24:be:81:68:9c:c9:32:9e:f9:8d:83:ca:11:33:39:6f: 6f:95:05:65:ef:78:3c:14:e2:53:b2:de:b5:09:28:66:eb:7a: 0b:3e:3f:89:c9:6f:58:91:18:c2:4c:16:9c:f4:c2:32:78:48: 59:ef:54:a6:fe:8f:f7:3b:d0:54:03:d1:5b:32:86:ec:46:0e: b4:71:65:41
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:33:52Raw File Meta DataNoBinary String Extractor0040NoneIDATx VC6.NV cN u:v O3dufp YEexY?w a:Y7" O5dgc vR K nkRZD 227sO5d ffFsk 4kFQZW /\\J J 4 N AaoCX 9$BfJ cod:5j M:IBU VBjeb d<nDA `CK2nF Zl`Q` D':XB6 _dmVA zLrzr `G\.A 1!lF:N ?vRerLz 'ac:YB IDATt ac:gf >B6qj8 "IURI jBWK5 /U--3ul. -$ul/Hu2 p?6' tcW>N`G vyL K /T_t?V IDAT4 Mvaea d WmN l@OS9Z 8?$m9U .9`-i o-.Hw bazHbqf 0glrO pyaI?o .Namj e@!Pu WZy4d 4vU.N< O9A1m V`V5KE J:'`W LEKC rf3GKrO W'xwu vlj8>E XV0s_X >'GA: "V_VZI >l@ K ffff.3 ` Y3u 1spu. 1fiWVr X"d \/hu !k@k\ D7qvq tS'CV jLp2.3 E-Wh@k fSwtn Wq!AK \Bwaf Xia>J IDAT9fma 'F11: /Oamr uTl6`M \ X' gGaq9 5muiN\ bkMrSz YMzjm . TB4 .fmbVvJ l2LSu kOrv/! RxB J IDAT/I !KEkC uvl5qY -U9!B dFvdb spyoi USxLf1https://funny.battleb0t.xyz/images/nwp.PNG
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/nomnom.jpghttps://funny.battleb0t.xyz/
2023-05-12 02:44:16Internet NameNoDNS Resolver2020Noneoldfluid.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.206): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.63): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneadmire_me (Category: XXXPORNXXX) https://admireme.vip/login/login
2023-05-12 02:46:19Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://cytoscape.org/download.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7904:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7904:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:7980:304:WilStaging_02"\n "SM0:7980:120:WilError_01"\n "Local\\SM0:7980:120:WilError_01"\n "SM0:7904:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7904:304:WilStaging_02"\n "SM0:7904:304:WilStaging_02"\n "Local\\SM0:7904:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7904:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7904:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:49724"\n "184.30.148.171:49727"\n "69.16.175.42:49728"\n "104.18.11.207:49729"\n "142.251.214.130:49731"\n "192.229.210.155:49732"\n "18.155.181.7:49735"\n "172.217.164.104:49736"\n "142.250.189.238:49738"\n "108.138.246.126:49741"\n "142.251.32.34:49742"\n "18.155.202.90:49744"\n "142.250.191.78:49747"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cytoscape.org"\n "netdna.bootstrapcdn.com"\n "www.paypalobjects.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"www.paypalobjects.com" (Indicator: "paypal")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00007904]\n "Tabs_13324449104417521" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007904]\n "31ec86e4-313c-4ec0-bdbb-d83d42302c58.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "f_000243" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00006444]\n "f_00023d" has type "Web Open Font Format TrueType length 23320 version 1.0"- [targetUID: N/A]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7904_1910241172\\manifest.json]- [targetUID: 00000000-00007904]\n "60f652af-af71-4e18-8f97-f706eb4108c1.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\60f652af-af71-4e18-8f97-f706eb4108c1.tmp]- [targetUID: 00000000-00006444]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.fingerprint]- [targetUID: 00000000-00007904]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\\7904_1910241172\\manifest.json]- [targetUID: 00000000-00007904]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007904]\n "445bab36-3288-43e7-bd99-0a1f57dab7f9.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\445bab36-3288-43e7-bd99-0a1f57dab7f9.tmp]- [targetUID: 00000000-00007904]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007904]\n "5b5217f9-d4db-409c-ba93-ec543a9e387e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5b5217f9-d4db-409c-ba93-ec543a9e387e.tmp]- [targetUID: 00000000-00007904]\n "62937efd7e73cf26_0" has type "data"- [targetUID: N/A]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007904]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\edge_driver.js]- [targetUID: 00000000-00007904]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7904_2089643085\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007904]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://cytoscape.org/download.html"\n Pattern match: "Math.PI/180"\n Heuristic match: "cytoscape.org"\n Pattern match: "https://cytoscape.org"\n Heuristic match: "netdna.bootstrapcdn.com"\n Pattern match: "www.paypalobjects.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "cytoscape.org/download.html"\n Heuristic match: "ytoscape.org"\n Heuristic match: "boxguest.sy"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\edge_driver.js]- [targetUID: 00000000-00007904]\n "edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007904]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\shoppingfre.js]- [targetUID: 00000000-00007904]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7904_1134394539\\adblock_snippet.js]- [targetUID: 00000000-00007904]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\shopping_iframe_driver.js]- [targetUID: 00000000-00007904]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007904]\n "auto_open_controller.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\auto_open_controller.js]- [targetUID: 00000000-00007904]\n "shopping.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\shopping.js]- [targetUID: 00000000-00007904]\n "product_page.js" has type "Unknown"- Location: [%TEMP%\185.199.111.153
2023-05-12 02:47:21Open TCP PortNoPulsedive0020None185.199.111.153:443185.199.111.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonefse2 (Net ID: 00:01:38:A0:A1:09)37.7813933,-122.3918002
2023-05-12 03:09:18Vulnerability - GeneralYesTool - Retire.js0040NoneCVE-2016-10735 Score: Unknown Description: Unknownhttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonedo not seek the treasure (Net ID: 00:01:24:F1:72:12)34.0544, -118.244
2023-05-12 02:46:03Physical LocationNoAbstractAPI0030NoneNorth Charleston, South Carolina, 29415, United States, North America34.148.97.127
2023-05-12 02:46:50Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app34.74.170.74
2023-05-12 03:32:33Open TCP PortNoPulsedive0030None188.114.97.17:80188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonedrapnet (Net ID: 00:09:5B:52:69:9E)39.0469, -77.4903
2023-05-12 02:44:19Internet NameNoDNS Resolver0020Nonebattleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/jcqn.jpghttps://pics.battleb0t.xyz/
2023-05-12 02:46:02Raw Data from RIRsNoAbstractAPI0030None{u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Google LLC', u'organization_name': u'Google LLC', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:01'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'35.229.48.116', u'continent': u'North America', u'region_iso_code': u'SC'}35.229.48.116
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.106): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonepublic (Category: finance) https://public.com/@loginlogin
2023-05-12 03:32:21Open TCP PortNoPulsedive0030None188.114.97.11:443188.114.97.0/24
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2095188.114.97.1
2023-05-12 02:44:05Raw Data from RIRsNoTool - WAFW00F0010None[{"url": "https://ayhu.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://ayhu.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]ayhu.xyz
2023-05-12 03:31:30Affiliate - Email AddressNoE-Mail Address Extractor0070None589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net Domain Name: TELLERIA.COM Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T18:34:23Z Registry Expiry Date: 2023-08-11T18:34:23Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-222-C.GANDI.NET Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: telleria.com Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T16:34:23Z Registrar Registration Expiration Date: 2023-08-11T18:34:23Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: CodeSyntax Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Marcajes Telleria S.L. Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: ES Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET Name Server: NS-222-C.GANDI.NET Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: http://www.codesyntax.com/ Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None0d70cf (Net ID: 00:02:2D:0D:70:CF)37.7642, -122.3993
2023-05-12 03:00:51Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.73): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneSMG (Net ID: 00:0C:41:BD:EA:B0)39.0469, -77.4903
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:28:68:59:E3)32.8608, -79.9746
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonelinksys (Net ID: 00:18:39:2C:B7:B2)40.2024, 29.0398
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:54:20HTTP HeadersNoWeb Spider2040None{"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-nf-request-id": "01H06Y2YH7X6V06YSWWEW2NH9C", "content-type": "text/css; charset=UTF-8", "age": "0"}https://funny.battleb0t.xyz/gallery.css
2023-05-12 02:45:44Physical LocationNoMetaDefender0020NoneSan Francisco, United States185.199.109.153
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.150): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:25Internet NameNoDNS Resolver0020Nonefunny.battleb0t.xyzCN=funny.battleb0t.xyz
2023-05-12 02:56:53Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 14, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bancociudad.com.ar/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"8.243.10.90:443"\n "104.18.32.68:80"\n "104.17.25.14:443"\n "142.250.188.234:443"\n "142.250.72.227:443"\n "142.250.72.168:443"\n "142.250.72.131:443"\n "23.111.9.57:443"\n "172.64.133.15:443"\n "142.250.68.14:443"\n "142.250.189.6:443"\n "142.250.72.226:443"\n "142.250.189.14:443"\n "142.250.217.130:443"\n "157.240.254.7:443"\n "146.75.92.157:443"\n "13.227.44.24:443"\n "172.67.69.156:443"\n "35.186.248.98:443"\n "216.239.34.181:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bancociudad.com.ar"\n "browser-update.org"\n "cdn-widgets.chattigo.com"\n "cdnjs.cloudflare.com"\n "config-global.chattigo.com"\n "ocsp.sectigo.com"\n "static.ads-twitter.com"\n "twemoji.maxcdn.com"\n "use.fontawesome.com"\n "www.bancociudad.com.ar"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3348:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:6324:304:WilStaging_02"\n "Local\\SM0:6324:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:3348:120:WilError_01"\n "Local\\SM0:3348:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3348:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2940:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.sectigo.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"29c3c455eb0ebe5b_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\29c3c455eb0ebe5b_0]- [targetUID: 00000000-00003348]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003348]\n "f_00024d" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00004292]\n "f_000268" has type "JPEG image data baseline precision 8 960x420 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000268]- [targetUID: 00000000-00004292]\n "dc024e37-24d7-4619-b791-203aee584692.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 53900"- Location: [%TEMP%\\dc024e37-24d7-4619-b791-203aee584692.tmp]- [targetUID: 00000000-00003348]\n "Tabs_13313178968803289" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13313178968803289]- [targetUID: 00000000-00003348]\n "765cfe4494a18824_0" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003348]\n "e3c33c80-9437-442d-879c-95d0314ecde7.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e3c33c80-9437-442d-879c-95d0314ecde7.tmp]- [targetUID: 00000000-00003348]\n "f_00023e" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00004292]\n "2ad8c636674bcc14_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\2ad8c636674bcc14_0]- [targetUID: 00000000-00003348]\n "f_000284" has type "Ogg data Vorbis audio stereo 44100 Hz ~96000 bps"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000284]- [targetUID: 00000000-00004292]\n "4e8147e4f545a47c_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4e8147e4f545a47c_0]- [targetUID: 00000000-00003348]\n "91369cf243ec2070_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "TrueType Font data 11 tables 1st "OS/2" 14 names Macintosh type 1 string icomoon "- [targetUID: N/A]\n "2d8883836df10fc0_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00004292]\n "f1de57bd-9604-4dcb-9e44-716a69cec2a9.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\f1de57bd-9604-4dcb-9e44-716a69cec2a9.tmp]- [targetUID: 00000000-00004292]\n "4af3c85af602fe93_0" has type "data"- [targetUID: N/A]\n "c1970b30fb6d8527_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\c1970b30fb6d8527_0]- [targetUID: 00000000-00003348]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"static.ads-twitter.com" (Indicator: "twitter")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.bancociudad.com.ar/"\n Pattern match: "https://www.bancociudad.com.ar"\n Heuristic match: "ocsp.sectigo.com"\n Heuristic match: "GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBS83pEmglYTXfyF78OS%2BRiTRWadkgQULGn%2FgMmHkK404bTnTJOFmUDpp7ICEQC2rT5BoDb95aPVWokq%2BuwL HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/10.0\nHost: ocsp.sectigo.com"\n Heuristic match: "bancociudad.com.ar"\n Heuristic match: "browser-update.org"\n Heuristic match: "cdn-widgets.chattigo.com"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "config-global.chattigo.com"\n Heuristic match: "static.ads-twitter.com"\n Heuristic match: "twemoji.maxcdn.com"\n Heuristic match: "use.fontawesome.com"\n Pattern match: "www.bancociudad.com.ar"\n Pattern match: ".bancociudad.com.ar/\'i1s;itu;\';__\'il/"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random\n "twemoji.maxcdn.com" seems to be random'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/92 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-0000044C-1273661857\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\OptimizationGuidePredictionModels" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE4-7938540729\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE4-8638274333\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d0313995-11ad-4fbc-ac47-fb134ed2e3e0" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE6-25412996207\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d29bc76d-2b8d-4a95-80d7-f22f79c87d73" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE4-25414099115\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Bookmarks" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE2-42627708116535.229.48.116
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Noneattwifi (Net ID: 00:14:6A:5B:53:92)32.8608, -79.9746
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.17): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NonemyLGNet1383 (Net ID: 00:08:52:1E:13:81)39.0469, -77.4903
2023-05-12 03:04:07Malicious IP on Same SubnetYesGreensnow0040Nonegreensnow.co [46.101.128.0/17] https://blocklist.greensnow.co/greensnow.txt46.101.128.0/17
2023-05-12 02:44:49Company NameNoCompany Name Extractor1020None(c) CentralNic LtdDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 02:45:27Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 14, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://k8slens.dev/index.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:5804:304:WilStaging_02"\n "Local\\SM0:5804:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:5804:120:WilError_01"\n "Local\\SM0:5804:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "138.91.254.96:443"\n "142.250.188.10:443"\n "142.251.46.227:443"\n "34.248.78.39:443"\n "192.30.255.117:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.github.com"\n "api.k8slens.dev"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "k8slens.dev"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<a class="dropdown-item" href="https://twitter.com/k8slens">TWITTER</a>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">Loving <a href="https://twitter.com/k8slens">@k8slens</a> a great OSS tool for k8s </p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/andystopford/status/1364158215466987522"><i class="fab fa-twitter"></i> Dec 8, 2020</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">I\'ve shared it already, but I want to say again that I\'m real happy I found <a href="https://twitter.com/k8slens">@k8slens</a> for Kubernetes work. Makes it much more convenient, especially when juggling multiple clusters!</p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/TheBlondeBass/status/1374379945380605955"><i class="fab fa-twitter"></i> Mar 23, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/chriskalmar/status/1354878064698789901"><i class="fab fa-twitter"></i> Jan 28, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/hueythewookiee/status/1366084768073474048"><i class="fab fa-twitter"></i> Feb 28, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">Today I just discovered <a href="https://twitter.com/k8slens">@k8slens</a> and I am blown away how helpful this tool is. The open source community is amazing!</p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/jaydrogers/status/1363986936222908416"><i class="fab fa-twitter"></i> Feb 23, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">Can\'t imagine working without <a href="https://twitter.com/k8slens">@k8slens</a> again. It saves so much time when debugging. Awesome tool! <span class="hashtag">#Kubernetes</span></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/kj187/status/1378030896478048263"><i class="fab fa-twitter"></i> Apr 2, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/matfsw/status/1352561119983005702"><i class="fab fa-twitter"></i> Jan 22, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006220]\n "f_0004cb" has type "PNG image data 1920 x 1200 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006788]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00006788]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00006788]\n "7535c146-9755-4ec6-9716-07311086f816.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 33561"- Location: [%TEMP%\\7535c146-9755-4ec6-9716-07311086f816.tmp]- [targetUID: 00000000-00006788]\n "f_0004db" has type "PNG image data 2384 x 1453 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004db]- [targetUID: 00000000-00006220]\n "f_0004dc" has type "PNG image data 2048 x 1024 8-bit grayscale non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004dc]- [targetUID: 00000000-00006220]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "f_0004ca" has type "PNG image data 800 x 800 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004ca]- [targetUID: 00000000-00006220]\n "f_0004c9" has type "gzip compressed data from Unix original size modulo 2^32 1043324"- [targetUID: N/A]\n "f_0004da" has type "PNG image data 400 x 400 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006220]\n "f_0004c8" has type "PNG image data 500 x 500 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c8]- [targetUID: 00000000-00006220]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006788]\n185.199.111.153
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5eacee2fce86e1-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.135.9
2023-05-12 03:33:35Raw File Meta DataNoBinary String Extractor0040None<!DOCTYPE html> <html> <head> <title>Page Not Found</title> <style> </style> </head> <body> <h1>Page Not Found</h1> </div> <p>Looks like you've followed a broken link or entered a URL that doesn't exist on this site.</p> <p> </svg> Back to our site </a> </p> </p> </div> </div> </div> <script> </script> </body> </html> https://pics.battleb0t.xyz/images/withat_5.jpg
2023-05-12 03:03:28Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io001328.github.io
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonegclabc (Net ID: 00:0B:86:22:0F:31)33.6170672,-111.90564645297056
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D8:FE)32.8608, -79.9746
2023-05-12 02:44:19Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.110.153
2023-05-12 03:31:30Affiliate - Email AddressNoE-Mail Address Extractor0070Noneabuse@support.gandi.net Domain Name: TELLERIA.COM Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T18:34:23Z Registry Expiry Date: 2023-08-11T18:34:23Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-222-C.GANDI.NET Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: telleria.com Registry Domain ID: 1147715746_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2022-06-03T06:12:07Z Creation Date: 2007-08-11T16:34:23Z Registrar Registration Expiration Date: 2023-08-11T18:34:23Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: CodeSyntax Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Marcajes Telleria S.L. Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: ES Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net Name Server: NS-49-A.GANDI.NET Name Server: NS-89-B.GANDI.NET Name Server: NS-222-C.GANDI.NET Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: http://www.codesyntax.com/ Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/
2023-05-12 03:03:27Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000b000.github.io
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNetA41A (Net ID: 00:01:36:57:A4:18)37.7813933,-122.3918002
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneBest Western Lobby (Net ID: 00:02:2D:66:D4:75)33.617190550339146,-111.90827887019054
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneGit (software)cdn-185-199-111-153.github.com
2023-05-12 02:44:39Internet NameNoDNS Resolver0020Nonewww.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 26 02:43:31 2023 GMT Not After : Jul 25 02:43:30 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 6e:46:f1:1e:e1:9f:06:66:b4:a8:76:85:82:4c:61:2f:de:37: 70:5e:a3:ab:ce:31:a5:e4:63:10:5d:02:f9:ef:bd:c4:11:85: 80:6c:fc:c5:84:b0:c5:6b:a0:c4:07:ac:78:f3:1f:48:7e:f7: 86:c2:2f:cf:18:f5:92:dd:9a:51:6a:86:ae:51:1d:75:24:9f: d6:b2:e6:73:f5:1b:4b:e1:d9:79:e3:8c:6d:d9:f5:09:8b:04: 13:69:59:dc:c2:b8:16:59:fc:4b:dd:d4:70:53:86:d9:46:1f: 4d:75:2f:f5:5d:24:f4:03:69:e5:72:06:59:2d:70:8b:88:1b: c1:6e:20:f4:5c:2c:e2:e1:c4:72:50:4a:c0:18:b3:d8:69:e9: db:ae:5d:67:ee:07:2b:bd:14:58:30:61:50:1a:c8:bf:41:ea: 16:f9:d3:c8:60:89:41:8f:2e:74:af:3d:af:75:1d:3b:a1:aa: eb:1e:d5:15:4a:21:6f:8c:e6:17:0c:be:34:82:b6:75:05:7b: 8e:d6:da:74:1c:32:3b:c5:5e:fc:60:88:85:77:b4:ca:57:ff: 3c:36:de:a9:4f:dc:93:d8:f4:d4:75:d4:5f:6c:78:5c:f7:cb: 36:fe:04:b5:16:3b:bd:9f:a9:99:de:01:fa:7f:2c:28:60:7e: 4a:61:2b:70
2023-05-12 03:43:21Open TCP PortNoPulsedive0030None87.248.157.79:44387.248.157.0/24
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000yesnt.github.io] https://www.openphish.com/feed.txt000yesnt.github.io
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneHouzz (Category: hobby) https://www.houzz.com/user/loginlogin
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050None6dgs (Net ID: 00:06:B1:28:66:65)33.617190550339146,-111.90827887019054
2023-05-12 03:33:59Raw File Meta DataNoBinary String Extractor0040NoneIDATx ? `sm b"0N9 3@N:vn yj4BZu:- pqmVU hEC0s c@ h' 6FcPkh4 2:Eu` IDAT nfwPH jniEDkf 9uCGxN MWFGv '!hXQf 6WoW' hRoWW 68ZQ$ 8Ro7Tr 2j3yrN nkumI'N rVKjW icsI3 dc:YL JU5sF O::vH BlH_0 xHnU6 :9sGc LB7R1 \T.sL T.TM` /kyyE NjttD Z \$@ _495P trtT'cq yf4:6 5?O@nY .LRMj9o dx.>_ "P/9l 1i5b> d<'uj JG077/ 4NmT4 2 2d9L B?mju VWom <F0b-R PMc7d6d? Z`sX10 tXB0Zn blFM! FpL3K 0o!Sc 6DfD0 IDATG` D2Yi2e wgxsu. sx<C3 P?AF5 N1dcyzL 6dT\D xTPT' " mE\ DpW-Q 8NZeS SIc@x oJj'sN?? ``xvl BR8Jtu waVm' 8 Jkd 55j1T i5Vn heH_> yy60A j1ENS uHcBj VCAKa v-v7i T/T.lF IDAT> 5zqxE? dUJ77 8_seE "gJs5UxZ p9Rn: f2`q? r4SvF 05sFG- 7mecE `tNP6 ><HQT s9v54 !c>0 MRmC" Pp@e9_https://funny.battleb0t.xyz/images/ein_2.png
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneThe Batcave (Net ID: 00:11:32:A4:B5:6C)50.8897, 6.0563
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePiekielni (Category: misc) https://piekielni.pl/user/loginlogin
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneFUNK-STEDE (Net ID: 00:02:2D:3D:3E:AD)50.1188, 8.6843
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeensGroep (Net ID: 00:01:21:1F:B1:A0)52.3759, 4.8975
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [010pixel.github.io] https://www.openphish.com/feed.txt010pixel.github.io
2023-05-12 03:23:38Open TCP PortNoPulsedive0030None188.114.96.14:8443188.114.96.0/24
2023-05-12 02:44:23Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.109.153
2023-05-12 02:47:40Open TCP PortNoPulsedive0030None104.196.30.220:443104.196.30.220
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneSpaceStation (Net ID: 00:02:2D:01:CF:F8)37.780462,-122.390564
2023-05-12 02:53:49Open TCP PortNoCensys0020None2606:50c0:8000::153:4432606:50c0:8000::153
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneZiggo8BDDE0 (Net ID: 00:0C:F6:8B:DD:E0)50.8897, 6.0563
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12834.148.97.127
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ea2e0298c1146-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.97.1
2023-05-12 02:54:15HTTP HeadersNoWeb Spider6020None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}nwapi2.battleb0t.xyz
2023-05-12 03:31:33Affiliate - Email AddressNoE-Mail Address Extractor0030Nonewestabuse@gmail.comDomain Name: AYU.XYZ Registry Domain ID: D9607467-CNIC Registrar WHOIS Server: whois.west.cn Registrar URL: http://www.west.cn Updated Date: 2023-02-11T09:04:01.0Z Creation Date: 2015-08-20T20:34:37.0Z Registry Expiry Date: 2023-08-20T23:59:59.0Z Registrar: CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD. Registrar IANA ID: 1556 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Registrant State/Province: Jiang Su Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS5.MYHOSTADMIN.NET Name Server: NS6.MYHOSTADMIN.NET Name Server: NS1.MYHOSTADMIN.NET Name Server: NS2.MYHOSTADMIN.NET Name Server: NS3.MYHOSTADMIN.NET Name Server: NS4.MYHOSTADMIN.NET DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@west.cn Registrar Abuse Contact Phone: +86.2862778877 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayu.xyz Registry Domain ID: xy74494296952501 Registrar WHOIS Server: whois.west.cn Registrar URL: www.west.cn Updated Date: 2015-08-20T20:34:39.0Z Creation Date: 2015-08-20T20:34:39.0Z Registrar Registration Expiration Date: 2023-08-20T20:34:39.0Z Registrar: Chengdu west dimension digital technology Co., LTD Registrar IANA ID: 1556 Reseller: Domain Status: ok http://www.icann.org/epp#ok Registry Registrant ID: Not Available From Registry Registrant Name: REDACTED FOR PRIVACY Registrant Organization: REDACTED FOR PRIVACY Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Jiang Su Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: CN Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Registry Admin ID: Not Available From Registry Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Registry Tech ID: Not Available From Registry Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Name Server: ns1.myhostadmin.net Name Server: ns2.myhostadmin.net DNSSEC: signedDelegation Registrar Abuse Contact Email: westabuse@gmail.com Registrar Abuse Contact Phone: +86.2862778877 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
2023-05-12 02:53:39Netblock MembershipNoCensys0020None185.199.108.0/24185.199.108.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneAP Checkpoint (Net ID: 00:02:6F:B8:A2:4E)33.617190550339146,-111.90827887019054
2023-05-12 02:51:07SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 23 20:32:58 2023 GMT Not After : Jun 21 20:32:57 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc: 59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01: 7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be: 0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa: 26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8: 92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd: c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed: 95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5: c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4: 72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c: 13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce: 3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6: be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1: ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14: 9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31: 9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02: ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60: db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23: 66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d: 1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29: 9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46: 76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb: 5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2: c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87: 99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1: d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e: cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6: 3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7: 6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e: 4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4: 1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e: 5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40: 7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71: 68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94: 83:4a:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 23 21:32:58.351 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:F9:02:68:04:DD:BD:03:2E:AE:18:AA: AF:0D:3B:37:54:0B:65:42:08:02:43:59:39:EA:4E:E4: 74:9E:81:C9:7F:02:21:00:A3:06:40:AE:98:69:3E:CB: 1F:F6:11:FA:78:DC:13:53:6B:E1:77:75:9F:C2:16:A0: DB:C3:04:86:97:E4:3C:C0 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Mar 23 21:32:58.367 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:7A:A2:EB:6D:CE:11:7A:04:E7:47:C4:C2: 44:9A:BB:45:2B:47:3C:26:06:C5:A4:73:04:05:59:C0: EA:D7:C9:86:02:21:00:96:12:0C:16:C7:15:09:8E:8E: 23:55:5D:FF:D3:4D:29:B3:21:12:6C:94:18:E0:30:4E: 4A:D0:D6:81:62:80:25 Signature Algorithm: sha256WithRSAEncryption 54:a4:7f:41:90:b7:5a:58:4b:b5:6b:68:ea:db:5a:92:b3:b2: 5b:7b:19:af:8a:ab:f1:af:c0:c8:97:4c:34:bf:3f:32:11:7b: ef:8b:7e:76:7a:87:16:2c:1f:d0:41:d1:c1:02:b1:37:57:af: 4c:2b:b8:7b:75:a1:66:6d:db:db:ab:82:a1:fd:0c:b1:09:1f: f6:3b:6f:e4:40:6a:6c:5b:ef:1d:46:ef:b3:b7:e2:09:40:10: a0:d1:48:3e:99:ab:85:a3:c4:4c:9c:38:4c:86:5d:05:6c:1b: 02:ea:8a:b9:cd:33:f5:2b:4f:92:81:81:2f:e1:d6:b3:a5:e1: b8:f6:e8:c6:e4:af:f3:a4:96:e9:02:f8:de:c5:31:3b:03:6b: a3:c1:43:ea:01:84:7b:d7:65:c2:7b:26:5b:45:8b:c9:00:4a: bf:64:80:db:bc:e4:35:f5:31:8b:1a:49:c1:a9:b6:8d:8f:59: 62:4e:f9:b9:59:d2:7d:9b:3a:75:2f:82:0e:77:1f:fa:cc:3b: 4e:90:c2:ba:e9:1d:4c:b0:a0:53:8e:4b:72:4b:e7:12:e4:36: 5a:97:fc:6e:97:fc:a5:f5:76:de:6f:cd:f5:6d:3f:07:f6:75: e6:97:55:45:a3:14:55:0c:ff:89:33:2c:76:5f:49:b1:2d:bb: 1e:69:4c:4d battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan51 (Net ID: 00:02:6F:09:B2:F7)37.7642, -122.3993
2023-05-12 02:59:47Affiliate - Email AddressNoE-Mail Address Extractor0020Nonebattleb0t.xyz@regprivate.ruDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys-g (Net ID: 00:0C:41:14:DD:46)39.0469, -77.4903
2023-05-12 03:33:11Malicious IP AddressYesVirusTotal0030NoneVirusTotal [185.199.111.153] https://www.virustotal.com/en/ip-address/185.199.111.153/information/185.199.111.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneTB Proprietary Channel. 01 (Net ID: 00:04:32:38:A1:09)33.336199,-111.89446440830702
2023-05-12 02:46:49Open TCP PortNoSSL Certificate Analyzer0030None64.226.81.43:44364.226.81.43
2023-05-12 02:53:42Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T01:22:57.156Z", "ip": "185.199.109.153", "location_updated_at": "2023-05-05T05:03:49.200600Z", "autonomous_system_updated_at": "2023-05-02T12:54:55.346102Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"seanbalakhanei.me": {"record_type": "A", "resolved_at": "2023-03-04T17:11:48.378304297Z"}, "docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "recipe-book.net": {"record_type": "A", "resolved_at": "2023-04-28T21:03:13.982663466Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "vivovagas.github.io": {"record_type": "A", "resolved_at": "2023-02-28T16:27:22.626388076Z"}, "viameumie.ivankz.com": {"record_type": "CNAME", "resolved_at": "2023-02-20T14:18:59.794160299Z"}, "dev.nim579.ru": {"record_type": "CNAME", "resolved_at": "2023-03-14T03:44:39.256076367Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "agorakube.ilkilabs.io": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:02:31.257299756Z"}, "hexo.mistyrainq.site": {"record_type": "CNAME", "resolved_at": "2023-02-27T19:12:00.083016296Z"}, "tygospanhoff.nl": {"record_type": "A", "resolved_at": "2023-03-17T18:48:07.760584370Z"}, "www.cosmoamautas.org": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:14:19.547803721Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "neophyte.cf": {"record_type": "A", "resolved_at": "2023-05-02T19:50:08.874674432Z"}, "hollisis.me": {"record_type": "A", "resolved_at": "2023-04-05T18:19:59.923721676Z"}, "dev.baicom.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T13:55:02.514462461Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "clockwork189.uwdbc.com": {"record_type": "A", "resolved_at": "2023-03-01T15:32:36.493936266Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "www.vanessaduque.studio": {"record_type": "CNAME", "resolved_at": "2022-10-27T17:43:30.429661358Z"}, "meteo-parapente.github.io": {"record_type": "A", "resolved_at": "2023-03-17T16:27:19.176274732Z"}, "www.secure-ai.systems": {"record_type": "CNAME", "resolved_at": "2023-04-02T00:00:07.499451114Z"}, "minigrid.farama.org": {"record_type": "CNAME", "resolved_at": "2023-03-31T03:15:36.295656175Z"}, "thivvyan.tech": {"record_type": "A", "resolved_at": "2023-03-17T19:22:41.845128424Z"}, "caderichard.com": {"record_type": "A", "resolved_at": "2023-03-17T13:39:16.909350033Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "mmjlee.github.io": {"record_type": "A", "resolved_at": "2023-03-14T00:28:15.909008635Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "blog.tecnual.com": {"record_type": "CNAME", "resolved_at": "2023-05-01T15:39:55.545500428Z"}, "www.machproductions.com": {"record_type": "CNAME", "resolved_at": "2023-04-16T15:08:16.718595727Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "www.trivial.group": {"record_type": "CNAME", "resolved_at": "2023-02-22T16:56:04.473316622Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "p316.net": {"record_type": "A", "resolved_at": "2023-05-03T20:00:25.592728888Z"}, "www.thesimson.net": {"record_type": "A", "resolved_at": "2023-05-10T19:50:34.643893649Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "induja.me": {"record_type": "A", "resolved_at": "2023-03-04T17:10:57.729332623Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "www.alleviationwellnesschiro.com": {"record_type": "A", "resolved_at": "2023-05-06T13:30:08.484568914Z"}, "klopfenstein.org": {"record_type": "A", "resolved_at": "2023-03-01T19:20:02.059355976Z"}, "mjlee.dev": {"record_type": "A", "resolved_at": "2023-03-15T23:01:22.092009794Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "modelr.tidyverse.org": {"record_type": "CNAME", "resolved_at": "2023-03-10T17:30:47.271697893Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "mormannorman.chesterfieldschools.net": {"record_type": "CNAME", "resolved_at": "2023-04-03T19:11:55.285332304Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "braavos.app": {"record_type": "A", "resolved_at": "2022-10-02T12:04:48.017779237Z"}, "turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "www.orange-outsourcing.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T15:30:44.956112894Z"}, "visbol.org": {"record_type": "CNAME", "resolved_at": "2023-03-11T19:10:21.996256557Z"}, "www.lunadias.online": {"record_type": "A", "resolved_at": "2022-10-28T16:39:21.566059040Z"}, "xyaman.xyz": {"record_type": "A", "resolved_at": "2023-04-23T21:50:04.311882749Z"}, "docs.aslbeverlygreen1.fr": {"record_type": "CNAME", "resolved_at": "2023-03-23T18:15:37.208305943Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "jarrodboone.info": {"record_type": "A", "resolved_at": "2023-03-06T16:41:45.613039480Z"}, "editor.ifmledit.org": {"record_type": "CNAME", "resolved_at": "2023-03-19T20:27:36.604759792Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "www.tastey.tech": {"record_type": "CNAME", "resolved_at": "2023-02-28T18:50:09.161433327Z"}, "sandrine.barillot.me": {"record_type": "CNAME", "resolved_at": "2023-03-12T16:19:18.691253010Z"}, "unitedanimations.info": {"record_type": "A", "resolved_at": "2023-01-29T02:20:44.771224615Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-04-23T17:40:41.917214504Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "www.jtjan.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T02:40:52.835663110Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "theodd.website": {"record_type": "A", "resolved_at": "2023-03-19T03:21:30.685920747Z"}, "djalyssa.ru": {"record_type": "A", "resolved_at": "2023-04-22T20:21:58.054821229Z"}, "www.unixlife.dev": {"record_type": "CNAME", "resolved_at": "2022-10-04T14:32:50.060827864Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "www.johnhammond.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:27.017906781Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "www.uocsclub.ca": {"record_type": "CNAME", "resolved_at": "2023-04-20T16:20:28.858631812Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}, "www.teamhtp.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:24:15.762157977Z"}, "resume.hellodmo.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:26:25.908256359Z"}}, "names": ["kleinsplayground.com", "www.agitator.com", "maxkross.github.io", "www.vanessaduque.studio", "djalyssa.ru", "hollisis.me", "cyberfriendscircle.io", "editor.ifmledit.org", "mjlee.dev", "modelr.tidyverse.org", "www.wise.fitness", "docs.aslbeverlygreen1.fr", "www.secure-ai.systems", "visbol.org", "viameumie.ivankz.com", "meteo-parapente.github.io", "sean185.199.109.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonecodeforces (Category: coding) https://codeforces.com/profile/loginlogin
2023-05-12 02:44:13IP AddressNoDNS Resolver204010None185.199.111.153battleb0t.xyz
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c564d9c4d65692b-FRA Content-Encoding: gzip 188.114.97.1
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.47): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:17Internet NameNoDNS Resolver2020Nonenwapi.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None172.67.168.252oldfluid.battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None02:32:42 (Net ID: 00:02:2D:01:53:95)37.7642, -122.3993
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None#LG@Vo1P*Service& (Net ID: 00:01:36:57:A4:17)37.7813933,-122.3918002
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneJupiter (Net ID: 00:02:2D:66:D2:49)50.1188, 8.6843
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMicrosoft Technet Community (Category: tech) https://social.technet.microsoft.com/profile/login/login
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomAC2DD8 (Net ID: 00:0C:F6:AC:2D:D8)50.8897, 6.0563
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5e4216390f2caf-ORD 188.114.96.1
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATT8QH8gLT (Net ID: E0:22:02:14:AB:06)37.751, -97.822
2023-05-12 02:56:55Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 67:78:0f:c0:b3:05:0b:42:0e:1c:78:58:8a:88:56:0d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Nov 17 08:19:18 2022 GMT Not After : Feb 15 08:19:17 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a3:01:61:a3:c8:87:25:e7:fe:c0:1a:32:3c:c6: da:64:8b:b5:50:60:2b:c0:e8:58:1f:54:74:29:d7: 0b:35:57:ae:f0:78:a5:6a:4d:cb:a8:98:c4:c6:08: 24:6e:38:c0:cc:16:fb:e7:ce:21:ed:5f:2c:c4:e9: e1:ff:82:8a:ca:a0:fe:ce:4a:08:f4:8a:91:e3:98: af:3f:35:a0:b7:82:16:66:79:8f:d4:5d:c4:1a:c4: 1c:5a:e2:e2:40:e3:be:d7:73:e5:51:b3:f0:08:0d: a6:31:11:c5:bc:1d:5c:d2:b0:47:24:f8:d9:1e:d9: 72:fd:86:0b:d6:ac:4a:39:ad:f4:43:e7:b6:d3:16: b9:d1:e5:c9:06:1d:ce:7c:25:06:4b:96:f2:9e:cb: 95:bc:80:ba:d7:9a:27:c3:51:67:b3:b0:6a:3f:9a: e8:0b:b4:16:de:be:54:b1:18:14:ad:76:c7:23:c1: 08:4f:b6:99:58:df:3e:de:3d:0b:39:ef:c8:1d:bd: ed:09:cf:81:92:ec:d8:74:46:47:9c:a4:42:fc:96: 89:c3:55:1e:f4:e7:49:b0:1d:55:06:19:4e:28:13: c2:a1:7a:ff:d1:4f:38:19:a3:e0:4d:5a:68:ce:ea: 96:c0:01:60:48:f3:a6:ac:5d:db:48:50:b3:86:27: 96:7d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 61:B8:A8:F3:B0:F5:FF:35:6D:A7:1D:C8:69:9E:4B:49:3E:DA:20:38 X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_haK7tXOc_M CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/QAbdIRPj4FY.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 33:ae:dc:a9:41:b2:ff:76:d8:16:a0:d6:b1:5d:1b:db:3c:51: 93:a6:fd:af:36:c1:59:1e:4b:0d:e6:0a:68:f5:5b:67:34:d6: 7c:a2:8f:90:10:2f:aa:b0:12:bb:81:fd:67:15:ed:d9:15:c1: 8f:5d:b8:52:a6:bc:40:4e:a4:3f:43:ef:65:92:60:20:d0:12: 48:ce:4b:b9:00:fd:36:8b:76:61:50:e7:da:3c:1a:3a:5f:db: 72:c2:bd:1e:38:be:f8:8e:de:f4:a4:78:e4:01:fa:06:51:d3: 6a:dc:fa:a9:19:00:c1:ae:b4:9f:af:62:50:c9:10:65:a2:ca: 97:5d:f7:7c:0c:f6:19:9f:39:9c:60:58:85:b8:8d:be:0a:5d: 7e:8f:0f:cd:3f:06:a9:b3:21:ec:e6:b3:e0:c5:3a:b8:3f:7c: 01:a3:c7:7d:dc:0a:7a:49:a1:6a:53:99:e3:04:53:97:7c:d1: e8:e0:e6:80:50:bc:c9:d5:7f:a1:e4:1f:6b:f6:56:fd:81:32: 7b:6a:77:24:be:21:62:cb:d5:73:03:e6:d0:24:96:0d:16:ad: 36:c7:39:57:be:6a:0c:e1:3c:be:e8:78:08:a6:c6:71:fa:55: b9:72:10:a6:f0:bd:1e:37:78:64:35:f8:06:57:c1:5e:e2:2e: f5:04:6b:a3
2023-05-12 02:44:18Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.111.153
2023-05-12 02:46:36Netblock MembershipNoRIPE2030None34.148.96.0/2034.148.97.127
2023-05-12 03:31:58Open TCP PortNoPulsedive0030None188.114.97.0:8443188.114.97.0/24
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00saadchaudhry.github.io] https://www.openphish.com/feed.txt00saadchaudhry.github.io
2023-05-12 02:54:19Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://npbruce.github.io/valkyrie/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:2076:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2076:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3120:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3120:120:WilError_01"\n "SM0:3120:304:WilStaging_02"\n "SM0:3120:120:WilError_01"\n "Local\\SM0:2076:120:WilError_01"\n "Local\\SM0:2076:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:2076:304:WilStaging_02"\n "SM0:2076:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2076:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2076:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.251.46.234:443"\n "172.217.164.99:443"\n "192.30.255.116:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00002076]\n "typosquatting_list.pb" has type "data"- Location: [%TEMP%\\2076_314052531\\typosquatting_list.pb]- [targetUID: 00000000-00002076]\n "f38969098ae50137_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f38969098ae50137_0]- [targetUID: 00000000-00002076]\n "ad000e355b853159_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\ad000e355b853159_0]- [targetUID: 00000000-00002076]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002076]\n "f_00023e" has type "PNG image data 2394 x 1466 8-bit colormap non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00005516]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.json]- [targetUID: 00000000-00002076]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.fingerprint]- [targetUID: 00000000-00002076]\n "f_000243" has type "PNG image data 2880 x 1800 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00005516]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 125617"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002076]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\2076_2098649151\\adblock_snippet.js]- [targetUID: 00000000-00002076]\n "5a44bc8f-8ac3-49ff-81e3-d2694fc74cc3.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\5a44bc8f-8ac3-49ff-81e3-d2694fc74cc3.tmp]- [targetUID: 00000000-00002076]\n "361997ab-354a-4d80-b2b8-2a99e7ad455e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\361997ab-354a-4d80-b2b8-2a99e7ad455e.tmp]- [targetUID: 00000000-00002076]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006184]\n "ad9deeb0-01f3-4e2c-89b5-726ac2308ce5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ad9deeb0-01f3-4e2c-89b5-726ac2308ce5.tmp]- [targetUID: 00000000-00002076]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00002076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.44\\Ruleset Data]- [targetUID: 00000000-00002076]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_driver.js]- [targetUID: 00000000-00002076]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://npbruce.github.io/valkyrie/"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://npbruce.github.io"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://idsync.rlcdn.com,supports_spdy:true},{isolation:[],server:https://pippio.com,supports_spdy:true},{isolation:[],server:https://assets.msn.com,supports_spdy:true},{isolation:[],server:https://ntp.msn.com,supports_spdy:true}"\n Pattern match: "npbruce.github.io/valkyrie/"\n Heuristic match: "pbruce.github.io"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 172.217.164.99"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002076]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\2076_2098649151\\adblock_snippet.js]- [targetUID: 00000000-00002076]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_driver.js]- [targetUID: 00000000-00002076]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\shopping.js]- [targetUID: 00000000-00002076]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002076]\n "product_page.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\product_page.js]- [targetUID: 00000000-00002076]\n "shoppingfre.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\shoppingfre.js]- [targetUID: 00000000-00002076]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\shopping_iframe_driver.js]- [targetUID: 00000000-00002076]\n "auto_open_controller.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\auto_open_controller.js]- [targetUID: 00000000-00002076]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\edge_tracking_page_validator.js]- [targe185.199.109.153
2023-05-12 03:01:15Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.137): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:32Raw Data from RIRsNoPhishStats0020None[{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.109.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2310541, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Payment request', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'626571f292283f42d1621b3d7cb9aa87ba7a14a373f3205743438d2b0b3807b0', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'binance-eth.github.io', u'date': u'2018-07-08T03:03:10.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'http://binance-eth.github.io/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}]185.199.109.153
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.21): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:26Open TCP PortNoSSL Certificate Analyzer0020None188.114.96.1:443188.114.96.1
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0060Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:56:09Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://mashreq-dispute-refund-edd7e6.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "184.50.50.164:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1708"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6ac_ConnHashTable<1708>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6ac_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6ac_IESQMMUTEX_0_331"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_6ac_ConnHashTable<1708>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6ac_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1708"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6ac_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "OF1UBMZL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OF1UBMZL.txt]- [targetUID: 00000000-00003804]\n Dropped file: "2E0BQQCR.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2E0BQQCR.txt]- [targetUID: 00000000-00001708]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "OF1UBMZL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OF1UBMZL.txt]- [targetUID: 00000000-00003804]\n "_D5D21362-5F02-11ED-9265-080027EC57C5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFCA1499D1E2A66278.TMP" has type "data"- Location: [%TEMP%\\~DFCA1499D1E2A66278.TMP]- [targetUID: 00000000-00001708]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "down_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFA5965846D60398AC.TMP" has type "data"- Location: [%TEMP%\\~DFA5965846D60398AC.TMP]- [targetUID: 00000000-00001708]\n "~DFFE404849249527B2.TMP" has type "data"- Location: [%TEMP%\\~DFFE404849249527B2.TMP]- [targetUID: 00000000-00001708]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "2E0BQQCR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2E0BQQCR.txt]- [targetUID: 00000000-00001708]\n "background_gradient_1_" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 1x800 components 3"- [targetUID: N/A]\n "_CBCF1377-5F02-11ED-9265-080027EC57C5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.5" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.5]- [targetUID: 00000000-00001708]\n "ErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._CBCF1375-5F02-11ED-9265-080027EC57C5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF332AB4CC922D1A60.TMP" has type "data"- Location: [%TEMP%\\~DF332AB4CC922D1A60.TMP]- [targetUID: 00000000-00001708]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974\nX-Response-Cache-Status: True\nExpires: Tue, 08 Nov 2022 02:16:24 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Tue, 08 Nov 2022 02:16:24 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://mashreq-dispute-refund-edd7e6.netlify.app/"\n Pattern match: "https://mashreq-dispute-refund-edd7e6.netlify.app"\n Pattern match: "https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us"'}], u'threat_level': 0, u'size': None, u'job_id': u'6369bb23c90e715df924df2e', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220', u'184.50.50.164'], u'sha256': u'45b03fe4427c993fcd3fd86ea0653b0e7cc007e8ad65e31581e62132e63f1e14', u'sha512': u'f2459ffd3027eab6323c80e5ca0b6a797f9d1095ed62fd365bd11cfe4249f3572511c926b2b58d3e78a537057ce3a9f5c7cc23433efb6650a3cf4a03799d3ad7', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://mashreq-dispute-refund-edd7e6.netlify.app/', u'submission_id': u'6369bb24c90e715df924df2f', u'created_at': u'2022-11-08T02:12:52+00:00', u'filename': None}], u'analysis_start_time': u'2022-11-08T02:12:52+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 7, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'af72a9839a79c4f79f56297858461027', u'network_mode': u'default', u'processes': [], u'sha1': u'997b927b8a2658babd3e07db566354809219e70b', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]104.196.30.220
2023-05-12 03:00:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.10): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [008security.github.io] https://www.openphish.com/feed.txt008security.github.io
2023-05-12 03:18:06Externally Hosted JavascriptNoPage Information0030Nonehttps://www.google-analytics.com/analytics.js<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="Cache-Control" content="no-cache"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes"> <link rel="apple-touch-icon" href="logo.png"> <link rel="icon" href="logo.png"> <title>WebGL Fluid Simulation</title> <meta name="description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:type" content="website"> <meta property="og:title" content="Webgl Fluid Simulation"> <meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/"> <meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png"> <script type="text/javascript" src="dat.gui.min.js"></script> <style> @font-face { font-family: 'iconfont'; src: url('iconfont.ttf') format('truetype'); } * { user-select: none; } html, body { overflow: hidden; background-color: #000; } body { margin: 0; position: fixed; width: 100%; height: 100%; } canvas { width: 100%; height: 100%; } .dg { opacity: 0.9; } .dg .property-name { overflow: visible; } .bigFont { font-size: 150%; color: #8C8C8C; } .cr.function.appBigFont { font-size: 150%; line-height: 27px; color: #A5F8D3; background-color: #023C40; } .cr.function.appBigFont .property-name { float: none; } .cr.function.appBigFont .icon { position: sticky; bottom: 27px; } .icon { font-family: 'iconfont'; font-size: 130%; float: right; } .twitter:before { content: 'a'; } .github:before { content: 'b'; } .app:before { content: 'c'; } .discord:before { content: 'd'; } .promo { display: none; /* display: table; */ position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 1; overflow: auto; color: lightblue; background-color: rgba(0,0,0,0.4); animation: promo-appear-animation 0.35s ease-out; } .promo-middle { display: table-cell; vertical-align: middle; } .promo-content { width: 80vw; height: 80vh; max-width: 80vh; max-height: 80vw; margin: auto; padding: 0; font-size: 2.8vmax; font-family: Futura, "Trebuchet MS", Arial, sans-serif; text-align: center; background-image: url("promo_back.png"); background-position: center; background-repeat: no-repeat; background-size: cover; border-radius: 15px; box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19); } .promo-header { height: 10%; padding: 2px 16px; } .promo-close { width: 10%; height: 100%; text-align: left; float: left; font-size: 1.3em; /* transition: 0.2s; */ } .promo-close:hover { /* transform: scale(1.25); */ cursor: pointer; } .promo-body { padding: 8px 16px 16px 16px; margin: auto; } .promo-body p { margin-top: 0; mix-blend-mode: color-dodge; } .link { width: 100%; display: inline-block; } .link img { width: 100%; } @keyframes promo-appear-animation { 0% { transform: scale(2.0); opacity: 0; } 100% { transform: scale(1.0); opacity: 1; } } </style> <script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-105392568-1', 'auto'); ga('send', 'pageview'); </script> <script async src="https://www.google-analytics.com/analytics.js"></script> </head> <body> <canvas></canvas> <!-- Mother of God, pls forgive me --> <div class="promo"> <div class="promo-middle"> <div class="promo-content"> <div class="promo-header"> <span class="promo-close">&times;</span> </div> <div class="promo-body"> <p>Try Fluid Simulation app!</p> <div class="links-container"> <a class="link" id="apple_link" target="_blank"> <img class="link-img" alt="Download on the App Store" src="app_badge.png"/> </a> <a class="link" id="google_link" target="_blank"> <img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/> </a> </div> </div> </div> </div> </div> <script src="./script.js"></script> </body> </html>
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0070NoneDomains By Proxy, LLC Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-09-16T17:34:41Z Creation Date: 2014-07-15T10:59:40Z Registry Expiry Date: 2023-07-15T10:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-07-16T08:59:21Z Creation Date: 2014-07-15T05:59:40Z Registrar Registration Expiration Date: 2023-07-15T05:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-github-request-id: 70D2:0CB6:1A723F4:28AE86F:645DAA55{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 02:53:17IP AddressNoMnemonic PassiveDNS74010None188.114.96.1ayhu.xyz
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 26 02:43:31 2023 GMT Not After : Jul 25 02:43:30 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Apr 26 03:43:31.388 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:43:38:D1:BA:46:EB:FB:AE:E5:0E:F5:96: 0C:2E:94:E5:49:45:23:64:6A:0D:BD:FC:87:A8:B8:00: 87:FD:24:62:02:20:75:87:54:4A:DF:64:4F:88:2E:B1: 25:57:3C:E7:3A:E0:19:3B:72:E0:C9:1A:87:B9:BB:3F: 35:51:E8:55:8F:82 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 26 03:43:31.409 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:5D:9E:62:37:CB:DB:77:1F:86:0C:C3:56: 8B:76:28:CE:A6:09:34:6A:3E:14:48:88:F6:21:96:4B: D9:19:A8:EE:02:21:00:BC:CD:90:3B:08:38:44:A5:BB: D6:38:35:73:D2:AD:F4:37:33:C9:DB:0D:66:F0:E9:9B: ED:6A:44:1F:1B:F5:8E Signature Algorithm: sha256WithRSAEncryption 7c:fa:bc:17:47:a7:e5:00:0d:95:46:f6:aa:b8:5c:00:e2:ec: d7:d1:7a:8b:68:b6:74:b4:92:6d:3d:5e:34:79:68:36:4b:b1: 22:bc:39:10:53:ed:b5:6d:cb:32:be:a6:64:84:36:56:88:b4: 46:53:a9:13:77:42:0f:15:bd:f9:cb:e5:28:5d:fb:7e:a2:45: 2c:88:d0:5e:f0:2b:7e:c6:76:b9:0b:22:71:21:a1:7c:97:5c: 3a:e6:c7:51:0e:74:ba:87:b5:20:a9:b3:67:69:9c:c8:fc:3e: a3:b5:ad:ee:73:7a:3e:e4:18:0a:93:40:47:fa:a9:04:04:e1: f7:88:c4:73:97:3f:0c:9b:41:a3:36:f3:ec:33:03:ab:0c:30: 00:c0:20:bd:7a:4b:9a:0b:2b:5b:6d:f2:ba:7f:cc:e9:7b:ea: fb:92:46:62:0b:ad:ee:b0:ba:89:ac:82:3a:17:07:50:53:81: b3:41:01:ce:5c:08:dd:10:1b:6c:39:d6:14:34:c6:10:a8:c1: d6:c2:f7:02:f7:45:91:38:08:18:a2:cd:a4:11:ec:4f:45:cb: 9e:27:ab:1e:0d:3e:e8:66:62:38:57:e6:40:15:8a:71:ee:e2: dc:77:56:dc:8b:57:bb:4b:a9:03:f5:23:c6:cf:0a:e7:07:60: 58:ae:4b:bd battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneroLAN (Net ID: 00:0F:B5:E5:CF:1E)50.8897, 6.0563
2023-05-12 03:10:04Affiliate - Domain NameNoDNS Resolver2050Nonebeatrixhaller.atbeatrixhaller.at
2023-05-12 02:56:32SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 26:cc:7f:01:c6:92:25:78:13:50:9e:48:80:75:15:57 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Mar 23 22:37:05 2023 GMT Not After : Jun 21 22:37:04 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:aa:7b:81:42:e7:bb:ef:b8:0c:29:95:16:51:5f: 17:ef:12:01:ea:12:d1:38:f6:d6:ab:de:90:73:55: a4:af:cb:7c:f7:08:2e:7f:ec:c7:d3:07:5d:b2:f5: bb:41:e9:04:92:a8:3c:a4:cb:ef:73:55:b5:a9:bc: 5c:d1:be:26:4b:99:f3:8a:57:d8:c7:77:79:1d:0e: 70:31:81:bc:da:4a:73:41:e5:08:81:59:46:c7:d8: 68:74:56:c2:f6:64:23:af:1b:88:8f:72:bd:52:09: 2e:97:9b:f1:a4:cf:09:d8:89:91:91:ca:2e:06:41: a2:84:ad:0d:6a:df:00:95:f5:ec:e2:1e:49:48:18: 0a:3f:98:fa:06:a5:50:9f:7c:2c:20:19:c1:55:cd: 77:d2:89:47:dd:a9:ee:13:f6:2f:e2:48:87:26:a5: fd:85:17:06:37:b0:a9:d0:53:b4:4d:e3:4c:ec:0e: 83:60:b2:ad:ad:2d:44:08:30:33:b0:91:f7:b0:f8: 00:7f:d1:49:37:39:19:99:a3:59:5c:dc:4a:a0:c5: bd:ef:ae:e1:d6:c3:40:3c:f6:35:0e:db:7b:df:4f: 54:c4:bd:f6:3a:2c:2b:ff:c9:5b:e5:d2:e9:69:24: 02:0b:f7:c6:94:a2:a1:ed:73:64:15:f9:25:08:00: 3b:85 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E7:35:7E:35:FD:7B:BC:32:B5:C0:52:8C:76:D9:7D:F0:37:0A:7A:3D X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/X4UdJFi-bqE CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/QCTFvWRh6mE.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 09:9f:cd:b5:43:3b:6a:2f:1d:c9:3b:c0:c8:50:40:4b:85:6c: a4:67:c0:ea:9c:ed:fa:82:03:5a:15:d9:da:e2:17:9e:f5:4d: 17:b3:27:61:b6:b3:76:a2:5c:3c:dc:1f:ca:d1:cf:2a:8c:c5: 9f:e1:42:b1:ce:4f:6c:8b:d7:5b:5d:4a:1a:37:bf:f7:48:1c: b0:1e:50:fd:1f:d7:83:b8:62:23:8e:ce:bc:13:38:47:cd:3d: 85:a8:0c:e6:2b:35:45:86:97:06:88:96:8f:aa:84:6c:ae:91: 25:1d:3c:c7:d6:f8:a1:4f:51:5e:ed:a9:fe:6b:22:98:84:a4: ef:b4:d3:2f:02:db:9e:b8:fb:29:cc:58:62:ad:6f:ac:48:dc: 16:46:0c:14:b4:34:7b:60:f1:ec:27:16:2b:4e:4a:c3:37:36: d0:34:81:c1:2b:54:8c:d5:17:57:ba:55:4c:71:58:26:4f:c6: 22:b8:65:ba:ad:e7:f5:f2:a8:04:c1:7d:df:11:ab:7d:f5:94: 7d:56:64:8a:41:7f:f4:d3:d7:1a:a0:c6:cc:e6:42:c8:ac:de: 6a:33:c1:21:70:bc:bd:6f:69:08:1f:8f:fa:9f:b7:aa:ca:2e: e6:b7:8f:15:ac:fb:89:0e:c0:5f:c0:b9:df:e8:c0:15:b9:87: ca:00:58:c5 battleb0t.xyz
2023-05-12 02:44:35Software UsedYesTool - Wappalyzer0020NoneCloudflarefluid.battleb0t.xyz
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2083188.114.97.1
2023-05-12 02:44:09Raw Data from RIRsNoCertSpotter1010None[{u'pubkey_sha256': u'b8939526809ab88640a6a7884ee8dcb607fb00f7e0fcea60466af2f352ad1591', u'cert_sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'revoked': False, u'not_after': u'2023-05-12T05:22:09Z', u'not_before': u'2023-02-11T05:22:10Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDOP0HOjLu88T92xvNl7C6zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzAyMTEwNTIyMTBaFw0yMzA1MTIwNTIyMDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOGCjuHkugVPWyqEZy+nobtYPZt7mFtn64J+1Cu/WN2QyWoaw56LqsavmfDUZ9HWXUVkqJx6zzQg59eXqwARoe31pklpJBe3azcWUF1NOsy93t9hAuPZS8/rhdm68fc2ZBVSSRj2qTCcSpTsw/24NTkr7leWPXwPKt+xVM2s8mD64JEzJeL2F530O3Lj56P/FxUWrQLFEUK+VaOipjp4Bp1t3/Ick6bFmxlNeg1uDFWWINRTP8zAjzuQip6iSYXyI8W1F67yrbjMq2vTkc7Ol2GVTf9zgRMiB/Akq7l6c0/aiLNuo2r2JTnXhKt5g6qQePdJ5DMQirvmLAXgHszlPdAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU96deJC4cenoqkDbfZhhrpxc2fj4wHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9fTmFMS1NHU0lFWTAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9mWGJyRDA5NGl5US5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAAm86rbPU9UY+jUB9RqEtNsbNagh1LAcjGHZCu2KmA7sWdF+ildPgYUhnYEXpW1QtwIXMD9ROQ8NqNmcO2+fFmv29nEwHvbN33YowTi0KujSztgietwrMtbLR4i1CYT6Emxu4DUWuySMl7qRfkVQnpXce/+W4fk3ETBciS7tpUJ/JrdchA9f4Nr5MvrivapSUXDN8HngLY5nVjy6wh7ZL6ZLE4zPcIWLBYbq7XqKdcSHxPy4EXKMN7HwCCE1+moKpyhYBi5LdBFwHiBf0mAs9kLK+ixuUCcq6r2PLcJm5OMMaUoLRxiiKSvKNU5S6XjdCKjia1FdeNTyixlmVdGqIfU=', u'sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'98d7b9ddd34587a9f0ca631c67a7ef0e434801d5af54bf0a58a4414132b54b78', u'id': u'4808403185', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}, {u'pubkey_sha256': u'dc08bc7c8382f13f52efa247fc61a39cf343f06bf7ea548d231815f230797186', u'cert_sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'revoked': False, u'not_after': u'2023-07-10T04:54:49Z', u'not_before': u'2023-04-11T04:54:50Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDUCN2XyhvUwNBsU/w+kuvDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzA0MTEwNDU0NTBaFw0yMzA3MTAwNDU0NDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClZfrYebeqn81huW1hu+MHJxbT4UZY2+o1+CbYyAl+tjl5EkV/SpbCZUe8N7N2RoMIJHsyY/UHthdmIBjkGIxuFn+8gewQOMwgbSzWKWU9JBV6eCrQQzxGAxCzJ0fGLNk3GvgRqoKtAHaniAwr8RqympV2xKlLw2L5Eoc1mlBgcYkGC/WDP7M3iz3L+cKZ7pnTyAgH4cYg/B7LlXT1wXQzixs5LmOJmGK9msYTsrWV7Mvuzifn2iTxjrbmq+J6IGPhJqvoBQMwbq5Z1AImEDbuPSr0wHhZ+nfNKoi9FpQa4cTK2Fu3Ei7bEA7slHdASbNvdRgi08tYPETQBeLbqADJAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUulEpDi4duOMaunwRjTxpuyewUacwHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9UUVhRYlQ1bk1TNDAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9QWDdmUjU5eVYtcy5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBADWK0mf97bEjcvCiTJfuxX7hsITeF+N/sP1M5PXZwYdKuDLWlxMtq8PYDM5gAno91YtPm4k3HgfoZU8T27zyP7rqOreX2KDASmWMNTX9aXcIbDy/4qZKAsr87eVSibzBtmGYeTyjMYzWHUlMbk9RS4Avowrr/aAdIwGetxORLuo5pmqlbmWgYEfP+kQB5K/ydMbAnChF1+tYOcc5JEHy8+OjqotZXAWhkQ6i8LCryznoWZcbn43YwkerwtlGA3pd6/0+ZQ35/twbopWANPBk9tZaQ+QrX1OLhGVTly+Pu/Qd+BCCGNrSMzGU6lmw3kkxpyhlDF7n+89Y8N5wm1xnU9E=', u'sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'e25b9a56735c29036e5e585244fde0a2ba81adaf796b2d716bde988fd3954995', u'id': u'5073393240', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}]ayhu.xyz
2023-05-12 03:09:46Affiliate - Internet NameNoDNS Resolver0040None64.170.74.34.bc.googleusercontent.com34.74.170.64
2023-05-12 02:46:24Physical LocationNoMetaDefender0030NoneNorth Charleston, United States104.196.30.220
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None000justin000.github.io185.199.111.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneLINE (Category: social) https://line.me/R/ti/p/@login?from=pagelogin
2023-05-12 02:59:09Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://regclickonetwoget.com/?viwe=B5ZRVJ5AIOMUMPXF7NBL-8845fcbc2b0cfc99c4cf3eaf075db59ceb055d0a37e8', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3156 -s 132" (UID: 00000000-00003396)'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ce4_IE_EarlyTabStart_0xf98_Mutex"\n "IsoScope_ce4_IESQMMUTEX_0_519"\n "IsoScope_ce4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3300"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ce4_ConnHashTable<3300>_HashTable_Mutex"\n "IsoScope_ce4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ce4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003396) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar11F6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar11F4.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3156 -s 132" (UID: 00000000-00003396)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab11F5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "Cab11E4.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"2E2XLV93.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2E2XLV93.txt]- [targetUID: 00000000-00003300]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002144]\n "~DF31E7ED02A5F249E9.TMP" has type "data"- Location: [%TEMP%\\~DF31E7ED02A5F249E9.TMP]- [targetUID: 00000000-00003300]\n "BBB0B9C986171FE6F65C60CFDD8B124F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BBB0B9C986171FE6F65C60CFDD8B124F]- [targetUID: 00000000-00002144]\n "~DFA6E69F16FC353641.TMP" has type "data"- Location: [%TEMP%\\~DFA6E69F16FC353641.TMP]- [targetUID: 00000000-00003300]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003300]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003300]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003300]\n "Cab11F5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab11F5.tmp]- [targetUID: 00000000-00002144]\n "Tar11F6.tmp" has type "data"- Location: [%TEMP%\\Tar11F6.tmp]- [targetUID: 00000000-00002144]\n "ZI3PUTBR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZI3PUTBR.txt]- [targetUID: 00000000-00003300]\n "LWLJIC7E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LWLJIC7E.txt]- [targetUID: 00000000-00003300]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003300]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003300]\n "Tar11F4.tmp" has type "data"- Location: [%TEMP%\\Tar11F4.tmp]- [targetUID: 00000000-00002144]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002144]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00002144]\n "~DFFFB79CCFFBC7C646.TMP" has type "data"- Location: [%TEMP%\\~DFFFB79CCFFBC7C646.TMP]- [targetUID: 00000000-00003300]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://regclickonetwoget.com/?viwe=B5ZRVJ5AIOMUMPXF7NBL-8845fcbc2b0cfc99c4cf3eaf075db59ceb055d0a37e8"- [Source: Input]\n Pattern match: "https://regclickonetwoget.com"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 200 OK\nContent-Length: 281\nContent-Type: application/json; charset=utf-8\nServer: Microsoft-HTTPAPI/2.0\nX-CMS-SearchElapsedTimeInMilliseconds: 33\nX-CMS-SearchBackendTimeInMilliseconds: 30\nX-CMS-SearchMatchedTotal: 1\nX-CMS-SearchMaxScore: 0\nX-CMS-SearchShardsTotal: 80\nX-CMS-SearchShardsSuccessful: 80\nX-CMS-SearchShardsFailed: 0\nX-CMS-SearchReturnedCount: 1\nX-CMS-DocumentStorageTier: Cache\nEdge-control: max-age=900s,downstream-ttl=900s\nX-CMS-ExecutionTimeInMilliseconds: 1\nAppEx-Activity-Id: 2a0f4d89-6c8c-4bb7-94b7-ccf6e776546c\nX-Trace-Context: {"ActivityId":"2a0f4d89-6c8c-4bb7-94b7-ccf6e776546c"}\nMS-CV: 2LJ42NbMmUONOa4RjIh+ew.0\nX-CMS-ServiceLocation: westus:0\nDate: Mon, 01 Aug 2022 18:19:19 GMT\n\n[{"list":[{"link":{"href":"goldbartext","title":""}},{"link":{"href":"okBtnText","title":""}},{"link":{"href":"cancelBtnText","title":""}},{"link":{"href":"intervalInDays","title":"20"}},{"link":{"href":"repeat","title":"1"}},{"link":{"href":"version","title":"3"}}],"_score":0.0}]"- [Source: SSL_52.155.62.95]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'descr34.74.170.74
2023-05-12 03:12:52Physical LocationNonumverify0030NonePhoenix, US+14805058800
2023-05-12 02:54:18Linked URL - ExternalNoWeb Spider0030Nonehttps://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https://yoink.site/auth&response_type=code&scope=identify guilds.joinhttps://pics.battleb0t.xyz/
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneGab (Category: political) https://gab.com/ayhuayhu
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.168): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneIntelWLAN (Net ID: 00:02:B3:C4:42:9C)33.336199,-111.89446440830702
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.110): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.90): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:11:23Physical LocationNoAbstractAPI0030NoneMoscow, Russian Federation+74955801111
2023-05-12 02:55:01Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America188.114.96.1
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneGitea - Gitea is a forge software package for hosting software development version control using Git as well as other collaborative features like bug tracking, code review, kanban boards, tickets, and wikis. It supports self-hosting but also provides a free public first-party instance.cdn-185-199-111-153.github.com
2023-05-12 02:59:57SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Dec 14 04:12:32 2022 GMT Not After : Mar 14 04:12:31 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a: e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd: d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d: ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11: f7:82:81:c2:c2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA384 30:65:02:31:00:fd:8c:78:36:1c:71:84:4d:49:6c:11:58:c6: 12:a3:92:bc:28:1e:bf:5a:97:f1:6e:55:aa:8d:04:5e:52:f5: 43:5c:dd:10:26:0f:9b:fd:e7:99:a4:5c:91:c0:27:5e:27:02: 30:22:c5:07:b7:53:41:96:f1:8f:15:55:83:a7:26:c3:46:10: aa:c0:ac:d9:d7:56:82:6e:c4:c8:be:12:fb:ae:7f:6d:a8:c6: 0a:3a:a2:c1:f9:63:1b:f1:d2:5d:a4:28:24 ayhu.xyz
2023-05-12 03:09:39Affiliate - Internet NameNoDNS Resolver0040None110.48.229.35.bc.googleusercontent.com35.229.48.110
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NoneComputer security companiesbaffin.netcraft.com
2023-05-12 02:44:30Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneVillakakelbond1 (Net ID: 00:0C:F6:CE:B2:88)50.8897, 6.0563
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonedetyenship (Net ID: 00:02:2D:61:A7:66)32.8608, -79.9746
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneAnnie's Craft Co. (Net ID: 00:02:61:19:6C:00)34.0544, -118.244
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 23 20:32:58 2023 GMT Not After : Jun 21 20:32:57 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc: 59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01: 7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be: 0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa: 26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8: 92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd: c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed: 95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5: c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4: 72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c: 13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce: 3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6: be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1: ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14: 9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31: 9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02: ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60: db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23: 66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d: 1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29: 9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46: 76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb: 5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2: c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87: 99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1: d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e: cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6: 3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7: 6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e: 4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4: 1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e: 5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40: 7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71: 68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94: 83:4a:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 23 21:32:58.351 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:F9:02:68:04:DD:BD:03:2E:AE:18:AA: AF:0D:3B:37:54:0B:65:42:08:02:43:59:39:EA:4E:E4: 74:9E:81:C9:7F:02:21:00:A3:06:40:AE:98:69:3E:CB: 1F:F6:11:FA:78:DC:13:53:6B:E1:77:75:9F:C2:16:A0: DB:C3:04:86:97:E4:3C:C0 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Mar 23 21:32:58.367 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:7A:A2:EB:6D:CE:11:7A:04:E7:47:C4:C2: 44:9A:BB:45:2B:47:3C:26:06:C5:A4:73:04:05:59:C0: EA:D7:C9:86:02:21:00:96:12:0C:16:C7:15:09:8E:8E: 23:55:5D:FF:D3:4D:29:B3:21:12:6C:94:18:E0:30:4E: 4A:D0:D6:81:62:80:25 Signature Algorithm: sha256WithRSAEncryption 54:a4:7f:41:90:b7:5a:58:4b:b5:6b:68:ea:db:5a:92:b3:b2: 5b:7b:19:af:8a:ab:f1:af:c0:c8:97:4c:34:bf:3f:32:11:7b: ef:8b:7e:76:7a:87:16:2c:1f:d0:41:d1:c1:02:b1:37:57:af: 4c:2b:b8:7b:75:a1:66:6d:db:db:ab:82:a1:fd:0c:b1:09:1f: f6:3b:6f:e4:40:6a:6c:5b:ef:1d:46:ef:b3:b7:e2:09:40:10: a0:d1:48:3e:99:ab:85:a3:c4:4c:9c:38:4c:86:5d:05:6c:1b: 02:ea:8a:b9:cd:33:f5:2b:4f:92:81:81:2f:e1:d6:b3:a5:e1: b8:f6:e8:c6:e4:af:f3:a4:96:e9:02:f8:de:c5:31:3b:03:6b: a3:c1:43:ea:01:84:7b:d7:65:c2:7b:26:5b:45:8b:c9:00:4a: bf:64:80:db:bc:e4:35:f5:31:8b:1a:49:c1:a9:b6:8d:8f:59: 62:4e:f9:b9:59:d2:7d:9b:3a:75:2f:82:0e:77:1f:fa:cc:3b: 4e:90:c2:ba:e9:1d:4c:b0:a0:53:8e:4b:72:4b:e7:12:e4:36: 5a:97:fc:6e:97:fc:a5:f5:76:de:6f:cd:f5:6d:3f:07:f6:75: e6:97:55:45:a3:14:55:0c:ff:89:33:2c:76:5f:49:b1:2d:bb: 1e:69:4c:4d battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:21:0C:9F)37.7642, -122.3993
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f603759cec44a-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:31:27Affiliate - Email AddressNoE-Mail Address Extractor0040Noneabuse@namecheap.comDomain Name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com Updated Date: 2022-10-23T13:11:02.954Z Creation Date: 2022-09-09T13:47:20.593Z Registry Expiry Date: 2023-09-09T13:47:20.593Z Registrar: NAMECHEAP Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Fax: REDACTED FOR PRIVACY Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: wesley.ns.cloudflare.com Name Server: rachel.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<< For more information on domain status codes, please visit https://icann.org/epp The WHOIS information provided in this page has been redacted in compliance with ICANN's Temporary Specification for gTLD Registration Data. The data in this record is provided by Uniregistry for informational purposes only, and it does not guarantee its accuracy. Uniregistry is authoritative for whois information in top-level domains it operates under contract with the Internet Corporation for Assigned Names and Numbers. Whois information from other top-level domains is provided by a third-party under license to Uniregistry. This service is intended only for query-based access. By using this service, you agree that you will use any data presented only for lawful purposes and that, under no circumstances will you use (a) data acquired for the purpose of allowing, enabling, or otherwise supporting the transmission by e-mail, telephone, facsimile or other communications mechanism of mass unsolicited, commercial advertising or solicitations to entities other than your existing customers; or (b) this service to enable high volume, automated, electronic processes that send queries or data to the systems of any Registrar or any Registry except as reasonably necessary to register domain names or modify existing domain name registrations. Uniregistry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. All rights reserved. Domain name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-09T13:47:20.59Z Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Name Server: rachel.ns.cloudflare.com Name Server: wesley.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:03:43Internet NameNoDNS Resolver0040Nonevscode.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://vscode.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'Title': {u'string': [u'vscode.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'104.21.71.14']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}]
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.228): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:27Internet NameNoURLScan.io0010Nonekekw.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:46:03:E4:6F)34.0544, -118.244
2023-05-12 02:55:18Netblock MembershipNoCensys6030None46.101.128.0/1746.101.229.70
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040None3333 1370 (Net ID: 00:0F:CC:6D:BD:34)32.8608, -79.9746
2023-05-12 02:54:21Linked URL - InternalNoWeb Spider4040Nonehttp://vscode.battleb0t.xyz/cdn-cgi/styles/main.csshttp://vscode.battleb0t.xyz/
2023-05-12 03:32:19Open TCP PortNoPulsedive0030None188.114.97.10:8443188.114.97.0/24
2023-05-12 03:19:17Web FrameworkNoWeb Framework Identifier0030NonejQuery<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.149): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:35Name Server (DNS NS Records)NoDNS Raw Records0010Nonebrett.ns.cloudflare.comayhu.xyz
2023-05-12 02:46:38BGP AS MembershipNoRIPE0030None13335172.67.128.0/20
2023-05-12 03:33:44Raw File Meta DataNoBinary String Extractor0040NonemntrRGB XYZ desc trXYZ <mluc -mluc 3`-O! 6fD` N@e@8 s$01@H @jlveI B4Pic .E"E3@YB 8RktA -B09: FRp.PD A7e k `kfZb A8tSNJ 4j@Q4 H8@I" `Y@A4 !Ot-T Hh4@OFx4 @2RIA .MoFZ S>J9` 1tjP@ A!<Il 3rInvMB 6flJ$ bPD1T_aAc _`0Zp 1 QVQ `MXp<K M39CvX JtP5A wtIXB -3nB- rtiC 1@f!X I.ABD '`jh tj!HC Fyv3/ -ApI 99pfaHF /jMql 5Oy@8U2Q9 Mpi.` y5_@. sTiQJ 4Qfqml wc7nAS 3fti0 w2MrS ?O`OU E7-B/ PQj@fQod 'ASM6 'aC_@ >JkA8 ks< j nP?2P 5z'0i ALQxL `-DJE -HqnK LSq a S`j68 sV\0i7 IIA4K/ a/L K R3E5H $ii/aD<V @9qEkj fdcK- k\p/ e<@E7 TPkZAY o@i>K IT 'v Ip@>u 9x:'F A/e7h vj/a1 BnMLh rJMD\ $5eiS r @k<rPfcnM nTqD 8JMKu -h eo 6OCil- NdZs>J H yZ4 eKvkJ MDA8n A8mJ' jTO!D wPKqVhttps://pics.battleb0t.xyz/images/fredo.PNG
2023-05-12 03:01:01Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.106): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:54Affiliate - Domain NameNoDNS Resolver0020Nonecloudflare.comleanna.ns.cloudflare.com
2023-05-12 02:50:26Physical AddressNoGLEIF0030NoneC/O REGISTERED AGENT SOLUTIONS, INC., 838 Walker Road Suite 21-2, DOVER, US-DE, US, 19904Cloudflare\, Inc.
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneWHLee (Net ID: 00:01:21:30:54:A3)41.8781, -87.6298
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}104.21.6.166
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneWHLee (Net ID: 00:01:21:30:54:A4)41.8781, -87.6298
2023-05-12 03:00:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.51): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:44Software UsedYesTool - Wappalyzer0030NoneGoogle Analyticsvscode.battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonespacebunny (Net ID: 00:11:50:23:B8:1D)50.8897, 6.0563
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.91): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:05Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.11087.248.157.102
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonevgf2002noxx (Net ID: 00:02:2D:74:6E:AA)50.1188, 8.6843
2023-05-12 03:23:19Open TCP PortNoPulsedive0030None188.114.96.5:80188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonelobste.rs (Category: tech) https://lobste.rs/u/loginlogin
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}104.21.6.166
2023-05-12 03:18:53Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Rotated 180 @ 18}https://funny.battleb0t.xyz/images/reveloder.jpg
2023-05-12 02:54:18Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8nwapi.battleb0t.xyz
2023-05-12 02:55:11Software UsedYesCensys0020Nonepureftpd87.248.157.102
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneProject management softwarebattleb0t.github.io
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0000-bigtree.github.io] https://www.openphish.com/feed.txt0000-bigtree.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneW4B3P]]00S210)>&01/54&6/%&_&'_Pa (Net ID: 00:06:66:23:00:BA)33.6170672,-111.90564645297056
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneifunny (Category: misc) https://ifunny.co/user/loginlogin
2023-05-12 02:44:17Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.111.153
2023-05-12 02:53:32Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America185.199.111.153
2023-05-12 03:03:37Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00why00.github.io
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"}
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget1020None000.dontkillmyapp.com185.199.111.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:EE:55:AC)41.8781, -87.6298
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 x-powered-by: PHP/7.4.33 content-type: text/html; charset=UTF-8 link: <https://acilacikveteriner.com/wp-json/>; rel="https://api.w.org/" transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: <REDACTED> server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" 87.248.157.102
2023-05-12 02:47:21Open TCP PortNoPulsedive0020None185.199.111.153:80185.199.111.153
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ccedd4dfe2bc6-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.6.166
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.247): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNetCBD2 (Net ID: 00:01:36:59:CB:D0)37.780462,-122.390564
2023-05-12 03:21:08Account on External SiteNoAccount Finder0020NonePicsart (Category: art) https://picsart.com/u/dawidsulejdawidsulej
2023-05-12 02:56:27HashNoHash Extractor0030None[MD5] 02ca825e4901e74c2c2d6f8e59341325<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:F6:2B:B0)33.336199,-111.89446440830702
2023-05-12 02:53:35Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 22DC:47A8:9574C0:E80210:645D792E Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100109-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683847470.229374,VS0,VE28 Vary: Accept-Encoding X-Fastly-Request-ID: ae50aba31a182a84ec5561a841cace6a8bdb972f 185.199.110.153
2023-05-12 02:55:15Physical LocationNoCensys0030NoneFrankfurt am Main, Hesse, 60306, Germany, Europe165.232.113.85
2023-05-12 02:54:13HTTP HeadersNoWeb Spider2030None{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:13 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:13 GMT", "cf-ray": "7c5f6036af1541db-EWR", "content-type": "text/css", "x-frame-options": "DENY"}https://ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneInterwrx2 (Net ID: 00:02:2D:A8:80:99)33.6170672,-111.90564645297056
2023-05-12 03:23:41Account on External SiteNoAccount Finder0080NonePinkBike (Category: hobby) https://www.pinkbike.com/u/baptiste.vauthey/baptiste.vauthey
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None50d173 (Net ID: 00:02:2D:50:D1:73)37.7642, -122.3993
2023-05-12 03:09:52Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.95
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0040Nonecloudflare{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"}
2023-05-12 03:34:24Affiliate - IP AddressNoDNS Look-aside1030None45.131.109.4745.131.109.53
2023-05-12 03:16:25UsernameNoAccount Finder1010Nonedawid.sulejDawid Sulej
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-experiments.github.io] https://www.openphish.com/feed.txt0-experiments.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050None^D^M^L^W^]^C^A^U^M^Y^E^L^_^R^G (Net ID: 00:05:5D:D9:90:56)33.6170672,-111.90564645297056
2023-05-12 02:54:23Raw Data from RIRsNoCensys0040None{"last_updated_at": "2023-05-11T18:43:25.661Z", "ip": "2600:1f18:2489:8201::c8", "location_updated_at": "2023-05-10T22:49:08.075439Z", "autonomous_system_updated_at": "2023-05-10T22:49:08.075529Z", "location": {"province": "Washington", "city": "Seattle", "country": "United States", "coordinates": {"latitude": 47.5413, "longitude": -122.3129}, "postal_code": "98108", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"admirable-sawine-258e70.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:07:13.274900003Z"}, "elegant-lamarr-f016a5.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-26T12:07:06.626972022Z"}, "awesome-saha-1063e8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:33.221704149Z"}, "sinfitobahia.org.br": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:41:58.372964765Z"}, "docs.avohq.io": {"record_type": "CNAME", "resolved_at": "2023-03-28T16:11:01.233563954Z"}, "125summer.tech": {"record_type": "AAAA", "resolved_at": "2023-04-08T21:50:10.818543379Z"}, "elastic-panini-108062.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:25.879261834Z"}, "au.podandparcel.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T16:00:18.714848447Z"}, "vocal-zuccutto-9a1234.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:56.238760539Z"}, "elektra-preview.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:07:46.259642345Z"}, "a244ca4d-f02d-4158-9d95-f3ecc3f53891.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-02T12:06:48.489568142Z"}, "panel-v2.temettu.app": {"record_type": "CNAME", "resolved_at": "2023-03-09T20:24:59.058260947Z"}, "prod.multiomictrials.org": {"record_type": "CNAME", "resolved_at": "2023-05-11T07:03:53.434490891Z"}, "www.carobee.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T23:13:35.058671591Z"}, "imaginative-douhua-e8b30d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:16.963335570Z"}, "amazing-rosalind-d7b3f6.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:01:17.245078119Z"}, "adoring-saha-207b27.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-19T12:07:14.290654779Z"}, "admiring-shockley-79970e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T20:24:36.502830220Z"}, "melodious-choux-89c61f.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:07:33.880974154Z"}, "www.nho.agency": {"record_type": "CNAME", "resolved_at": "2023-05-09T12:14:42.515710945Z"}, "buyer-bear-80751.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-28T12:07:56.868671510Z"}, "adminapp-stg-bb.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:26.217035493Z"}, "kleffylewave.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-16T12:07:29.763936588Z"}, "www.fusion360-lessen.nl": {"record_type": "CNAME", "resolved_at": "2023-05-05T06:06:11.637299697Z"}, "pensioenbijmivena.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T12:06:16.135802084Z"}, "ww2.globhe.com": {"record_type": "CNAME", "resolved_at": "2022-12-22T22:30:15.315472377Z"}, "fo-fcmpartner.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:19.621357517Z"}, "galatea.investments": {"record_type": "AAAA", "resolved_at": "2023-03-10T15:30:44.210263044Z"}, "mellow-fox-b03dde.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:46.679121554Z"}, "www.circuitsolvr.com": {"record_type": "CNAME", "resolved_at": "2023-05-02T14:40:14.102090269Z"}, "superlative-lollipop-7e1b2d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:07:26.859419Z"}, "adoring-liskov-894667.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:05:54.034044971Z"}, "adoring-ritchie-740a79.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:21.555197218Z"}, "chefsencasa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:54.157101501Z"}, "afoodcorner.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:53.904909902Z"}, "drxmas-drugrecipts.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-01T12:08:22.715647640Z"}, "brave-darwin-3ec1aa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-12T12:06:04.788840263Z"}, "atap-website.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-07T12:06:17.618834777Z"}, "donnasite.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:07:50.141206743Z"}, "fervent-panini-403ce8.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:50.255084747Z"}, "onda-dashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-11T12:07:55.080623384Z"}, "lgs.blixem.app": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:33:56.182939800Z"}, "khi-pcr.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-10T12:06:17.044575435Z"}, "begindrop.renovate.eu.org": {"record_type": "CNAME", "resolved_at": "2023-02-22T20:42:47.682094308Z"}, "ctrrun.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:37.296522475Z"}, "taffeur.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:37:57.720116083Z"}, "blankk.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:19.086245128Z"}, "musing-pasteur-944869.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:53.217150668Z"}, "aday.taleon.com.tr": {"record_type": "CNAME", "resolved_at": "2023-03-19T18:28:30.895427718Z"}, "awesome-bell-28a875.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:08:11.875214119Z"}, "dcchigh.asd20.org": {"record_type": "CNAME", "resolved_at": "2023-03-22T20:36:34.105722416Z"}, "www.madeinjanne.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:48:29.495707139Z"}, "adairo.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T13:20:23.956589050Z"}, "maps.worlddata.ai": {"record_type": "CNAME", "resolved_at": "2023-04-26T12:14:41.745808129Z"}, "agitated-cori-358df7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-25T12:06:03.181307858Z"}, "blissful-franklin-4bf4f9.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-22T12:08:06.409034750Z"}, "www.frentelibertad.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T21:11:53.928072067Z"}, "mosquesg.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:14.395524985Z"}, "pod-flat.syndicut.io": {"record_type": "CNAME", "resolved_at": "2023-03-14T00:30:35.395497004Z"}, "ctrlup-signature.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-06T12:08:04.751075336Z"}, "ones.studio": {"record_type": "AAAA", "resolved_at": "2023-02-27T19:14:46.168703619Z"}, "www.mymedpal.app": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:07:45.700611299Z"}, "aesthetic-babka-1b6f1e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:07:41.897884021Z"}, "first-eet-kit.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:11.898889272Z"}, "moonlit-pixie-20706b.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:47.218930369Z"}, "druckzauber-erfolgreich-drucken-de.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:15.500256290Z"}, "finsteadrs.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:22.127243814Z"}, "minschkopattern.blumfelix.com": {"record_type": "CNAME", "resolved_at": "2023-05-02T05:42:07.653366604Z"}, "admirable-stardust-6a2b73.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:07:39.597845749Z"}, "drna.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:24.236571686Z"}, "clever-davinci-4e13a8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:00:56.725412657Z"}, "afli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T12:06:10.280894910Z"}, "cerulean-arithmetic-d6e551.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:50.256222789Z"}, "program.modernbikinibootcamp.de": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:01:26.680678928Z"}, "myaccountdemo.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:28.838541216Z"}, "aaronmbdev-website.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:07:03.899811400Z"}, "a11y-amadeo.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-28T12:07:43.347226879Z"}, "admin-toc-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-14T12:07:10.285250452Z"}, "base64-converter.amitk.co.in": {"record_type": "CNAME", "resolved_at": "2023-03-04T16:29:10.338273182Z"}, "data.goodgovgroup.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T03:20:40.904161459Z"}, "centurionplaza.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:01:18.561284349Z"}, "dufflapp.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:27.177014422Z"}, "www.gardentogoorganics.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T13:58:42.361808644Z"}, "adamcassidy.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T13:20:29.677591257Z"}, "adoring-kilby-3a4082.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:26.626696081Z"}, "dominiquejobin-com-static-page.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T15:33:21.084197417Z"}, "next.boxup.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T13:53:15.908090617Z"}, "adoring-ptolemy-0a1d82.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:04:04.309883028Z"}, "buildandtone.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:06.184711680Z"}, "keen-yonath-a2a70b.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-01T12:05:54.489788454Z"}, "awesome-jones-c007a7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-16T12:07:32.736095932Z"}, "musing-raman-2ebc3f.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:23.373994703Z"}, "nok-ventures.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-02T12:06:37.102772823Z"}, "cenos-docs-antennas.netlify.app": {"record_type": "AAAA", "resolved_at": "22600:1f18:2489:8201::c8
2023-05-12 03:33:53Raw File Meta DataNoBinary String Extractor0040None!22222222222222222222222222222222222222222222222222 sH GN t5ad C'Y2z OB:`S pF>oj OQTeuy YYK`s gnqV N9FX6 EQY66 1pO'94 pj'R7pz` 0Kdes xnj $ Zx<g? X2r:z T/z`A G'?QN $RpG9 Vdrnr1 mP0>Lc 1RNG\T Uwp9' YYWvz Ru?wnz a$$cp m?/_J kFpFv 2OAMYI ``VZH .NGAM yG`<c lr@?L h`NFx @JgR I?w<f E BY8 <7LqQH jLbFC0 .jG30 <.Y@O sY_kV$ `-vSX OOjLp 1D!@ ww P' vOpjN 0?.qOY 1UONy 8nGqXW0 cQ2-c 5RG8 H Gb:UW HIRA ?q'fq 7aG'x R`k xPW HC$vf P2W$g FNGP3 :TerT :sP1U qhoSo 'wwEU o_ZiP nbO\qS .Ojvv EUbNTrI 5mPdRF Df9`q JVfrI r0r3SF j0AbHa oBwg> COv!FO9 XM.Iz I@V98 1QH@bG'8 .A`A< i2wpIa 5 b V .0G5NR1 H`ePs !?36H j9c!A t4.Vel U\D!I H09'q Nj\JL fE''p Ilg4 <dRIa" pFH'q' i9'9? uO_Z\ XiH`G $pqJwd n5px$ 6GzyUhttps://funny.battleb0t.xyz/images/random_2.jpeg
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F4:A4:02)41.8781, -87.6298
2023-05-12 02:54:57BGP AS MembershipNoCensys0020None133352a06:98c1:3120::1
2023-05-12 02:55:21SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96: 1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75: 40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9: 3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08: 7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1: 5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a: f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29: e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c: 63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5: 7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4: dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63: 1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec: a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2: cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50: 67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41: 68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e: 5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d: f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66: 06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e: 93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9: 3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55: 62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89: c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22: 42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12: 36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90: 99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc: 15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47: b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10: f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40: 29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90: ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4: 1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f: 0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87: 64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e: e2:87:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 6e:81:de:04:94:c9:6d:bc:7e:82:9c:b7:57:2a:31:2b:2a:15: 1b:26:9d:e8:63:d8:bc:24:a9:a0:1e:f4:2d:8e:8b:77:72:e2: 45:09:7d:c4:f4:a1:67:74:5f:b1:6e:e3:d5:7b:46:58:74:af: 3c:f4:7f:f1:57:ba:e5:f5:ca:37:d7:63:02:f4:2b:f0:58:52: 65:e6:f9:34:c3:b2:87:a8:5a:9e:4d:cc:ad:de:a2:88:9a:d9: fb:01:e4:7d:b5:a9:46:4f:bf:42:f8:a7:e0:7c:4b:26:0d:e1: 03:f1:4d:5f:48:bd:93:91:fe:01:c1:d3:33:76:7b:4d:7a:50: 63:0e:b1:b7:18:cd:30:ef:c6:05:90:d5:58:43:01:34:1c:aa: ff:ac:8a:6d:d3:fb:4a:05:f7:40:bc:ca:04:f0:3d:5a:22:8b: 64:c2:7e:01:3e:5c:75:9a:28:80:e0:18:f5:4e:81:da:ad:98: 1b:02:b9:0a:2d:ec:15:e3:8e:9f:22:a4:7c:3a:69:7f:11:1b: f6:07:40:ec:11:96:35:36:ea:3a:5b:21:5e:98:6b:a7:33:3f: 71:d6:80:da:db:36:8a:58:96:45:25:cb:40:f8:9f:e6:4f:1b: 19:eb:29:e3:55:cb:ac:82:21:95:75:58:e6:53:4c:36:8c:6c: 15:08:cf:81 battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None^U^E^H^O^[^U^H^_^^^G^K^Z^X^E^^ (Net ID: 00:02:2D:7F:0D:E1)34.0544, -118.244
2023-05-12 02:44:28Internet NameNoDNS Resolver0020Noneayhu.xyz[{u'pubkey_sha256': u'b8939526809ab88640a6a7884ee8dcb607fb00f7e0fcea60466af2f352ad1591', u'cert_sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'revoked': False, u'not_after': u'2023-05-12T05:22:09Z', u'not_before': u'2023-02-11T05:22:10Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDOP0HOjLu88T92xvNl7C6zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzAyMTEwNTIyMTBaFw0yMzA1MTIwNTIyMDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOGCjuHkugVPWyqEZy+nobtYPZt7mFtn64J+1Cu/WN2QyWoaw56LqsavmfDUZ9HWXUVkqJx6zzQg59eXqwARoe31pklpJBe3azcWUF1NOsy93t9hAuPZS8/rhdm68fc2ZBVSSRj2qTCcSpTsw/24NTkr7leWPXwPKt+xVM2s8mD64JEzJeL2F530O3Lj56P/FxUWrQLFEUK+VaOipjp4Bp1t3/Ick6bFmxlNeg1uDFWWINRTP8zAjzuQip6iSYXyI8W1F67yrbjMq2vTkc7Ol2GVTf9zgRMiB/Akq7l6c0/aiLNuo2r2JTnXhKt5g6qQePdJ5DMQirvmLAXgHszlPdAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU96deJC4cenoqkDbfZhhrpxc2fj4wHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9fTmFMS1NHU0lFWTAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9mWGJyRDA5NGl5US5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAAm86rbPU9UY+jUB9RqEtNsbNagh1LAcjGHZCu2KmA7sWdF+ildPgYUhnYEXpW1QtwIXMD9ROQ8NqNmcO2+fFmv29nEwHvbN33YowTi0KujSztgietwrMtbLR4i1CYT6Emxu4DUWuySMl7qRfkVQnpXce/+W4fk3ETBciS7tpUJ/JrdchA9f4Nr5MvrivapSUXDN8HngLY5nVjy6wh7ZL6ZLE4zPcIWLBYbq7XqKdcSHxPy4EXKMN7HwCCE1+moKpyhYBi5LdBFwHiBf0mAs9kLK+ixuUCcq6r2PLcJm5OMMaUoLRxiiKSvKNU5S6XjdCKjia1FdeNTyixlmVdGqIfU=', u'sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'98d7b9ddd34587a9f0ca631c67a7ef0e434801d5af54bf0a58a4414132b54b78', u'id': u'4808403185', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}, {u'pubkey_sha256': u'dc08bc7c8382f13f52efa247fc61a39cf343f06bf7ea548d231815f230797186', u'cert_sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'revoked': False, u'not_after': u'2023-07-10T04:54:49Z', u'not_before': u'2023-04-11T04:54:50Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDUCN2XyhvUwNBsU/w+kuvDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzA0MTEwNDU0NTBaFw0yMzA3MTAwNDU0NDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClZfrYebeqn81huW1hu+MHJxbT4UZY2+o1+CbYyAl+tjl5EkV/SpbCZUe8N7N2RoMIJHsyY/UHthdmIBjkGIxuFn+8gewQOMwgbSzWKWU9JBV6eCrQQzxGAxCzJ0fGLNk3GvgRqoKtAHaniAwr8RqympV2xKlLw2L5Eoc1mlBgcYkGC/WDP7M3iz3L+cKZ7pnTyAgH4cYg/B7LlXT1wXQzixs5LmOJmGK9msYTsrWV7Mvuzifn2iTxjrbmq+J6IGPhJqvoBQMwbq5Z1AImEDbuPSr0wHhZ+nfNKoi9FpQa4cTK2Fu3Ei7bEA7slHdASbNvdRgi08tYPETQBeLbqADJAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUulEpDi4duOMaunwRjTxpuyewUacwHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9UUVhRYlQ1bk1TNDAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9QWDdmUjU5eVYtcy5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBADWK0mf97bEjcvCiTJfuxX7hsITeF+N/sP1M5PXZwYdKuDLWlxMtq8PYDM5gAno91YtPm4k3HgfoZU8T27zyP7rqOreX2KDASmWMNTX9aXcIbDy/4qZKAsr87eVSibzBtmGYeTyjMYzWHUlMbk9RS4Avowrr/aAdIwGetxORLuo5pmqlbmWgYEfP+kQB5K/ydMbAnChF1+tYOcc5JEHy8+OjqotZXAWhkQ6i8LCryznoWZcbn43YwkerwtlGA3pd6/0+ZQ35/twbopWANPBk9tZaQ+QrX1OLhGVTly+Pu/Qd+BCCGNrSMzGU6lmw3kkxpyhlDF7n+89Y8N5wm1xnU9E=', u'sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'e25b9a56735c29036e5e585244fde0a2ba81adaf796b2d716bde988fd3954995', u'id': u'5073393240', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}]
2023-05-12 02:54:15Linked URL - ExternalNoWeb Spider0030Nonehttps://hypixel-api.senither.comhttps://nwapi2.battleb0t.xyz/
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:8880104.21.6.166
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-4262 (Net ID: 00:1D:D1:0B:42:60)32.8608, -79.9746
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None2WIRE115 (Net ID: 00:00:94:D4:4C:5A)41.8781, -87.6298
2023-05-12 03:10:08Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0030NoneVOIPBL Publicly Accessible PBX List [185.199.110.0/24] http://www.voipbl.org/update185.199.110.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneLocationFree.00014AEC392A (Net ID: 00:01:4A:EC:39:2A)37.7642, -122.3993
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.163): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:20Physical LocationNoCensys1040NoneSeattle, Washington, 98108, United States, North America2600:1f18:2489:8200::c8
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:443172.67.168.252
2023-05-12 03:31:31Affiliate - Email AddressNoE-Mail Address Extractor0070Nonedomain.operations@web.com Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:40:26Z Creation Date: 2018-06-27T20:51:35Z Registry Expiry Date: 2024-06-27T20:51:35Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:41:04Z Creation Date: 2018-06-27T20:51:35Z Registrar Registration Expiration Date: 2024-06-27T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32256 Registrant Country: US Registrant Phone: +1.5707088622 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Admin ID: Admin Name: PERFECT PRIVACY, LLC Admin Organization: Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Admin City: Jacksonville Admin State/Province: FL Admin Postal Code: 32256 Admin Country: US Admin Phone: +1.5707088622 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Tech ID: Tech Name: PERFECT PRIVACY, LLC Tech Organization: Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Tech City: Jacksonville Tech State/Province: FL Tech Postal Code: 32256 Tech Country: US Tech Phone: +1.5707088622 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned Registrar Abuse Contact Email: domain.operations@web.com Registrar Abuse Contact Phone: +1.8777228662 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en This listing is a Network Solutions Private Registration. Mail correspondence to this address must be sent via USPS Express Mail(TM) or USPS Certified Mail(R); all other mail will not be processed. Be sure to include the registrant's domain name in the address. The data in Networksolutions.com's WHOIS database is provided to you by Networksolutions.com for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. Networksolutions.com makes this information available "as is," and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; or (2) enable high volume, automated, electronic processes that apply to Networksolutions.com (or its systems). The compilation, repackaging, dissemination or other use of this data is expressly prohibited without the prior written consent of Networksolutions.com. Networksolutions.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5e66b449bc299e-ORD 188.114.96.1
2023-05-12 02:57:50Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://krauselab.net/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarE02F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarDE87.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: krauselab.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: krauselab.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_536"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_IE_EarlyTabStart_0xda4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_ConnHashTable<536>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_IESQMMUTEX_0_331"\n "Local\\InternetShortcutMutex"\n "IsoScope_218_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_536"\n "IsoScope_218_IESQMMUTEX_0_519"\n "IsoScope_218_IE_EarlyTabStart_0xda4_Mutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabDE76.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabE02E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "OYD0XE6J.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OYD0XE6J.txt]- [targetUID: 00000000-00000536]\n Dropped file: "9Y9YVR9G.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9Y9YVR9G.txt]- [targetUID: 00000000-00002316]\n Dropped file: "5APKTSW0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5APKTSW0.txt]- [targetUID: 00000000-00000536]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002316]\n "~DF5377A92EBB296218.TMP" has type "data"- Location: [%TEMP%\\~DF5377A92EBB296218.TMP]- [targetUID: 00000000-00000536]\n "TarE02F.tmp" has type "data"- Location: [%TEMP%\\TarE02F.tmp]- [targetUID: 00000000-00002316]\n "CabDE76.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabDE76.tmp]- [targetUID: 00000000-00002316]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "OYD0XE6J.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OYD0XE6J.txt]- [targetUID: 00000000-00000536]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "TarDE87.tmp" has type "data"- Location: [%TEMP%\\TarDE87.tmp]- [targetUID: 00000000-00002316]\n "_DD8BDE50-5BDB-11ED-8250-0800270E6663_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "CabE02E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabE02E.tmp]- [targetUID: 00000000-00002316]\n "_7E1294F2-5BD9-11ED-8250-0800270E6663_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF7333698817938F4A.TMP" has type "data"- Location: [%TEMP%\\~DF7333698817938F4A.TMP]- [targetUID: 00000000-00000536]\n "9Y9YVR9G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9Y9YVR9G.txt]- [targetUID: 00000000-00002316]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00000536]\n "~DF74DD668BCA207352.TMP" has type "data"- Location: [%TEMP%\\~DF74DD668BCA207352.TMP]- [targetUID: 00000000-00000536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002316]\n "~DF98532742D1ACFD1C.TMP" has type "data"- Location: [%TEMP%\\~DF98532742D1ACFD1C.TMP]- [targetUID: 00000000-00000536]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://krauselab.net/site.webmanifest"\n Pattern match: "https://krauselab.net"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: krauselab.net\nDNT: 1\nConnection: Keep-Alive"'}], u'threat_level': 0, u'size': None, u'job_id': u'63645cc4c15a80501d788fe5', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'suspicious_identifiers': [], u'attck_id': u'T1071.001', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Web Protocols', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_ide34.148.97.127
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00arthur00.github.io] https://www.openphish.com/feed.txt00arthur00.github.io
2023-05-12 02:55:15Raw Data from RIRsNoCensys14030None{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne165.232.113.85
2023-05-12 02:54:13Web ContentNoWeb Spider0030None/* CSS Mini Reset */ html, body, div, form, fieldset, legend, label { margin: 0; padding: 0; } table { border-collapse: collapse; border-spacing: 0; } th, td { text-align: left; vertical-align: top; } h1, h2, h3, h4, h5, h6, th, td, caption { font-weight:normal; } img { border: 0; } /* Fonts */ @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-Bold'), url('./fonts/AvenirNext-Bold.woff2'); font-weight: 700; font-style: normal; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-BoldItalic'), url('./fonts/AvenirNext-BoldItalic.woff2'); font-weight: 700; font-style: italic; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-DemiBold'), url('./fonts/AvenirNext-DemiBold.woff2'); font-weight: 600; font-style: normal; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-DemiBoldItalic'), url('./fonts/AvenirNext-DemiBoldItalic.woff2'); font-weight: 600; font-style: italic; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-Heavy'), url('./fonts/AvenirNext-Heavy.woff2'); font-weight: 900; font-style: normal; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-HeavyItalic'), url('./fonts/AvenirNext-HeavyItalic.woff2'); font-weight: 900; font-style: italic; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-Italic'), url('./fonts/AvenirNext-Italic.woff2'); font-weight: 400; font-style: italic; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-Medium'), url('./fonts/AvenirNext-Medium.woff2'); font-weight: 500; font-style: normal; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-MediumItalic'), url('./fonts/AvenirNext-MediumItalic.woff2'); font-weight: 500; font-style: italic; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-Regular'), url('./fonts/AvenirNext-Regular.woff2'); font-weight: 400; font-style: normal; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-UltraLight'), url('./fonts/AvenirNext-UltraLight.woff2'); font-weight: 200; font-style: normal; } @font-face { font-family: 'Avenir Next'; src: local('AvenirNext-UltraLightItalic'), url('./fonts/AvenirNext-UltraLightItalic.woff2'); font-weight: 200; font-style: italic; } /* Site Styles */ :root { --c-primary: rgb(209, 197, 173); --c-secondary: rgba(200,200,200,.85); --c-tertiary: hsl(88, 25%, 11%, .5); --v-space: 6rem; --canvas-height: 80vh; --f-weight: 600; --border-radius: min(10vw, var(--v-space)); } html { font-size: 16px; line-height: 1.5; background: rgb(15, 15, 16); /* font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", sans-serif; */ font-family: "Avenir Next", Avenir, "Helvetica Neue", sans-serif; color: var(--c-secondary); box-sizing: border-box; } .canvas-container { position: fixed; top: 0; right: 0; left: 0; height: 100vh; z-index: 1; pointer-events: none; } a { color: var(--c-primary); /* text-decoration: none; */ font-weight: var(--f-weight); } a:hover { text-decoration: none; } main { /* visibility: hidden; */ display: grid; grid-template-columns: 1fr 6fr 4fr 1fr; grid-template-rows: 1fr 3fr auto; grid-template-areas: ". header header ." ". intro . ." ". timeline timeline ." "footer footer footer footer"; } .logo { margin: var(--v-space) 0 0 0; opacity: 0; will-change: opacity; grid-area: header; align-self: end; } .no-js .logo { opacity: 1; } .loaded .logo { animation-name: fadeIn; animation-duration: 2s; animation-delay: .25s; animation-timing-function: ease-out; animation-fill-mode: forwards; } .logo a { font-size: 6.5rem; font-weight: 700; line-height: 0.8; text-decoration: none; } .type-primary { font-weight: var(--f-weight); font-size: 3rem; line-height: 1.4; } .intro { /* z-index: 2; */ opacity: 0; will-change: opacity; margin: var(--v-space) 0; grid-area: intro; align-self: end; } .no-js .intro { opacity: 1; } .loaded .intro { animation-name: fadeIn; animation-duration: 2.2s; animation-delay: .5s; animation-timing-function: ease-out; animation-fill-mode: forwards; } .timeline { grid-area: timeline; } .timeline-entry { z-index: 2; background: var(--c-tertiary); backdrop-filter: saturate(180%) blur(40px); -webkit-backdrop-filter: saturate(180%) blur(40px); position: relative; padding: calc(var(--v-space)/2) 0; display: grid; grid-template-columns: 1fr 5fr 5fr 1fr; grid-template-rows: auto; grid-template-areas: ". co description ."; } .timeline-entry:first-child { border-top-left-radius: var(--border-radius); border-top-right-radius: var(--border-radius); } .timeline-entry:last-child { border-bottom-left-radius: var(--border-radius); border-bottom-right-radius: var(--border-radius); } .timeline-co { margin: calc(var(--v-space) * .5) 0 0; grid-area: co; } .timeline-co a { color: var(--c-primary); } .timeline-time { display: block; } .timeline-description { margin: calc(var(--v-space) * .5) 0 0; font-weight: normal; font-size: 1.5rem; line-height: 1.4; grid-area: description; } footer { grid-area: footer; display: grid; grid-template-columns: 1fr 5fr 5fr 1fr; grid-template-rows: auto; grid-template-areas: ". p p ." } footer .footer-content { z-index: 1; padding: var(--v-space) 0; font-weight: var(--f-weight); font-size: 1.5rem; line-height: 1.4; grid-area: p; } @media only screen and (max-width: 834px) { :root { --v-space: 4rem; } html { font-size: 14px; } main { grid-template-columns: 1fr 8fr 2fr 1fr; } } @media only screen and (max-width: 736px) { :root { --v-space: 3rem; } html { font-size: 12px; } main { grid-template-columns: 1fr 10fr 0fr 1fr; } .timeline-entry { grid-template-columns: 1fr 5fr 5fr 1fr; grid-template-rows: 1fr auto; grid-template-areas: ". hr hr ." ". co co ." ". description description ."; } } @keyframes fadeIn { 0% { opacity: 0; } 100% { opacity: 1; } }https://battleb0t.xyz/./src/style.css?4
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-cache-status: REVALIDATED{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"}
2023-05-12 02:47:46Open TCP PortNoPulsedive0030None34.74.170.74:44334.74.170.74
2023-05-12 02:44:24Software UsedYesTool - Wappalyzer0020NoneOpen Grapholdfluid.battleb0t.xyz
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.154): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:40Open TCP PortNoPulsedive0030None188.114.96.15:80188.114.96.0/24
2023-05-12 02:59:57Affiliate - Email AddressNoE-Mail Address Extractor0030Nonesupport@bigmarker.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=5673cc9137db&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:1480:304:WilStaging_02"\n "SM0:1480:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:1480:120:WilError_01"\n "Local\\SM0:1480:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.136:443"\n "13.227.21.58:443"\n "13.227.74.64:443"\n "185.199.108.153:443"\n "74.125.137.157:443"\n "142.250.191.68:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\edge_autofill_global_block_list.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sync data\\leveldb\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\7c516a82-27f5-4723-be57-30a8336c14b5.tmp"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\service worker\\database\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6236_1468670677\\shopping.js]- [targetUID: 00000000-00006236]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001308]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6236_1265273683\\Ruleset Data]- [targetUID: 00000000-0000623
2023-05-12 02:48:12Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://angular-ui.github.io/ui-router/release/angular-ui-router.min.js', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6920:304:WilStaging_02"\n "SM0:6920:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6920:304:WilStaging_02"\n "Local\\SM0:6920:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"angular-ui.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\visited links"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00002648]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.32\\Ruleset Data]- [targetUID: 00000000-00005644]\n "wallet-stable.json" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15267.15264.1\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00005644]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00005644]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\5644_303687537\\wallet.bundle.js]- [targetUID: 00000000-00005644]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\5644_1498271732\\Filtering Rules]- [targetUID: 00000000-00005644]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00002648]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5644_303687537\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00005644]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5644_303687537\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00005644]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15267.15264.1\\Notification\\notification.bundle.js]- [targetUID: 00000000-00005644]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00005644]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\5644_1498271732\\Filtering Rules-AA]- [targetUID: 00000000-00005644]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00005644]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\edge_autofill_field_data.json]- [targetUID: 00000000-00005644]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00005644]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15267.15264.1\\json\\wallet\\wallet-checkout-eligible-sites.json]- [targetUID: 00000000-00005644]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\\5644_303687537\\json\\wallet\\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00005644]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00005644]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00005644]\n "safety_tips.pb" has typ185.199.110.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneEPORNER (Category: XXXPORNXXX) https://www.eporner.com/profile/login/login
2023-05-12 02:44:42Internet NameNoDNS Resolver0020Nonewww.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:22:44 2022 GMT Not After : Feb 15 13:22:43 2023 GMT Subject: CN=www.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8: 01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55: 3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01: 75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed: a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5: 3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08: ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e: 21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5: d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd: 4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7: c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b: 82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21: 90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d: 9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19: f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17: 7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81: ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad: f0:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 14:22:44.733 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:7D:43:FE:B2:8F:39:1E:47:D3:4E:E0:E7: C1:B1:8B:57:06:D2:76:ED:81:DE:13:92:4B:59:E1:0D: E1:54:A6:2E:02:20:27:F3:A5:E3:4D:A0:5B:74:9C:AE: 24:19:49:4F:5A:4D:03:EC:31:45:B7:6C:88:42:8E:2E: D2:BE:8C:FB:57:B0 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 14:22:44.759 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:67:2A:3E:AE:5B:FA:9D:21:E6:78:C9:B5: 32:84:F5:3A:5F:3D:2C:3F:95:0F:DC:A5:59:86:0D:C8: 0B:41:11:D2:02:20:63:16:72:2A:95:56:D8:41:75:BA: 49:9E:23:2F:53:25:77:A6:63:94:8C:F3:B6:53:AF:2A: A8:59:D1:A9:9C:CD Signature Algorithm: sha256WithRSAEncryption 69:f6:10:de:4a:59:85:12:cb:0c:73:ae:07:34:65:83:35:84: f1:e5:d1:1e:aa:81:f0:fa:c1:7d:ee:43:55:61:61:1e:9a:45: 59:44:67:b5:db:f6:4c:78:25:c7:53:7c:97:8b:4a:fb:11:dc: e0:51:d3:53:45:91:34:32:cb:90:47:86:dc:ed:a1:bd:fc:40: e0:a4:14:29:bc:25:da:55:40:59:c3:ef:db:fe:30:93:c5:20: 36:cc:8b:d7:fc:4b:50:d2:9b:3f:37:90:2f:31:18:82:e6:3f: 62:9d:55:68:5f:c7:cc:a4:c8:0d:5f:fd:5c:04:b8:f7:81:3f: f8:b5:3b:7a:5a:ce:e7:04:7f:b8:8e:e7:e7:b8:de:fe:45:18: 97:a0:82:7c:ec:ee:27:75:85:c8:99:88:62:de:9e:d4:17:24: 92:d4:62:f4:bf:04:0c:53:8e:c9:0d:cf:b1:fe:cf:33:b8:c3: de:c2:59:25:4d:da:c4:cc:15:c1:19:62:b5:0e:04:65:79:3e: 2f:e1:2d:3a:0e:b5:1f:59:5f:24:31:fb:44:b9:a9:7b:5b:d0: 1a:d5:2d:c5:8a:f4:b5:d2:15:a9:55:4e:d6:8d:41:10:d0:3d: 11:3d:f3:ae:e5:6d:45:ec:47:8d:7f:36:ac:00:31:76:64:4a: f9:2f:a2:25
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:90:53:D7)33.336199,-111.89446440830702
2023-05-12 02:55:21Raw Data from RIRsNoCensys13030None{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh207.154.228.169
2023-05-12 02:54:20Open TCP PortNoCensys0040None2600:1f18:2489:8200::c8:4432600:1f18:2489:8200::c8
2023-05-12 02:54:57Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c4567d3ec4c10ff-ORD 2a06:98c1:3120::1
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneU+LGNetCF52 (Net ID: 00:01:36:5B:CF:50)34.0544, -118.244
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0040NoneCloudFlare, Inc. Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2017-05-24T17:44:01Z Creation Date: 2009-02-17T22:07:54Z Registry Expiry Date: 2024-02-17T22:07:54Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS3.CLOUDFLARE.COM Name Server: NS4.CLOUDFLARE.COM Name Server: NS5.CLOUDFLARE.COM Name Server: NS6.CLOUDFLARE.COM Name Server: NS7.CLOUDFLARE.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2021-09-27T15:18:45Z Creation Date: 2009-02-17T22:07:54Z Registrar Registration Expiration Date: 2024-02-17T22:07:54Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Name Server: ns3.cloudflare.com Name Server: ns4.cloudflare.com Name Server: ns5.cloudflare.com Name Server: ns6.cloudflare.com Name Server: ns7.cloudflare.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.147): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:53Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.96
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.13): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:02UsernameNoAccount Finder3070Nonebaptiste.vautheybaptiste vauthey
2023-05-12 02:55:54Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3956"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_IE_EarlyTabStart_0x9f4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_ConnHashTable<3956>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_f74_IESQMMUTEX_0_519"\n "IsoScope_f74_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /thumbnails/uploads/d8ae1b25aa854ca8ba94e43e11956f76.jpg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor-images.s3.amazonaws.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /thumbnails/uploads/d8ae1b25aa854ca8ba94e43e11956f76.jpg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor-images.s3.amazonaws.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance':104.196.30.220
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html last-modified: Wed, 17 Jun 2020 20:01:33 GMT accept-ranges: bytes content-length: 163 date: <REDACTED> server: LiteSpeed 87.248.157.102
2023-05-12 02:55:40Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://bouncefitness.precisiongroup.com.au/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_344_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_344_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_344_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_344_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_344_IE_EarlyTabStart_0xbac_Mutex"\n "IsoScope_344_ConnHashTable<836>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.166:80"\n "104.21.6.166:443"\n "142.250.189.202:443"\n "172.217.12.104:443"\n "172.217.164.99:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2016 Twitter, Inc." (Indicator: "twitter")\n "<a class="elementor-icon elementor-social-icon elementor-social-icon-twitter elementor-repeater-item-37c2364" target="_blank">" (Indicator: "twitter")\n "<i class="fab fa-twitter"></i></a>" (Indicator: "twitter")\n "<noscript><style id="rocket-lazyload-nojs-css">.rll-youtube-player, [data-lazy-src]{display:none !important;}</style></noscript>" (Indicator: "youtube")\n "<span class="elementor-screen-only">Twitter</span>" (Indicator: "twitter")\n "function Ey(a,b){var c=this;return b}Ey.O="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Fy=["www.youtube.com","www.youtube-nocookie.com"],Gy,Hy=!1;" (Indicator: "youtube")\n "function Ry(a,b){var c=this;return b}Ry.O="internal.enableAutoEventOnYouTubeActivity";var Sy;function Ty(a){var b=!1;return b}Ty.O="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},Q(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Qh.ka+"&cx=c";cs()&&(f+="&sign="+Qh.ue);var g=fi||hi?bs(b,f):void 0;g||(g=Po("https://","http://",Qh.Jd+f));Rl().destination[a]={state:1,context:c};mc(g)}};function ds(){if(vl()){return!0}return!1};var gs=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),hs={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},is={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20544 version 1.1"- [targetUID: N/A]\n "~DFAE12B4DD5D9EF57E.TMP" has type "data"- Location: [%TEMP%\\~DFAE12B4DD5D9EF57E.TMP]- [targetUID: 00000000-00000836]\n "lazyload.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "548YBEKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\548YBEKT.txt]- [targetUID: 00000000-00002848]\n "solid.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "P8ST09HS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P8ST09HS.txt]- [targetUID: 00000000-00000836]\n "style.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "preloaded-elements-handlers.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "webpack.runtime.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "frontend-modules.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_17DA973C-BEDC-11ED-8783-080027090D53_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "animations.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "waypoints.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "post-1477_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "wp-polyfill.min_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "bounce_logo_2_.png" has type "PNG image data 264 x 130 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "swiper.min_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "flexslider_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\ufffd\ufffd3>q\ufffd\ufffd[>\ufffd\ufffdd\ufffd*CgY\ufffdI\u043b\ufffd\xb9*\ufffdS\ufffdS\ufffd=\ufffd:\ufffdw\ufffdb/~\ufffd\ufffd\ufffd\ufffd?<<\ufffd{\ufffdT \ufffd\ufffdM\ufffdZ0\ufffd\ufffd\ufffdF\ufffd,\ufffdU\ufffd]\ufffd\ufffdtll\ufffdM\ufffd\ufffd[\ufffd\ufffd\u06be\ufffd\ufffd\ufffddz\ufffd\ufffd;\ufffd7\ufffd\ufffdN\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffdn#\ufffd\ufffdN>@)mN\ufffd?>\ufffd\ufffd\ufffd\u0785R\ufffd\ufffd`\uac7e\ufffdQ\ufffd$z/\ufffd2\ufffd\ufffdx\ufffdM\ufffdG\ufffdk\ufffdf6Ip\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdg\ufffd\ufffdnX4d\ufffd\ufffd\ufffde.0.\ufffd\ufffd\ufffd!/\ufffd\ufffd\ufffd\ufffd^\ufffd=z\ufffd5\ufffd\ufffd\ufffd\ufffd\'\ufffdhCh\ufffd7\ufffd\u0290\ufffd\ufffd\ufffd\ufffdj\ufffd:\u0760\ufffd\u059eUP?\ufffd\ufffdU\ufffdH+h\ueb420\ufffd\ufffd\ufffd\ufffd\ufffd[\ufffdh\ufffd3D\ufffd\ufffd*\ufffdS\ufffdzWAD7!\ufffd>\ufffdd\ufffdBhm\ufffd{fK\ufffdz\ufffd\ufffd"\n Pattern match: "T.HZ/1\ufffd\ufffd\ufffd\ufffd\ufffdb\u02ca\ufffd1"\n Pattern match: "https://twitter.com/intent/tweet?text={text"\n Pattern match: "https://+a+.google-analytics.com/g/collect},IA=function(){var"\n Pattern match: "http://www.w3.org/2000/svg,svg"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://getbootstrap.com"\n Pattern match: "https://fontawesome.com"\n Pattern match: "http://api.jqueryui.com/position/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://jqueryui.com"\n Pattern match: "http://swiperjs.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://jqueryui.com*"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css"\n Pattern match: "https://wp-rocket.me"\n Pattern match: "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%20Slab%3A100%2C100italic%2C200%2C200it"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/my-account/"\n Pattern match: "http://www.w3.org/2000/svg\'%20view104.21.6.166
2023-05-12 03:00:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.55): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:32Web TechnologyNoTool - WhatWeb0030NoneHTML5vscode.battleb0t.xyz
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:53:10:73)33.617190550339146,-111.90827887019054
2023-05-12 02:44:15Internet NameNoDNS Resolver2020Nonenuke.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:00:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.57): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:19Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.110.153
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneSoundCloud (Category: music) https://soundcloud.com/AltpapierAltpapier
2023-05-12 03:09:38Affiliate - Internet NameNoDNS Resolver0040None230.30.196.104.bc.googleusercontent.com104.196.30.230
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00d.github.io] https://www.openphish.com/feed.txt00d.github.io
2023-05-12 02:53:15IP AddressNoMnemonic PassiveDNS0010None185.199.109.153battleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f605eb97732c7-EWR{"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"}
2023-05-12 02:44:15Software UsedYesTool - Wappalyzer0020NoneHTTP/3nwapi2.battleb0t.xyz
2023-05-12 02:48:50Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 2, u'threat_score': 39, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'scale.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b74_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_b74_IESQMMUTEX_0_519"\n "IsoScope_b74_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b74_IE_EarlyTabStart_0xc7c_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1057', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-573', u'attck_id': u'T1057', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "iexplore.exe" with commandline "SCODEF:2932 CREDAT:275457 /prefetch:2" (UID: 00000000-00003740)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1057', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-573', u'attck_id': u'T1057', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "iexplore.exe" with commandline "SCODEF:2932 CREDAT:275457 /prefetch:2" (UID: 00000000-00003740)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-21', u'name': u'Launches a browser', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Launches browser "iexplore.exe" (UID: 00000000-00003740)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "13.227.78.82:443"\n "104.17.24.14:443"\n "142.251.214.130:80"\n "104.17.68.176:443"\n "157.240.22.25:80"\n "157.240.22.25:443"\n "13.227.74.4:443"\n "13.227.74.28:443"\n "104.19.154.83:443"\n "104.17.214.204:443"\n "34.107.204.85:443"\n "142.251.46.238:443"\n "142.251.214.130:443"\n "142.250.191.34:443"\n "13.227.74.9:443"\n "216.239.32.178:443"\n "151.101.24.157:443"\n "169.150.221.147:443"\n "104.16.101.12:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.googleadservices.com"\n "connect.facebook.net"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"analytics.twitter.com"\n "connect.facebook.net"\n "data.pendo.io"\n "js.hs-banner.com"\n "track.hubspot.com"\n "ws.zoominfo.com"\n "www.googleadservices.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<!DOCTYPE html><html><head><meta charSet="utf-8"/><title>Accelerate the Development of AI Applications | Scale AI</title><meta name="description" content="Trusted by world class companies\n Scale delivers high quality training data for AI applications such as self-driving cars\n mapping\n AR/VR\n robotics\n and more."/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" content="@scale_AI"/><meta name="twitter:creator" content="@scale_AI"/><meta property="og:title" content="Accelerate the Development of AI Applications | Scale AI"/><meta property="og:description" content="Trusted by world class companies\n Scale delivers high quality training data for AI applications such as self-driving cars\n mapping\n AR/VR\n robotics\n and more."/><meta property="og:url" content="https://scale.com/"/><meta property="og:type" content="website"/><meta property="og:image" content="https://www.scale.com/static/images/global/facebook.png"/><meta property="og:image:alt" content="OG Image Alt"/><meta propert" (Indicator: "twitter")\n "ite">press@scale.com</a></li><div class="flex gap-3 mt-8 text-neutral-400"><a href="https://twitter.com/scale_ai"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="w-5 h-5 duration-300 ease-in-out fill-current transition-color hover:text-white"><path d="M7.55 21.75c9.055 0 14.008-7.503 14.008-14.008 0-.21-.004-.426-.014-.637A9.999 9.999 0 0024 4.555c-.898.4-1.85.66-2.826.774a4.95 4.95 0 002.165-2.723 9.897 9.897 0 01-3.126 1.195 4.93 4.93 0 00-8.394 4.49A13.985 13.985 0 011.673 3.15a4.93 4.93 0 001.523 6.57 4.93 4.93 0 01-2.23-.614v.061a4.922 4.922 0 003.95 4.828 4.894 4.894 0 01-2.221.085A4.934 4.934 0 007.292 17.5 9.875 9.875 0 010 19.54a13.969 13.969 0 007.55 2.211z"></path></svg></a><a href="https://www.facebook.com/scaleapi"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="w-5 h-5 duration-300 ease-in-out fill-current transition-color hover:text-white"><path d="M24.147 12.073C24.147 5.405 18.74 0 12.073 0S0 5.405 0 12.073C0 18.1 4.415 23.094 10.187 24v-8.437H7.12v-3.49h" (Indicator: "facebook.com")\n "3.066v-2.66c0-3.025 1.802-4.697 4.56-4.697 1.32 0 2.703.236 2.703.236v2.971h-1.523c-1.5 0-1.967.93-1.967 1.887v2.263h3.348l-.535 3.49H13.96V24c5.772-.906 10.187-5.9 10.187-11.927z"></path></svg></a><a href="https://www.linkedin.com/company/scaleai"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="w-5 h-5 duration-300 ease-in-out fill-current transition-color hover:text-white"><path d="M22.223 0H1.772C.792 0 0 .773 0 1.73v20.536C0 23.222.792 24 1.772 24h20.451c.98 0 1.777-.778 1.777-1.73V1.73C24 .773 23.203 0 22.223 0zM7.12 20.452H3.558V8.995H7.12v11.457zM5.34 7.434a2.064 2.064 0 110-4.125 2.063 2.063 0 010 4.125zm15.112 13.018h-3.558v-5.57c0-1.326-.024-3.037-1.852-3.037-1.851 0-2.133 1.449-2.133 2.944v5.663H9.356V8.995h3.413v1.566h.047c.473-.9 1.636-1.852 3.365-1.852 3.605 0 4.27 2.372 4.27 5.457v6.286z"></path></svg></a></div></ul></li></ul></nav><div class="flex text-xs md:text-sm justify-between flex-col md:flex-row pt-6 md:mt-12 pb-12 border-neutral-800 border-t"><span class="text-neutr" (Indicator: "linkedin.com")\n ""nonGoogleScripts":["__bzi","__twitter_website_tag"]}" (Indicator: "twitter")\n "{state:0,transportUrl:b,context:c,parent:Kl()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ia+"&cx=c";ns()&&(f+="&sign="+Jh.We);var g=Sh||Uh?ms(b,f):void 0;g||(g=Yo("https://","http://",Jh.ve+f));El().destination[a]={state:1,context:c,parent:Kl()};mc(g)}};function os(){if(Cl()){return!0}return!1};var rs=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ss={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ts={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "function Sy(a,b){var c=this;return b}Sy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ty=["www.youtube.com","www.youtube-nocookie.com"],Uy,Vy=!1;" (Indicator: "youtube")\n "g})};return{store:function(g,h){var m=f(g);m?m.button=h:e.push({form:g,button:h})},get:function(g){var h=f(g);return h?h.button:null}}}function d(e,f,g,h,m){var n=Kv("fsl",g?"nv.mwt":"mwt",0),p;p=g?Kv("fsl","nv.ids",[]):Kv("fsl","ids",[]);if(!p.length)return!0;var q=Gv(e,"gtm.formSubmit",p),r=e.action;r&&r.tagName&&(r=e.cloneNode(!1).action);q["gtm.elementUrl"]=r;P(121);"https://www.facebook.com/tr/"===r&&P(122);if(T(79)&&"https://www.facebook.com/tr/"===r)return!0;m&&(q["gtm.formSubmitElement"]=" (Indicator: "facebook.com")\n "var dw=function(a,b,c){function d(){var g=a();f+=e?(Va()-e)*g.playbackRate/1E3:0;e=Va()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Kg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Kg*h):Math.round(n.Hi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=G.hidden?!1:.5<=Mk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Gv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "b,"vert.pix");break;case "PERCENT":Ly(d.verticalThresholds,b,"vert.pct")}Kv("sdl","init",!1)?Kv("sdl","pending",!1)||J(function(){return My()}):(Iv("sd185.199.110.153
2023-05-12 02:58:47Vulnerability - CVE MediumYesTool - testssl.sh0210NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.ayhu.xyz
2023-05-12 02:50:34Malicious IP AddressYesVirusTotal0120NoneVirusTotal [185.199.109.153] https://www.virustotal.com/en/ip-address/185.199.109.153/information/185.199.109.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonezoom (Net ID: 00:01:38:A4:44:3A)37.780462,-122.390564
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:60:0B:41)33.336199,-111.89446440830702
2023-05-12 02:59:52Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.nwapi2.battleb0t.xyz
2023-05-12 02:55:01Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer188.114.96.1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonejones (Net ID: 00:04:5A:2E:16:19)33.336199,-111.89446440830702
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-oo2.github.io] https://www.openphish.com/feed.txt0-oo2.github.io
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None0080004.github.io185.199.111.153
2023-05-12 02:53:49Open TCP PortNoCensys0020None2606:50c0:8000::153:802606:50c0:8000::153
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}172.67.168.252
2023-05-12 02:45:12Raw Data from RIRsNoipapi.co0020None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3031::ac43:8709', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3030::/46', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}2606:4700:3031::ac43:8709
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2095104.21.71.14
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:45:35Name Server (DNS NS Records)NoDNS Raw Records0010Noneleanna.ns.cloudflare.comayhu.xyz
2023-05-12 03:17:36Similar Domain - WhoisNoWhois2020NoneDomain Name: AAHU.XYZ Registry Domain ID: D289905874-CNIC Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com Updated Date: 2022-06-06T11:23:48.0Z Creation Date: 2022-04-10T16:51:06.0Z Registry Expiry Date: 2024-04-10T23:59:59.0Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Registrant Organization: See PrivacyGuardian.org Registrant State/Province: AZ Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: LINDA.NS.GIANTPANDA.COM Name Server: VIVIAN.NS.GIANTPANDA.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namesilo.com Registrar Abuse Contact Phone: +1.4805240066 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:36.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: aahu.xyz Registry Domain ID: D289905874-CNIC Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com/ Updated Date: 2023-04-10T07:00:00Z Creation Date: 2022-04-10T07:00:00Z Registrar Registration Expiration Date: 2023-04-10T07:00:00Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Registrar Abuse Contact Email: abuse@namesilo.com Registrar Abuse Contact Phone: +1.4805240066 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: REDACTED FOR PRIVACY Registrant Organization: See PrivacyGuardian.org Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Registrant City: Phoenix Registrant State/Province: AZ Registrant Postal Code: 85016 Registrant Country: US Registrant Phone: +1.3478717726 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Registry Admin ID: Admin Name: Domain Administrator Admin Organization: See PrivacyGuardian.org Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Admin City: Phoenix Admin State/Province: AZ Admin Postal Code: 85016 Admin Country: US Admin Phone: +1.3478717726 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Registry Tech ID: Tech Name: Domain Administrator Tech Organization: See PrivacyGuardian.org Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Tech City: Phoenix Tech State/Province: AZ Tech Postal Code: 85016 Tech Country: US Tech Phone: +1.3478717726 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Name Server: hugh.ns.cloudflare.com Name Server: ryleigh.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:00:00Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of high-volume, automated, electronic processes. The Data in our WHOIS database is provided for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. We do not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to us (or our computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without our prior written consent. We reserve the right to terminate your access to the WHOIS database at our sole discretion, including without limitation, for excessive querying of the WHOIS database or for failure to otherwise abide by this policy. We reserve the right to modify these terms at any time. Domains - cheap, easy, and secure at NameSilo.com https://www.namesilo.com Register your domain now at www.NameSilo.com - Domains. Cheap, Fast and Secure aahu.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneKlovenier (Net ID: 00:01:36:06:40:52)52.3759, 4.8975
2023-05-12 02:46:01Raw Data from RIRsNoAbstractAPI0030None{u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Google LLC', u'organization_name': u'Google LLC', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:00'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'104.196.30.220', u'continent': u'North America', u'region_iso_code': u'SC'}104.196.30.220
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5a3c76a8562af2-ORD"]}188.114.97.1
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "cpsession=%3aQkwdhfWxmK8h0n7J%2c873f8738210af1095901a669c6d9b2d7; HttpOnly; path=/; port=2083; secure", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2083; secure", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 02:45:46Raw Data from RIRsNoHybrid Analysis2020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamask3.cc/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xda8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"103.60.109.137:80"\n "185.199.111.153:443"\n "65.8.165.91:443"\n "58.216.15.119:443"\n "142.251.32.42:80"\n "142.251.46.163:443"\n "142.250.188.3:80"\n "104.16.89.50:443"\n "104.17.210.243:443"\n "104.17.214.243:443"\n "142.250.189.238:443"\n "142.250.188.3:443"\n "142.251.46.194:443"\n "142.251.46.230:443"\n "142.250.189.202:443"\n "172.217.164.118:443"\n "142.250.189.161:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamask3.cc"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"\n "GET /fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.embedly.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "metamask.io"\n "metamask3.cc"\n "perf.hsforms.com"\n "s4.cnzz.com"\n "static.doubleclick.net"\n "www.gstatic.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "qk.prototype.remove=function(a){this.g&&this.g.remove(a);var b=this.h;be.remove(""+a,"/",void 0===b?"youtube.com":b)};var rk=function(){var a;return function(){a||(a=new qk("ytidb"));return a}}();" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string ""undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Fp();var qq=z.onYTReady;qq&&qq();var rq=z.onYouTubeIframeAPIReady;rq&&rq();var sq=z.onYouTubePlayerAPIReady;sq&&sq();}).call(this);" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "<meta content="MetaMask - A crypto wallet &amp; gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="A crypto wallet &amp; gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "5IBMEWA7.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-close-black_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FE2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FB1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "maxresdefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1280x720 components 3" and extension "jpg"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "Unknown" and extension "png"\n "dapp-uniswap_1_.png" has type "Unknown" and extension "png"\n "dapp-gitcoin_1_.png" has type "Unknown" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "unnamed_1_.jpg" has type "Unknown" and extension "jpg"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FB0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FB0.tmp]- [targetUID: 00000000-00000852]\n "Cab1FE1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FE1.tmp]- [targetUID: 00000000-00000852]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "base_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "v2_1_.js" has type "UTF-8 Unicode text with very l185.199.111.153
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0130Nonenginx{"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 03:24:22 GMT", "content-type": "text/html"}
2023-05-12 02:44:15Software UsedYesTool - Wappalyzer0020NoneCloudflarenwapi2.battleb0t.xyz
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>nuke.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:20 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">nuke.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html>
2023-05-12 02:49:09Malicious Co-Hosted SiteYesVirusTotal0120NoneVirusTotal [github.com] https://www.virustotal.com/en/domain/github.com/information/github.com
2023-05-12 02:53:35BGP AS MembershipNoCensys0020None54113185.199.110.153
2023-05-12 02:48:44Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 22, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.opentext.com/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4204:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4204:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6036:120:WilError_01"\n "Local\\SM0:6036:304:WilStaging_02"\n "SM0:6036:120:WilError_01"\n "Local\\SM0:4204:304:WilStaging_02"\n "SM0:4204:304:WilStaging_02"\n "Local\\SM0:4204:120:WilError_01"\n "SM0:4204:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4204:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4204:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.92:443"\n "35.84.103.227:443"\n "104.19.187.97:443"\n "104.18.43.158:443"\n "104.26.6.30:443"\n "104.16.126.175:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.ot.digital"\n "cdn.cookielaw.org"\n "central.opentext.com"\n "d3js.org"\n "geolocation.onetrust.com"\n "origin.marketinghub.opentext.com"\n "rsms.me"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""sameAs": ["https://twitter.com/OpenText","https://www.youtube.com/user/opentextcorp","https://www.linkedin.com/company/opentext"]" (Indicator: "linkedin.com")\n "ls:begin[meta-twitter]-->" (Indicator: "twitter")\n "<meta name="twitter:url" content="https://www.opentext.com/homepage">" (Indicator: "twitter")\n "<meta name="twitter:title" content="OpenText | Information Management Solutions">" (Indicator: "twitter")\n "ls:end[meta-twitter]-->" (Indicator: "twitter")\n "<meta property="twitter:image" content="/assets/images/OT_ShareImage_twitter.png">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-linkedin" href="https://www.linkedin.com/company/opentext"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "linkedin.com")\n "<li class="list-inline-item"><a class="social-icon social-icon-twitter" href="https://twitter.com/OpenText"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-youtube" href="https://www.youtube.com/user/opentextcorp"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "youtube")\n "<path fill="currentColor" fill-rule="evenodd" clip-rule="evenodd" d="M27.8 14.1C27.8 14.1 27.604 12.692 27.005 12.072C26.319 11.339 25.559 11.263 25.13 11.221L25 11.207C22.203 11 18.005 11 18.005 11H17.995C17.995 11 13.797 11 10.999 11.207L10.872 11.22C10.442 11.263 9.682 11.338 8.995 12.072C8.395 12.692 8.2 14.101 8.2 14.101C8.2 14.101 8 15.755 8 17.409V18.959C8 20.613 8.2 22.267 8.2 22.267C8.2 22.267 8.395 23.675 8.995 24.295C9.627 24.971 10.421 25.069 10.929 25.131H10.93C11.034 25.144 11.124 25.155 11.2 25.169C12.8 25.326 18 25.375 18 25.375C18 25.375 22.203 25.369 25.001 25.162L25.131 25.148C25.56 25.105 26.32 25.029 27.005 24.295C27.605 23.675 27.8 22.267 27.8 22.267C27.8 22.267 28 20.613 28 18.959V17.409C28 15.755 27.8 14.101 27.8 14.101V14.1ZM15.934 15.096L15.935 20.838L21.338 17.978L15.934 15.096V15.096Z"></path></svg><span class="sr-only">OpenText on Youtube</span></a></li>" (Indicator: "youtube")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpswww.opentext.com" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_2]- [targetUID: 00000000-00004204]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45\\Ruleset Data]- [targetUID: 00000000-00004204]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4204_1570983389\\edge_driver.js]- [targetUID: 00000000-00004204]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4204_136538697\\Filtering Rules]- [targetUID: 00000000-00004204]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00004204]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004204]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004204]\n "8e9b2f83-d856-4edd-b2fc-76a0ecffee8d.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 559302"- Location: [%TEMP%\\8e9b2f83-d856-4edd-b2fc-76a0ecffee8d.tmp]- [targetUID: 00000000-00004204]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00004204]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4204_136538697\\Filtering Rules-AA]- [targetUID: 00000000-00004204]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "f_0004d6" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d6]- [targetUID: 00000000-00005988]\n "f_0004cb" has type "Web Open Font Format (Version 2) TrueType length 245036 version 1.0"- [targetUID: N/A]\n "f_0004c8" has type "Web Open Font Format (Version 2) TrueType length 227180 version 1.0"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c8]- [targetUID: 00000000-00005988]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"edge_driver.js.LICENSE.txt" has type "Unknown"- Location: [%TEMP%\\4204_1570983389\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00004204]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.opentext.com/"\n Pattern match: "https://www.opentext.com"\n Heuristic match: "cdn.cookielaw.org"\n Heuristic match: "central.opentext.com"\n Heuristic match: "d3js.org"\n Heuristic match: "geolocation.onetrust.com"\n Heuristic match: "origin.marketinghub.opentext.com"\n Heuristic ma185.199.110.153
2023-05-12 03:41:55Affiliate - Domain NameNoDNS Resolver2050Noneinflany.commail.inflany.com
2023-05-12 02:50:09Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://drivertheorytest.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f0c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_f0c_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3852"\n "IsoScope_f0c_IE_EarlyTabStart_0xee4_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f0c_IESQMMUTEX_0_303"\n "IsoScope_f0c_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f0c_ConnHashTable<3852>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ayt-wgt.hostingsiteforfree.com"\n "drivertheorytest.com"\n "www.gannett-cdn.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "loader-blue_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "TarA0C7.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarA0D9.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"drivertheorytest.com"\n "ayt-wgt.hostingsiteforfree.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"198.144.188.52:80"\n "142.251.46.202:443"\n "185.199.110.153:443"\n "151.101.2.62:443"\n "142.250.188.10:443"\n "142.251.214.131:443"\n "162.159.134.233:443"\n "199.59.243.222:80"\n "104.27.195.88:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /css?family=Lato:300,400,700|Raleway:300,400,500|Open+Sans:300,400,600,700,800 HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css?family=Lato:300,400,700|Raleway:300,400,500|Open+Sans:300,400,600,700,800 HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery.backstretch.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery.backstretch.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery.cycle.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery.cycle.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery.parallax.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery.parallax.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery-1.11.1.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery-1.11.1.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /experiments/usatoday/2015/10/poll-tracker-2016/img/loader-blue.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.gannett-cdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /experiments/usatoday/2015/10/poll-tracker-2016/img/loader-blue.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.gannett-cdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ajax.googleapis.com\nIf-Modified-Since: Tue, 20 Dec 2016 18:17:03 GMT\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: aja185.199.110.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:36:94:66)39.0469, -77.4903
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter0010NoneCN=kekw.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneProject management softwarecdn-185-199-111-153.github.com
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0040Nonecloudflare{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010Nonelikeevideo (Category: social) https://likee.video/@ayshooayshoo
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:09:48Affiliate - Internet NameNoDNS Resolver0040None76.170.74.34.bc.googleusercontent.com34.74.170.76
2023-05-12 02:51:23Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://deepkha.github.io/Tailwind-signup/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d60_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d60_IESQMMUTEX_0_303"\n "IsoScope_d60_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_d60_IE_EarlyTabStart_0xd30_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3424"\n "IsoScope_d60_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d60_ConnHashTable<3424>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.26.9.91:443"\n "157.240.22.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.tailwindcss.com"\n "deepkha.github.io"\n "facebook.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "https://twitter.com/browserslist" (Indicator: "dir "; File: "3.3_1_.js")\n Found string "<link rel="icon" type="image/png" href="https://facebook.com/favicon.ico">" (Indicator: "dir "; File: "urlref_httpsdeepkha.github.ioTailwind-signup")\n Found string "facebook.com" (Indicator: "dir "; File: "PCAP")\n Found string "GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoHost: facebook.comDNT: 1Connection: Keep-Alive" (Indicator: "dir "; File: "SSL")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarEAB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB8C.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"R_1_.png" has type "PNG image data 1722 x 362 8-bit/color RGBA non-interlaced" and extension "png"\n "favicon_4_.png" has type "MS Windows icon resource - 2 icons 16x16 32 bits/pixel 32x32 32 bits/pixel" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1560', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1560', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabEAA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabEAA.tmp]- [targetUID: 00000000-00002236]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002236]\n "CabB8B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB8B.tmp]- [targetUID: 00000000-00002236]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "3.3_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarEAB.tmp" has type "data"- Location: [%TEMP%\\TarEAB.tmp]- [targetUID: 00000000-00002236]\n "R_1_.png" has type "PNG image data 1722 x 362 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "CabEAA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabEAA.tmp]- [targetUID: 00000000-00002236]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003424]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF78A8BEEAF387A003.TMP" has type "data"- Location: [%TEMP%\\~DF78A8BEEAF387A003.TMP]- [targetUID: 00000000-00003424]\n "~DFBE6148C01EF718F9.TMP" has type "data"- Location: [%TEMP%\\~DFBE6148C01EF718F9.TMP]- [targetUID: 00000000-00003424]\n "~DF6A767D77C862A498.TMP" has type "data"- Location: [%TEMP%\\~DF6A767D77C862A498.TMP]- [targetUID: 00000000-00003424]\n "~DF3A1E273B2E6AD4CC.TMP" has type "data"- Location: [%TEMP%\\~DF3A1E273B2E6AD4CC.TMP]- [targetUID: 00000000-00003424]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003424]\n "RecoveryStore._52F6E2B5-EEAF-11ED-B3EC-08002708D529_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_4_.png" has type "MS Windows icon resource - 2 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "_52F6E2B7-EEAF-11ED-B3EC-08002708D529_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_5C0E27F4-EEAF-11ED-B3EC-08002708D529_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httpsdeepkha.github.ioTailwind-signup" has type "HTML document ASCII text"- [targetUID: N/A]\n "5G00TCG4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5G00TCG4.txt]- [targetUID: 00000000-00003424]\n "WU2AP75U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WU2AP75U.txt]- [targetUID: 00000000-00003424]\n "XHRTG3Z7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XHRTG3Z7.txt]- [targetUID: 00000000-00002236]\n "D4D4P3AW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D4D4P3AW.txt]- [targetUID: 00000000-00003424]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002236]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "THQVIILB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\THQVIILB.txt]- [targetUID: 00000000-00003424]\n "2ESYMYET.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2ESYMYET.txt]- [targetUID: 00000000-00003424]\n "GUPBTX7D.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GUPBTX7D.txt]- [targetUID: 00000000-00003424]\n "UL0I03E7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UL0I03E7.txt]- [targetUID: 00000000-00003424]\n "TarB8C.tmp" has type "data"- Location: [%TEMP%\\TarB8C.tmp]- [targetUID: 00000000-00002236]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002236]\n "CabB8B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB8B.tmp]- [targetUID: 00000000-00002236]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixe185.199.108.153
2023-05-12 02:44:37Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 04:50:12 2023 GMT Not After : Jul 23 04:50:11 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8: 3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1: dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6: a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b: 57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14: 5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e: 22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56: d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e: 20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b: 1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7: e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4: c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d: b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0: 4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51: be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49: cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed: d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c: 27:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 95:2c:18:1f:d0:91:73:33:88:ab:4e:68:d6:e3:58:9c:45:64: b3:8a:0d:c0:05:28:dd:e1:2b:f4:06:90:e5:1f:5e:3c:9c:82: f8:42:f9:9c:fc:f0:39:70:2a:ec:b3:e8:e8:27:a3:e2:22:80: 9f:b5:25:f6:b8:88:47:5f:86:6d:fa:80:87:2b:27:3e:0f:10: 6e:32:3f:e2:3c:74:e0:3c:4f:db:80:e5:a0:7b:df:70:24:e5: 0b:57:3d:66:c3:68:d9:cb:10:13:bf:3d:4b:9b:bd:e4:38:dc: 16:3b:ab:a4:bb:05:4c:21:58:ec:56:01:d3:cd:f7:e4:52:ad: 1c:0c:0e:45:9d:25:b3:ee:43:f3:93:10:64:3c:d1:8d:ef:4c: a1:a0:46:a0:9c:7a:71:16:74:1d:79:35:f7:b7:75:a9:5d:1a: 70:92:2b:c8:d4:0a:a7:04:cf:3a:2e:08:b5:53:9c:fd:91:52: 6d:bc:96:2f:53:07:7f:1a:15:71:f1:e4:9c:95:b8:03:cb:17: 25:b8:bd:2e:3d:91:c6:72:cb:50:7f:bb:42:cd:87:4e:3f:af: 01:27:cd:29:c4:cc:43:33:bb:f8:a1:ac:9f:c7:0b:d7:f6:39: 18:d3:6f:bb:a0:79:75:5a:d1:c9:35:44:91:1c:7a:a8:9d:4d: fb:9f:95:2e
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:5E:6E:39)33.336199,-111.89446440830702
2023-05-12 02:52:30Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 24, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://portal.succeedms.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6912:304:WilStaging_02"\n "SM0:6912:120:WilError_01"\n "Local\\SM0:6912:120:WilError_01"\n "SM0:6912:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"205.209.56.185:443"\n "138.91.254.96:443"\n "69.16.175.42:443"\n "142.250.189.234:443"\n "185.199.108.153:443"\n "205.234.175.175:443"\n "104.17.25.14:443"\n "151.101.65.195:443"\n "104.18.11.207:443"\n "142.250.189.195:443"\n "20.99.186.246:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "angular-ui.github.io"\n "api.edgeoffer.microsoft.com"\n "arc.msn.com"\n "cdn.ckeditor.com"\n "cdnjs.cloudflare.com"\n "code.angularjs.org"\n "code.jquery.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "maxcdn.bootstrapcdn.com"\n "portal.succeedms.com"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsportal.succeedms.com" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\shopping.js]- [targetUID: 00000000-00006260]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006260]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\edge_driver.js]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006260]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006260]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\product_page.js]- [targetUID: 00000000-00006260]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006260]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\auto_open_controller.js]- [targetUID: 00000000-00006260]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00006260]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00006260]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006260]\n "e2c201dc-abb6-4501-b956-b4b9ffeb3b35.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 96705"- Location: [%TEMP%\\e2c201dc-abb6-4501-b956-b4b9ffeb3b35.tmp]- [targetUID: 00000000-00006260]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006260]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\shoppingfre.js]- [targetUID: 00000000-00006260]\n "000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000014.ldb]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006260]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\6260_1023497038\\edge_autofill_field_data.json]- [targetUID: 00000000-00006260]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006912]\n "f_0004c8" has type "gzip compressed data from Unix original size modulo 2^32 485056"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c8]- [targetUID: 00000000-00004156]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006260]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006260]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\6260_470104041\\safety_tips.pb]- [targetUID: 00000000-00006260]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006260]\n "sslkey.txt" has type "data"- Location: [%TEMP%\\sslkey.txt]- [targetUID: 00000000-00006260]\n "Tabs_13327794733834989" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13327794733834989]- [targetUID: 00000000-00006260]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\6260_159770579\\deny_domains.list]- [targetUID: 00000000-00006260]\n "4d0843e6-a90a-4206-b16a-5bf96317da49.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\4d0843e6-a90a-4206-b16a-5bf96317da49.tmp]- [targetUID: 00000000-00006260]\n "f_0004c6" has type "gzip compressed data from Unix original size modulo 2^32 282766"- [targetUID: N/A]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "85ebca81-6b72-4b70-9587-353468916cff.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\85ebca81-6b72-4b70-9587-353468916cff.tmp]- [targetUID: 00000000-00006260]\n "1f491eff-7d04-4310-ba68-455db03d3064.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\1f491eff-7d04-4310-ba68-455db03d3064.tmp]- [targetUID: 00000000-00006260]\n "63072495-c7f1-4fa2-8e13-281e75a5446c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\63072495-c7f1-4fa2-8e13-281e75a5446c.tmp]- [targetUID: 00000000-00006260]\n "3ca9b7b0-520b-4866-a772-da63c52ee9e3.tmp" has type "UTF-8 Unicode text with very long lines185.199.108.153
2023-05-12 03:32:27Open TCP PortNoPulsedive0030None188.114.97.14:8443188.114.97.0/24
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneCommons-based peer production - Commons-based peer production is a term coined by Harvard Law School professor Yochai Benkler. It describes a model of socio-economic production in which large numbers of people work cooperatively; usually over the Internet.battleb0t.github.io
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7834.74.170.74
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:56:27HashNoHash Extractor0030None[MD5] 02ca825e4901e74c2c2d6f8e59341325<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 02:55:27BGP AS MembershipNoURLScan.io0010None13335ayhu.xyz
2023-05-12 03:18:06Externally Hosted JavascriptNoPage Information0030Nonehttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:01:00Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.100): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:30Raw Data from RIRsNoipapi.co0030None{u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'35.229.48.116', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'35.229.32.0/19', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}35.229.48.116
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}104.21.6.166
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneCIEE (Net ID: 00:01:71:0A:18:17)52.3759, 4.8975
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonePeopleMatter (Net ID: 00:18:0A:31:ED:0A)32.8608, -79.9746
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneApple Network 1f64fd (Net ID: 00:02:2D:1F:64:FD)37.7642, -122.3993
2023-05-12 03:04:14Malicious AffiliateYesabuse.ch0130Noneabuse.ch URLhaus (Domain) [cdn-185-199-109-153.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-109-153.github.com
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonexfinitywifi (Net ID: 00:0D:67:8C:21:B2)39.0469, -77.4903
2023-05-12 02:45:06SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 15:55:50 2022 GMT Not After : Mar 13 15:55:49 2023 GMT Subject: CN=vscode.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67: df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e: 90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08: 2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01: c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62: 5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb: 5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3: 2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed: 49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57: fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83: 2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64: 39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb: fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf: 4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8: 0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74: 76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b: 97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24: 3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0: c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46: 67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88: 04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85: 91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80: bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f: 4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1: 29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95: 35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57: e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4: 44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da: 1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2: 66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16: 75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a: b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2: ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd: f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad: 19:0b:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:vscode.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption af:0d:aa:ca:e8:49:20:45:87:cd:d5:1a:54:b2:f3:2b:99:ab: ae:23:1b:aa:7c:93:d6:0a:57:f8:3f:18:87:31:b9:b4:a0:14: 5a:a3:d7:53:87:49:cc:95:a4:8e:e1:e6:0d:d2:49:89:d0:ab: 31:4a:f6:af:d0:2e:c0:e4:ff:51:6e:cc:42:b1:be:91:7a:44: 1f:34:8a:46:85:68:1e:0e:8a:4d:5e:89:38:d9:54:dc:c4:97: 4b:14:0d:a0:bf:8e:67:b1:f3:85:7e:a2:d3:2c:92:11:5d:ef: 0c:b6:b8:b4:a8:a0:28:c2:c4:e0:0b:b4:93:68:16:12:66:23: a8:cb:69:a2:bf:1b:22:89:b2:38:bf:df:0d:9e:a1:33:e4:c9: 04:e1:b2:4a:cf:89:24:fc:25:18:33:fc:77:fd:48:86:24:59: 3a:69:44:1d:b2:6f:d2:51:7d:c9:04:e6:d5:a5:b1:f4:cb:92: e0:9c:0c:cd:c9:a8:1e:1c:c1:a2:77:25:27:2b:d2:9b:00:84: 3f:ea:0e:96:98:b0:aa:91:b8:e1:7d:b2:c3:5e:b2:b9:e1:e4: fe:26:7c:88:e1:94:ef:f3:1c:16:18:18:f0:eb:aa:97:f4:f5: 93:c9:a9:54:86:73:1d:9c:a1:3a:aa:11:c3:31:83:14:d1:61: dc:56:91:9e battleb0t.xyz
2023-05-12 03:36:20Open TCP PortNoPulsedive0030None188.114.97.128:8443188.114.97.0/24
2023-05-12 03:24:47CountryNoCountry Name Extractor0030NoneCanadaToronto, Ontario, ON, Canada, CA
2023-05-12 02:49:07SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 17:04:53 2023 GMT Not After : Jun 25 17:04:52 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24: 59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb: 24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c: 2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52: 95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06: 2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20: e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa: a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6: 91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20: 37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a: 50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e: 0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe: a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56: 10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77: c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4: 5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a: 4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50: 36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c: 84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e: 0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a: 98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06: 5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45: 85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81: f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b: 6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c: 69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea: b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59: 65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a: 5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50: 4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2: bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad: d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d: d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34: 1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c: 5d:09:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 24:54:79:6e:3c:79:d5:ae:a0:b8:7c:0a:ff:89:93:3d:d6:57: 91:5f:7d:e2:ea:b5:70:87:04:12:dd:cf:ba:db:1a:dd:bf:5f: 7c:c6:d9:18:6d:ca:27:ff:1c:41:bc:85:75:b0:f4:d1:5d:dc: 45:87:06:cb:1f:49:05:31:eb:49:05:f4:6b:36:41:2f:39:66: bb:c1:2a:07:32:84:55:39:1c:a4:29:9c:55:fc:c5:e4:ad:62: 54:ad:d2:25:f2:67:4f:a1:c0:d0:75:ed:4f:e4:15:2f:b9:2f: 6f:67:f4:2e:dc:7e:0d:b9:75:12:29:49:c3:67:d0:7b:f2:21: 0c:ee:8a:58:d9:43:b2:12:a1:03:39:b0:0e:c1:ea:07:d2:2f: a3:20:c3:66:05:93:88:53:7a:4d:dc:f9:b6:ec:64:81:b8:41: 97:de:f9:a9:49:80:7b:d7:0d:4d:f9:f4:92:96:1e:c7:cc:e3: 98:1b:07:be:b0:bf:bd:9e:e3:6c:c7:67:ae:92:9a:78:90:eb: a0:3f:1e:59:bd:f5:c7:ec:43:04:a4:be:44:c3:74:12:39:82: e0:e3:bf:d9:c2:3b:8e:9a:08:be:3c:f1:c4:88:72:a0:ed:59: 9a:b6:1a:ae:e9:2d:33:e0:ea:a0:55:60:b8:66:48:ca:d5:05: c4:a4:9b:ca battleb0t.xyz
2023-05-12 03:24:21Web ContentNoWeb Spider2030None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c59d97743e3')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="IzWcLwqG74V5tV1nWv6NwCgv19x6fOKHH9bpAKGqFvs-1683861861-0-AaT1IDJ8zL-HPKAcS5jW_S_lOAZThpdmCpakWJJZLTdl-YC7YmW7x0R3Esq2ci5pRxETFrXUoScSBrwB5quPRe1171zsRq5FO5HvSBsT8wSH48d6cjZBcafhFd-gYMgKn5vz-FkJUPQ0nF10-q2ubdvcw8hKSSRUsAC4C2bgwDMz0kRykTgIN5O-4hUEH_aIMPUl85RgiecFAuvX8Ivy5H7CWHsXJNLmrFihUW3yur5y4mznmwIt6LoJGKtAduIhk1MMkrSy06zOCVQNVecBCYfPFg-LQUxzu01zND8kx6XIr4D_Z7JCVLT2xHDvC0QW8SVEpEQxyz1_6w4Q_kXekAKzWUv6f2WQc9reLDcoidSiSGME_E1JbznCGlu2Qcv2UxBiUp3ZaVMVnVkjfbD8tvqsMpOiPHRoL0QGNOvZC9IWd3DmNkLVl0o7A7gZ6X6XvmxN8FN6zQ5MuokY1veB1HzJur_7DeYGkiQKi-0P2vRxvm4WDXUmU4f2tq7Esl4HSqC16vv9LBLaBAi8Z_5ASfDKC4_Qtwk5ocpapPABdtQe_KyihhYQ0p3PsebP3qabKmLOkD2fDvF3lYLd3qMvC4RgGh-YX8l7PTUCq3wEfd8Mi9e6YReBeIzcGw5PwaoMHFYsP5RhUMwk71xYoONoQnXtJO45ecOy75oe90Gm07DUOsZsURI3qtJbwRlmpa7xW_oJhMCvGoxCaFBmv4Tj_3i4JWKOMf7hpKtp919xj-jQIAWQmSIDBw3LhMZPRePjKwSZV17PsqlmFxhMjxxo_oGcprk2tlsBrXLDx9NJVWy2DHDR-TPwL1u1-c5lRkjOzwwNIlsSIltqwOI6w4aVA6MdRM9LQlE6JVGhJTOkyMSmOGg0b-gPtNYSVQZ4M0bbvY5ZejvC-622MlBNpTcTQgj-Hr5BRzvJOQNVBtKeZNEcL0V-HlUOqjgsgCuZ0n-_DmccPSp6yXjib7zziw0VsFZ51VNwFMiyAJLSoQVd1OjGuw3fSFPRsqIT0NzkM6LJJ9oyKVkZXep7mdpjCvm52q0byqZXvzL2VDAtJAJmAXjedpHk-ixt-DqOfzQw9GqcICnOaIAwGCalMfoPOf8GPEND9RClu9LRyO_FDNt75C01Varldc5Ftwg8k-rAHBToDSA8_BQdwA01UognhxgoBkv5pTU2f0H6TbryBj0d8lUJpXsYh3CtyN0y8DOT_kz_DjrrzIT964Pdi7AsCCs8mo2IE6lrD73n8Izje7P97pkFkPjlBN2jtfhSvPURw_vpTJ5ZaaFdYA9KK-YFF68xMCw6ewAMK1rkYSoe1oqSv02a9QAvlbxHhD_COD3weHDV-tI_xq_UVBQKGO4fDKE5ZB_Li_qQJ1UU8CLWZeL01WBdYpUyqwj8DSDtW_hWLGQxeKSnHsjkNN44s8ztTjWQa0EOv111zkoc_jo1-AKbBfegf0gXFbeefPUQPApaVp0ZSh976fXDUBkg-u9zIFuO8PmOpT12qOluulzM3HAWuIXPfFdKdkuM_0Ju0J2nYUnPnIIPw7-X0VlO10ISCMaRppc2X6T6WN3Me0ur-AgpXQrtaOHERtZpzl81diItC7rlhoi2hcwlyknYz9uG6Jvt4vO7CVGEkxo64WkJUYfdQcxWDVfCj5P8OtigH5bAFPrPlThHqTc5vpPnWpu_04hxNRR1-yz89uQ30xUpmEOd55phY60kcWBwhTfKO_t_0MJs_4gMTnO_VQemTQRtnrcmjKY2pn8nAizQEc0LX-nJ_4sW5z-DGM44AAFGVM5-U7o0Y7m1jXwg99HdEmqr2iPndrQh3ksnfvVAApgCg0pbwWbA71pkVfyO8vPpUv_GruozMnSwm3sFOR28jhXLHljB6WOMjmilFX-I80iAeT78A5CMWmca6g1quxd5xHVTMFnl-Ys3ieqarC7YmJ7eytJNcbcsYSdnciNL21ndjddEi22yCTG9No7nWap74I3S-XDZ5j0YJh9aMipl2sHc0u1U-Vx2vJmPYYV1MWTS_cbbT2ub5ALyjMgyaSA96qpG_Ooy4cFCkf0E0RRynEWRVadMZE1Vz5bBogaFEOjsc334EAR0zTIX8_4nnRO5mOvEVRo4ZTcKeicbfVjehihRxW1wdSDJAbbGCjjkZj3DldP4NK0vlhWlD9UbhT6NEC6tNcCjkKUECuinurOI-oV4Cegh-51bGD-UpvxqLsfIQd9QODY03eyCxUur045Y22aLoD51JCbhy39Jp0fS35dbrG4QIggvUdxGVolRMemldY1hGoUkHPtE8nB2YB7L2z90pSQRrkz2F1mucH6C2aK0d1BE2f04Z7nAiGFk7bERb053H4pvO-fGR73M06TI9KFQDNVYHk7iyF8yJ8kA23l9FgJhokSfUX3_PYhrtNIdVilfmf2nfkSfGzPgsBbAL-1WUlksPvUQq7Tut8_2gnISEhXjovKigslLYWTdPYupiAliABg3BLe_WNuc41K408YYwipU-2SdiixQBhgUVLS8Sh615rA"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '89417', cRay: '7c5f8c59d97743e3', cHash: 'd514be865123f26', cUPMDTk: "\/lol.html?__cf_chl_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'FoAd4lVBdR3won9Rs2Jfak+tQjzXxPoSuo1RDbLWoBgbDtG4sbp6dJPVY2yPACeJPMILVDmGpWRL5p83JUdrP8nuVYCG+5vbYX8rd53MVZ5kJ9wlfWFmCqWwQJUw/8TZawBHID/u/30DQeOeSeUTm1hqzmleggywIwf6pMg+ibTI90WBrTuW9wSkueaL3qTaSW+A5NmE5a98IBe6uITwE7298cOlvN5xe0V0Y44L/7J794Ti/d2obzW0EWmpSj68DzdMrP78juCknmUCL5iCtrWXrfhdXXjruJCYgBsuVR5T1HoPLAY8ZaUH61xukMd5qVzPRfNIIlhcoowZA1Eh2PMRByvPcFpdrPeDKOY1J+M5l4lk4/TNmiDkgCFAka0tLoM1HisA+wo47P0wfWILTScPL+M3MhFjnCEsQgVWbbbcu7ppiHsxevxnn0ypjrb3lrjH9FQcH522PtO7okA/1k5zFXRELcMaZ1PaWlYYxUzZ0lEDuGD8W2uAABd3Zqr48isKkErgxdWRypRiannuzpfhTo9gXIVZgjYXWZqPwNgKEtOvG48uUqTLWAhuTpBS', t: 'MTY4Mzg2MTg2MS40MTQwMDA=', m: 'cETLdgv65AVfRnLUKPe0Cd6r3wJgEhjfW5wAN2YKd/o=', i1: 'w+O5Ul3LVrlFQJyL4ELS5Q==', i2: 'eUom9RfWfCbkQbM7K2vx8A==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c59d97743e3'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c59d97743e3'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneGOAT (Net ID: 00:00:C5:D3:87:1C)37.7813933,-122.3918002
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}104.21.71.14
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:8087.248.157.102
2023-05-12 03:09:51Affiliate - Domain NameNoDNS Resolver2040Nonekeyubu.comdgn.keyubu.com
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCableWiFi (Net ID: 00:0D:67:33:68:61)39.0469, -77.4903
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Google Trust Services LLC,CN=GTS CA 1P5battleb0t.xyz
2023-05-12 02:46:50Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app34.74.170.74
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/carti_2.PNGhttps://funny.battleb0t.xyz/
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NonePLXDevices (Net ID: 00:06:66:30:03:AC)33.617190550339146,-111.90827887019054
2023-05-12 03:02:57Web Analytics IDNoWeb Analytics Extractor0030NoneGoogle Analytics: UA-105392568-1<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="Cache-Control" content="no-cache"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes"> <link rel="apple-touch-icon" href="logo.png"> <link rel="icon" href="logo.png"> <title>WebGL Fluid Simulation</title> <meta name="description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:type" content="website"> <meta property="og:title" content="Webgl Fluid Simulation"> <meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/"> <meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png"> <script type="text/javascript" src="dat.gui.min.js"></script> <style> @font-face { font-family: 'iconfont'; src: url('iconfont.ttf') format('truetype'); } * { user-select: none; } html, body { overflow: hidden; background-color: #000; } body { margin: 0; position: fixed; width: 100%; height: 100%; } canvas { width: 100%; height: 100%; } .dg { opacity: 0.9; } .dg .property-name { overflow: visible; } .bigFont { font-size: 150%; color: #8C8C8C; } .cr.function.appBigFont { font-size: 150%; line-height: 27px; color: #A5F8D3; background-color: #023C40; } .cr.function.appBigFont .property-name { float: none; } .cr.function.appBigFont .icon { position: sticky; bottom: 27px; } .icon { font-family: 'iconfont'; font-size: 130%; float: right; } .twitter:before { content: 'a'; } .github:before { content: 'b'; } .app:before { content: 'c'; } .discord:before { content: 'd'; } .promo { display: none; /* display: table; */ position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 1; overflow: auto; color: lightblue; background-color: rgba(0,0,0,0.4); animation: promo-appear-animation 0.35s ease-out; } .promo-middle { display: table-cell; vertical-align: middle; } .promo-content { width: 80vw; height: 80vh; max-width: 80vh; max-height: 80vw; margin: auto; padding: 0; font-size: 2.8vmax; font-family: Futura, "Trebuchet MS", Arial, sans-serif; text-align: center; background-image: url("promo_back.png"); background-position: center; background-repeat: no-repeat; background-size: cover; border-radius: 15px; box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19); } .promo-header { height: 10%; padding: 2px 16px; } .promo-close { width: 10%; height: 100%; text-align: left; float: left; font-size: 1.3em; /* transition: 0.2s; */ } .promo-close:hover { /* transform: scale(1.25); */ cursor: pointer; } .promo-body { padding: 8px 16px 16px 16px; margin: auto; } .promo-body p { margin-top: 0; mix-blend-mode: color-dodge; } .link { width: 100%; display: inline-block; } .link img { width: 100%; } @keyframes promo-appear-animation { 0% { transform: scale(2.0); opacity: 0; } 100% { transform: scale(1.0); opacity: 1; } } </style> <script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-105392568-1', 'auto'); ga('send', 'pageview'); </script> <script async src="https://www.google-analytics.com/analytics.js"></script> </head> <body> <canvas></canvas> <!-- Mother of God, pls forgive me --> <div class="promo"> <div class="promo-middle"> <div class="promo-content"> <div class="promo-header"> <span class="promo-close">&times;</span> </div> <div class="promo-body"> <p>Try Fluid Simulation app!</p> <div class="links-container"> <a class="link" id="apple_link" target="_blank"> <img class="link-img" alt="Download on the App Store" src="app_badge.png"/> </a> <a class="link" id="google_link" target="_blank"> <img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/> </a> </div> </div> </div> </div> </div> <script src="./script.js"></script> </body> </html>
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:41:40:58)39.0469, -77.4903
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0040NoneEnglish<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>vscode.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:21 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">vscode.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html>
2023-05-12 03:23:50Open TCP PortNoPulsedive0030None188.114.96.20:443188.114.96.0/24
2023-05-12 03:00:51Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.79): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"}
2023-05-12 03:43:29CountryNoCountry Name Extractor0040NoneNetherlandsEygelshoven, Limburg, 6471, Netherlands, Europe
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noney?maz mef. (Net ID: 00:12:BF:D2:A8:62)40.2024, 29.0398
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007sair.github.io185.199.111.153
2023-05-12 02:58:04Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.148.97.127', u'104.16.89.20', u'104.21.63.54', u'23.59.114.103'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://www.trustsign.com.br/contact', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.pki.goog"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "crls.pki.goog"\n "crl.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "142.250.217.72:443"\n "142.250.217.106:443"\n "108.139.0.36:443"\n "104.16.89.20:443"\n "104.21.63.54:443"\n "142.250.217.99:80"\n "108.138.245.91:80"\n "108.138.245.183:80"\n "108.138.245.30:80"\n "142.251.33.110:80"\n "108.139.0.15:80"\n "108.139.0.178:80"\n "142.251.211.238:443"\n "142.250.217.99:443"\n "142.250.69.195:443"\n "23.59.114.103:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1AFD.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a10_IESQMMUTEX_0_519"\n "IsoScope_a10_IESQMMUTEX_0_303"\n "IsoScope_a10_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2576"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_a10_IE_EarlyTabStart_0x988_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2576"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002224]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002576]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002224]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00002224]\n "_F5550ABA-2D97-11ED-A45D-0800272D826D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "MI7W09W0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MI7W09W0.txt]- [targetUID: 00000000-00002576]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002224]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00002224]\n "memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAexg_1_.woff" has type "Web Open Font Format TrueType length 21856 version 1.1"- [targetUID: N/A]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "DSG5QH9T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DSG5QH9T.txt]- [targetUID: 00000000-00002224]\n "ce5327c52694093aede79fbdda65cf4496210956_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "jquery-3.1.0.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "E87CE99F124623F95572A696C80EFCAF_FED996F91E5E7B003162E0E8C3911D16" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_FED996F91E5E7B003162E0E8C3911D16]- [targetUID: 00000000-00002224]\n "Tar1AFD.tmp" has type "data"- Location: [%TEMP%\\Tar1AFD.tmp]- [targetUID: 00000000-00002224]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DWMAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SECUR32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\GROOVEEX.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DNSAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RASADHLP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\EN\\IEXPLORE.EXE.MUI"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEUI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CREDSSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WINHTTP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WEBIO.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /contact HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.trustsign.com.br\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.148.97.127]\n\n "GET /contact/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.trustsign.com.br\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.148.97.127]\n\n "a84\nY[o~0(donHfsiS,6A]E0$Iwf(m}[_zfxuqMZleX3|~5 + )U(K/\'_GM~) W4!s-<I<izX(m#\nV(B])RlAiyjoh8Mo-nEmXQEw p_7e*so8E)WT$egnw-{$\nyNm<Yw{;@{e^RpE^s+,5MVdamXV,\\ReHS%_~(zaF`xVPpk|6Uy%J.Y[7,!EOiX*j=[Z[=,J7k[;5b!k-B)wy9~flTw)jtekDD|:a(AAGH\na<LBYDa<A}j{n~C)Ar~k\nWj>\nf_}\\]wYK#\'\ncy.\\)]qq]qd_Qc$30B-M"8ZI\\\\<^dUSI"q}4EW1e&i34.148.97.127
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 13 15:23:51 2023 GMT Not After : May 14 15:23:50 2023 GMT Subject: CN=nuke.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31: ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71: 0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af: 0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a: 5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7: 39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65: 24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59: 71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34: e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9: 0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc: 9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74: 06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3: aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75: 91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79: 73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb: 18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61: 4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26: a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1: d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1: 46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9: 1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01: 80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7: eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de: b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f: e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48: f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99: d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20: 45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86: e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd: 16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9: 1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9: f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8: 73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9: 53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba: 3c:1f:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nuke.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 13 16:23:51.711 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:74:49:47:F4:26:47:0D:47:E2:9A:66:AF: F3:3B:46:53:9D:6A:00:FC:C4:5B:6D:E9:3D:6A:E5:A3: AC:D8:18:26:02:21:00:F0:DF:BE:68:08:A5:73:33:B8: 41:78:C8:F1:1D:97:89:D0:3C:53:99:EC:D3:37:A8:F1: 3C:4D:2D:2A:6D:AA:99 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 13 16:23:51.724 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C5:F1:D7:EC:63:EF:D2:2B:1D:83:7B: 83:54:8D:82:F0:09:7B:86:48:A1:52:8A:D7:9F:9A:A4: 8F:C9:E6:6D:A9:02:21:00:BF:BA:DA:57:96:9F:75:77: 05:96:B4:C2:FA:F6:06:66:B5:84:A9:CC:F1:BA:83:9B: 82:75:E0:63:24:71:36:67 Signature Algorithm: sha256WithRSAEncryption 85:63:54:da:d2:e7:1a:fb:ec:3f:3a:27:f7:a7:67:fe:c8:7b: 01:a2:64:e4:ee:ee:8e:f0:73:aa:5c:d0:77:bb:6f:be:12:26: 63:92:52:2b:90:c5:19:0c:01:d9:fb:68:bc:45:29:22:6d:35: 24:74:65:da:4b:43:d7:65:1a:2d:49:c6:90:fb:fd:df:39:3b: cf:ed:9d:e1:a6:3d:3e:a0:05:2d:c4:03:55:00:85:97:89:e2: 1e:88:22:b2:ee:28:86:0f:c1:b8:e5:17:29:7c:e7:e3:6e:66: 99:6b:e8:89:3f:2e:a5:71:74:a0:b7:70:7a:4e:d4:b2:8a:69: b1:f7:4b:20:bd:fb:7b:d5:07:9a:0c:c6:99:dd:4b:3f:c8:5e: 41:b1:8e:dd:2a:1a:39:aa:08:e2:1e:e6:e3:63:8f:d4:59:98: ae:0a:7d:59:e3:fc:7d:a9:1f:51:9d:83:fc:16:e1:80:20:2f: 21:21:50:dd:de:43:12:b9:29:89:20:37:79:64:39:a0:00:fa: b9:f2:d1:d6:97:d7:a4:ad:65:b2:7e:a9:68:2b:1e:77:25:f0: a5:6a:9b:71:2e:77:c5:cb:51:1f:d8:52:be:f1:4f:2f:03:bf: 1b:74:58:57:b0:dc:c1:17:3e:44:8c:02:67:40:b6:b2:69:3c: 5b:81:25:af battleb0t.xyz
2023-05-12 02:55:15Open TCP Port BannerNoCensys0030NoneHTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-cache, private Date: <REDACTED> Set-Cookie: XSRF-TOKEN=eyJpdiI6IkpHMTdmeTU3ZDYwZnVJOEZ6K1lCMmc9PSIsInZhbHVlIjoiMXA0Z1VsZWxwK2dDVkY4Sk1IWVdXKzNzaU8zM1VPcytNUE9HZEtmVkpmY0tRQ3BMczIyMjR4ZU9VWFdDRTRVNG94cU5KbXFkdnA3L3dVdEo3cy9YYTgvOWdtdHpISktCOWlOa0UrWG1LZWtPL1lVWHFsOEhhRjFaZ3dYZDZiU2siLCJtYWMiOiJiYzUwNmFjZjdkMzVlMzczZWI5YTJmMzM4NWFhOGYwYTA0Y2VkNmJlZWI5YmZhODViNDMwMjNjYTY5NjI1NWIyIiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: laravel_session=eyJpdiI6ImdUVzFCME5hTHdVNjIvVHBRWjNUU2c9PSIsInZhbHVlIjoiaThZSTFKV29BNjc2ekZNZVRHdkNXTXJvVlVOZCtNemFRSlo4RFlXZ0lZR1pyV1FwMmp4K2ZmLzdmUEtBM0JTTjNTQmhnNG9uVlhabFJkUklRRkhVZmkrbVlnb1BZelR2K1VLNUkxdUhQL1d6bFBpSFk0QUJ4TzNDcjA5ZktLcjYiLCJtYWMiOiIxNzk1Nzg4OTNkYWJhNjk4NzRmM2E4Njc4ZDY3ZWE2M2Y2YzQxZTIxMTZjODQ2OTZiMDdmNWE1OGJjY2YyNzc0IiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax Content-Encoding: gzip 165.232.113.85
2023-05-12 02:54:07BGP AS MembershipNoCensys0020None133352606:4700:3031::ac43:8709
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010Nonetumblr (Category: images) https://ayshoo.tumblr.comayshoo
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneCoderwall (Category: coding) https://coderwall.com/login/login
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-512-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.233): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None\016\025\016\005\003\005\026\004\004\004\014\016\0 (Net ID: 00:0C:30:12:EC:AE)39.0469, -77.4903
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneFRATOAP001 (Net ID: 00:02:2D:53:7B:80)50.1188, 8.6843
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonetaxoffice (Net ID: 00:06:25:4B:60:E0)33.336199,-111.89446440830702
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:98:DE:00)33.336199,-111.89446440830702
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:57:56Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://oathrocalc.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3124"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_IE_EarlyTabStart_0xb6c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_ConnHashTable<3124>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c34_IESQMMUTEX_0_331"\n "IsoScope_c34_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3124"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c34_IE_EarlyTabStart_0xb6c_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "CEWY99B6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CEWY99B6.txt]- [targetUID: 00000000-00002984]\n Dropped file: "J259UJ4T.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J259UJ4T.txt]- [targetUID: 00000000-00003124]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DF7532A7032D3E3BFF.TMP" has type "data"- Location: [%TEMP%\\~DF7532A7032D3E3BFF.TMP]- [targetUID: 00000000-00003124]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003124]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "CEWY99B6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CEWY99B6.txt]- [targetUID: 00000000-00002984]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003124]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00002984]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002984]\n "_5237E03F-4890-11ED-B1DA-080027A81AD4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF13AAB00B1FE20632.TMP" has type "data"- Location: [%TEMP%\\~DF13AAB00B1FE20632.TMP]- [targetUID: 00000000-00003124]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DF6F079E67AE4A1B66.TMP" has type "data"- Location: [%TEMP%\\~DF6F079E67AE4A1B66.TMP]- [targetUID: 00000000-00003124]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00002984]\n "_7B031BD4-4891-11ED-B1DA-080027A81AD4_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "RecoveryStore._5237E03D-4890-11ED-B1DA-080027A81AD4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://oathrocalc.netlify.app/"\n Pattern match: "https://oathrocalc.netlify.app"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/89 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63442076e8d44876b51cc291', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.148.97.127'], u'sha256': u'66a2fd4e0cf4a13e9ac67d89109c21daab9efc63458ad8218e353ddf47ff88e6', u'sha512': u'1245fe07cfb396b6773cc4d866ec988850a58e676320902da6be7733b5bdd7983344c3153f93fcefa4878d97545d293c487897b2f0e3f3d2b781792f279af4eb', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://oathrocalc.netlify.app/', u'submission_id': u'63442077e8d44876b51cc292', u'created_at': u'2022-10-10T13:39:03+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-10T13:39:03+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 7, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c7ec97b5c563d59b5a6c9f7c76210246', u'network_mode': u'default', u'processes': [], u'sha1': u'dc379d517f72ad15cd77a2b37571b936c8acb2c3', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]34.148.97.127
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneTwitter (Category: social) https://twitter.com/battleb0tbattleb0t
2023-05-12 02:56:48Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 11, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://minehut.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.176.41.87:49733"\n "142.251.211.227:49737"\n "104.26.9.123:49738"\n "104.16.148.64:49739"\n "185.93.1.247:49740"\n "142.250.69.202:49741"\n "142.250.217.66:49743"\n "104.18.26.85:49744"\n "104.17.24.14:49746"\n "104.22.46.142:49747"\n "13.227.44.89:49748"\n "34.69.160.147:49752"\n "34.136.45.84:49753"\n "35.222.205.150:49754"\n "34.70.254.254:49755"\n "104.26.2.70:49756"\n "34.136.205.209:49758"\n "18.213.222.111:49759"\n "54.161.234.33:49765"\n "35.229.48.116:49771"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"63868ff535048f0009a9c77b--utils-lib.netlify.app"\n "ad-delivery.net"\n "api.minehut.com"\n "cdn.cookielaw.org"\n "cdnjs.cloudflare.com"\n "connect.facebook.net"\n "content.minehut.com"\n "core-lib.minehut.com"\n "media.graphcms.com"\n "pixel.tapad.com"\n "privacyportal-cdn.onetrust.com"\n "shell.minehut.com"\n "tr.snapchat.com"\n "utils-lib.minehut.com"\n "vue-legacy-ui.minehut.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4968:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4968:120:WilError_01"\n "Local\\SM0:6184:304:WilStaging_02"\n "Local\\SM0:6184:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:4968:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:4968:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7632:304:WilStaging_02"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsminehut.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004968]\n "f_00024d" has type "gzip compressed data from Unix original size modulo 2^32 58592"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00007808]\n "f_000268" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000268]- [targetUID: 00000000-00007808]\n "ebb17067-94f8-450c-9568-a82216ca290c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\ebb17067-94f8-450c-9568-a82216ca290c.tmp]- [targetUID: 00000000-00007808]\n "b242f73b8f8d800d_0" has type "data"- [targetUID: N/A]\n "59dc75d7-2547-49eb-9184-aee5038c9697.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 227208"- Location: [%TEMP%\\59dc75d7-2547-49eb-9184-aee5038c9697.tmp]- [targetUID: 00000000-00004968]\n "01e58febefcac415_0" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004968]\n "5e42a7bd8f7f5c6d_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\5e42a7bd8f7f5c6d_0]- [targetUID: 00000000-00004968]\n "739aec52abd1ef18_0" has type "data"- [targetUID: N/A]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 389379"- [targetUID: N/A]\n "dd645e9d-3232-4e52-bf26-866b8133ca70.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "195beb76-9db3-4752-8dc5-1c9fb22b370e.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "db2a7507399ba0fe_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\db2a7507399ba0fe_0]- [targetUID: 00000000-00004968]\n "c9bd6e5856a90fb8_0" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00004968]\n "b2c20a88-d803-4261-8816-190344952cfd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b2c20a88-d803-4261-8816-190344952cfd.tmp]- [targetUID: 00000000-00004968]\n "f_000243" has type "gzip compressed data from Unix original size modulo 2^32 165367"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00007808]\n "23d3f5d3edbe4758_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\23d3f5d3edbe4758_0]- [targetUID: 00000000-00004968]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://minehut.com/"\n Pattern match: "https://minehut.com"\n Heuristic match: "ad-delivery.net"\n Heuristic match: "api.minehut.com"\n Heuristic match: "cdn.cookielaw.org"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "connect.facebook.net"\n Heuristic match: "content.minehut.com"\n Heuristic match: "core-lib.minehut.com"\n Heuristic match: "media.graphcms.com"\n Heuristic match: "pixel.tapad.com"\n Heuristic match: "privacyportal-cdn.onetrust.com"\n Heuristic match: "shell.minehut.com"\n Heuristic match: "tr.snapchat.com"\n Heuristic match: "utils-lib.minehut.com"\n Heuristic match: "vue-legacy-ui.minehut.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-7', u'name': u'Uses network protocols on unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 7, u'threat_level': 2, u'type': 7, u'description': u'TCP traffic to 54.176.41.87 on port 49733\n TCP traffic to 142.251.211.227 on port 49737\n TCP traffic to 104.26.9.123 on port 49738\n TCP traffic to 104.16.148.64 on port 49739\n TCP traffic to 185.93.1.247 on port 49740\n TCP traffic to 142.250.69.202 on port 49741\n TCP traffic to 142.250.217.66 on port 49743\n TCP traffic to 104.18.26.85 on port 49744\n TCP traffic to 104.17.24.14 on port 49746\n TCP traffic to 104.22.46.142 on port 49747\n TCP traffic to 13.227.44.89 on port 49748\n TCP traffic to 34.69.160.147 on port 49752\n TCP traffic to 34.136.45.84 on port 49753\n TCP traffic to 35.222.205.150 on port 49754\n TCP traffic to 34.70.254.254 on port 49755\n TCP traffic to 104.26.2.70 on port 49756\n TCP traffic to 34.136.205.209 on port 49758\n TCP traffic to 18.213.222.111 on port 49759\n TCP traffic to 54.161.234.33 on port 49765\n TCP traffic to 35.229.48.116 on port 49771\n TCP traffic to 142.250.217.72 on port 49772\n TCP traffic to 157.240.254.7 on port 49776\n TCP traffic to 54.230.58.252 on port 49778\n TCP traffic to 104.18.35.85 on port 49779\n TCP traffic to 35.190.43.134 on port 49780\n TCP traffic to 104.26.14.167 on port 49781\n TCP traffic to 172.67.75.33 on port 49782\n TCP traffic to 74.125.195.155 on port 49787\n TCP traffic to 157.240.22.35 on port 49788\n TCP traffic to 107.178.246.49 on port 49791\n TCP traffic to 35.203.130.56 on port 49796'}], u'threat_level': 2, u'size': None, u'job_id': u'63b1da6cb79fb1747e53944f', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_ide35.229.48.116
2023-05-12 03:18:06Externally Hosted JavascriptNoPage Information0030Nonehttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneabay (Net ID: 00:08:5C:FB:81:BF)40.2024, 29.0398
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneayshu.xyzayhu.xyz
2023-05-12 02:57:46Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://tinyurl.com/madeinsuisse', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.20.138.65:443"\n "34.148.97.127:443"\n "3.125.5.245:443"\n "35.157.185.185:443"\n "172.253.122.95:443"\n "205.185.216.10:443"\n "104.18.22.52:443"\n "172.217.2.104:443"\n "172.64.202.28:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar53E7.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5349.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar52DA.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar515F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5190.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dac_ConnHashTable<3500>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_dac_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_dac_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_dac_IE_EarlyTabStart_0xa9c_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dac_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3500"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.fickfreunde.de"\n "click.candyoffers.com"\n "fickfreunde.de"\n "kit.fontawesome.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "96063GA5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\96063GA5.txt]- [targetUID: 00000000-00003500]\n Dropped file: "L8H735IT.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L8H735IT.txt]- [targetUID: 00000000-00003500]\n Dropped file: "H5C14F22.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H5C14F22.txt]- [targetUID: 00000000-00003448]\n Dropped file: "6CLV6E9L.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6CLV6E9L.txt]- [targetUID: 00000000-00003448]\n Dropped file: "L6N87E8V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L6N87E8V.txt]- [targetUID: 00000000-00003448]\n Dropped file: "NJN6P46V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NJN6P46V.txt]- [targetUID: 00000000-00003448]\n Dropped file: "OOF6KCM3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOF6KCM3.txt]- [targetUID: 00000000-00003448]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab5348.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab515E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab52D9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab53D7.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab518F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003448]\n "background_new.fd3a8456cceb346c0891c03198a60c38_1_.webp" has type "RIFF (little-endian) data Web/P image VP8 encoding 1000x503 Scaling: [none]x[none] YUV color decoders should clamp"- [targetUID: N/A]\n "scripts.7a620facbb6e924f312020771a5bdb6b_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "LWPZRw8np3l1Upuc936Fx8vKR2QcNtjyEhKbl2iD_1_.png" has type "PNG image data 114 x 114 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "ass-nak-btn_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_4C7A419C-64FD-11ED-885E-0800278B0884_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "common.774a6bb1c151f7a4ed117196fce2b316_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "RecoveryStore._A51FD2E3-64FA-11ED-885E-0800278B0884_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "96063GA5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\96063GA5.txt]- [targetUID: 00000000-00003500]\n "L8H735IT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L8H735IT.txt]- [targetUID: 00000000-00003500]\n "7RZJQYK5.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\VC2ME0V4\\7RZJQYK5.htm]- [targetUID: 00000000-00003448]\n "~DF2EDB88760F5A6FE9.TMP" has type "data"- Location: [%TEMP%\\~DF2EDB88760F5A6FE9.TMP]- [targetUID: 00000000-00003500]\n "Tar53E7.tmp" has type "data"- Location: [%TEMP%\\Tar53E7.tmp]- [targetUID: 00000000-00003448]\n "H5C14F22.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H5C14F22.txt]- [targetUID: 00000000-00003448]\n "Cab5348.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5348.tmp]- [targetUID: 00000000-00003448]\n "6CLV6E9L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6CLV6E9L.txt]- [targetUID: 00000000-00003448]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://tinyurl.com/madeinsuisse"\n Pattern match: "https://tinyurl.com"\n Heuristic match: "cdn.fickfreunde.de"\n Heuristic match: "click.candyoffers.com"\n Heuristic match: "fickfreunde.de"\n Heuristic match: "kit.fontawesome.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"click.candyoffers.com" seems to be random'}], u'threat_level': 0, u'size': None, u'job_id': u'6373bbe282dc496f620ac840', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'34.148.97.127
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0050NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f603759cec44a')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="VxcMRN.Povw0Dqbul8wSiWYYVjQ65KTx3XK5wkMYn5s-1683860053-0-ARNnaczlk3lhWY6ESpfReTjviWNfe6-W-F4EYUMujv5K8wYIHcmyGNVxCdUrRWsobOaE65E16LH7Z5A8l3JcOOwM40OukBYU_NTnKQTXBbuAPfHcavNAVkFXDNA4yBYP_F-doeuxJ1iDDtJRrmlmohTnm9Zwgu_y8a0NK2hiUe5yMvTqp63OLXzd1V9ueCyVeeK1caOtPi7xaty2vJtyZb-cIX-pXe1HjTUlpS2SBgDHLt9Z2nGU34h6kZ0-LrtNlJwHFMEUfGQT7Cu-pfqrhaBF1Rf57tLrkAcE4ToZFW0ZJ0AzVaQzLYE6ZtSIvjdhsInZ4x-0ac4WkaSnH9qLZC0frRaKCRbP1YE5yAsA_V_rAzDvledqs23zFkADyA1JndB-r5YTwGkwDl-BxZREbNktpruk72pVubcgN5obrf6JxTrQq7YBfyWH0u231TmHhalG3kCxQTdf9BBK1RtcvNhrrH01RN3jUXWOknSbzfs0xXZvpHYZ1mrWn-Ojnk9ZjOu2ygM5UtHSoZUS6y_CjRifM_gopebOwo_cedROZOf9quaaEku8SOVh2-a-u3HQqhJrHKvyqASEjXgOG-POuVge4L6xHx2SHahOESPnWqqKrSn9BYMIGELPd8-r-1tIAXEFuooehRGS_FYNDjqh6omsTcRWSr06JGoopCVsOBkATKY4nwfmOjHwATatO_bzDcPIKUDDZxN4trvvcVPNVoHO7Bdkn5nD4MlhG7ULR5m8BGChjHXk7lMQgvxBm1SZz89qexKer_mB3ITW_Ckfp4tPj4-YUwZkcw1lp1dwi32IJwgxwAEQrcGYo7Dftq8CYuStupr8lXKN_XUjGqTozvnpHPRsKR3mpnU05jAAbQN-wTNmylPeMG1Bx9YvJ8-oBs6FOj2g79NCurzx8d8F26PjaGqr-vtP8UKYeQxLAnNdd4Vl3r7Sxgy5_U4ONoKkZLnzYO166hvNojFJrl5f4tJq3L8oaK1eV5U-xpdOk_jlFbI7ZzjrEUv9fZQsj5GaeDY02cHxOh7Nt2nNuGIpJ43yd7IG1NCu_ks7x5I0kfXv5MRuTfiROKF9xzm5F_CKasB2amUWk6rZYcXTrxdif9TD5Sx62vXZQpsnSXx8a6qRdl0hIJb_vmia5qIkaGS9V0c3xjS-IDsjcMXU8HgYzlCX19Zu4ALj-qepP0KcZOXiHhiswQ6RmzSNTHY19R5ZletASbYV_KRC2PP48Hz8WCb-SWTTkcwOaIfpq0-9SsU16FZzuVHDtQR9HgY0pbLMzaxY0s1xIpwF0xudNUa9SsK7hj88CJhBWAgyl0DKCHjlEvVNsM3bMb76uUbrGBKt7Hry85yQS5UEcYp6GIRihakXwCelMLh9b6mQeb34LGhQRPvlmLc3f7j1216yXCSaBd223eCCMmrLoB2g3nLwqwrk_PW2t_XaPAxAsSOOJKzId4VjA2dn6CqsOQIQ1btvcUPfq3OsFea8XgUx2qTK18l8oqMYjxkPX_FOwTDrD8XvSUg990Ur0PezzJ7ZjQhXW2g96qU5HlxCcEgvTZ1Oj8VsRG6KYZKs3liq65P7yZ1Xq0PuWGs5ZH1HZuwe_EUK0ctlgYcA2TZqiqR97ljhOugKeylE_8hYvCH-_EfG3w8eyicUcZHEEbELHsNXehd76Tx3s2-ebSEw5k9zImyOFTenD_lgPbpq7QTz7xoj2el_vnfxew2WRomnN2o-3wrcdpxXZbyRqTVEwh9mt5ldOWHagonTAv_Q_hf6-IdMAwmmBbSh1Hcp5U00qxCfbSDlsw6TbCjryraM_n5MuyIQ3ROmpzau0nYDihwg55Yfm_maTyXQn3EfPcgCTbGbUA-S1IM4kEvznOEUMKan7limYnMnSACdDa6YllLFkTxfyt9PIWPkMFkg4rul1WrPg6PbIgC6s9asfdQz_qx66otvL3jKY2qeghrw_6pmQyfsLCIHyZFw1XaoIueMg-cFKFmIkcBABdWmDDrGq0ut54mYbYK3SFGC_bIHhtVHYt9KTDDqI94HFGgN1Tmq0OS0w3l63uBrjPR2ghPB-fwrkk0mrJ7qhhXURTs1sofuhT9GcdvnMZ1lpgzcElp3IhKAYa_lNxP8ZMf4Q_-TfeYlm0PHPqWivHEqU3GArEQlC_hJ27J0JdZxbF8RZT_qsP9FxBGCfGjgHhGcEmTtiLHMzioIBblPCJ2MJyW1yepTP1gLGj1XQw8vPq1sTASJgCcwQdtLYK1gBygsKJ6y9hq73XXqB7BxmSRGE1412ZH9kqHGFcsBJvpgdfjdZDEcUAbc7eHlE_pUs5mqrXq697Qb125fekHxboBa8kmPIcPQ2ynUBwAN74KYjxXYEmrozv8dkXJqol4LZcUANpwiA11Em8xrLpc2lbtTgwaNEHGyTh_5AUbuVj2YXAm8gMv0JlcPNtTwFxCdA8SE7rXhlJ4zCoy8DSlgGYlbvZ8ijwcet19cfaphrxuan5NDwsNqQSGBQBD2ZBY7HKWcOtfFA0IzjpULqXe_VhCzD0_t3-f5YJ6XZO21"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '16187', cRay: '7c5f603759cec44a', cHash: '5c1bdda96dc3363', cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'HgohT/b1OM4tsUSGEPixuGnvvV+8jkzKLyX45HU4WdoKt1CyoXgioQGLmYcV9DPAxym7ohL+qPU6akoz/3Kv4jDE5qiLpt0g690Z1V0G6KGqGHPkesBGIYJOSkTiujqDpcxocLCBQ79XH7kLAk8OVa7j2xuxhAkf7tykvodsDRO92HgFm6rNoo9Cc4pq9Hw23quQ/Ag/Dw7fHCOPwdkWoIXGKhVsGwr+1oSvb+i62Ffqr2C/t8TudQSZP04EqcjtlKB4l31gRzqm6aULKZZKHQH5dhkngvCigCKNwW3hn9AmxEaT7NKkPj96+xDmNbHesoN2ACk9cb3W/d0YPCDVKR1HT4e51TpStG90quS33mPQQRwHkie3Xs9LUnGj5sG8Duv0tFosQZ0d2HZZW4zbksxXdaP8TmTByfSbYAcfyuU4CzRSX+Y5Rm9J03m+/gTMFWf25epClffMJPvWQuuF8+FuZwLDOXqs2UqxSUCSOXQCyg20Uk8QGVhEnW7SZrLI6C+LyvwhLlehehPxzaKSJs+0ftOeZ0U1P+CWNJ72yzyn1vk/bmC6oIk8nhtMSrxM', t: 'MTY4Mzg2MDA1My42NjAwMDA=', m: 'lfsFj6DGCrI2vGPf6BjuX9qKC3b3WJbZzI/myE7y0Ig=', i1: 'Gu/vYOwR5DI39saTFLv/iA==', i2: 'jBLnZ6zLXxRsowEZI/3brw==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f603759cec44a'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f603759cec44a'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:19:17Web FrameworkNoWeb Framework Identifier0030NoneBootstrap<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonebabepedia (Category: XXXPORNXXX) https://www.babepedia.com/user/loginlogin
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F0:17:4A)37.780462,-122.390564
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonetrakt (Category: video) https://trakt.tv/users/loginlogin
2023-05-12 03:09:04Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10687.248.157.102
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Noneluna (Net ID: 00:02:2D:2D:B8:C7)50.1188, 8.6843
2023-05-12 03:00:24Affiliate - Email AddressNoE-Mail Address Extractor0030Nonesupport@lu.ma[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 28, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://lu.ma/y9yw6eqo', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:120:WilError_01"\n "Local\\SM0:8012:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:8012:120:WilError_01"\n "SM0:8012:120:WilError_01"\n "SM0:7888:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.66.43.101:443"\n "104.16.56.101:443"\n "142.250.188.8:443"\n "34.120.195.249:443"\n "54.203.115.111:443"\n "142.250.191.74:443"\n "151.101.0.176:443"\n "142.250.191.78:443"\n "172.217.164.99:443"\n "142.250.101.156:443"\n "108.139.1.127:443"\n "108.139.1.104:443"\n "52.23.144.23:443"\n "35.174.127.31:443"\n "34.209.51.54:443"\n "44.228.114.110:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.lu.ma"\n "cdn.lu.ma"\n "lu.ma"\n "nexus-websocket-a.intercom.io"\n "o370968.ingest.sentry.io"\n "static.cloudflareinsights.com"\n "vitals.vercel-insights.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- [targetUID: N/A]\n "f_00024d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 6400x3200 components 3"- [targetUID: N/A]\n "5f16b7f9d1607ad6_0" has type "data"- [targetUID: N/A]\n "989898b72cc58f9e_0" has type "data"- [targetUID: N/A]\n "23a55676-8174-4a5e-89fc-143bd604c96f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00007888]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5e9a6eefc2fa1f8f_0" has type "data"- [targetUID: N/A]\n "f_00023e" has type "data"- [targetUID: N/A]\n "cc4ad257c5413c5b_0" has type "data"- [targetUID: N/A]\n "c4595e73-7693-4c82-9c12-a950739b1d75.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "83213497a6b2b947_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\83213497a6b2b947_0]- [targetUID: 00000000-00007888]\n "d646c3a66fcaef39_0" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "d96dbad775832460_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "data"- [targetUID: N/A]\n "9d4d031f25631c01_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007580]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir7888_284643122\\Ruleset Data]- [targetUID: 00000000-00007888]\n "4a0cb44c6cfe27cf_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4a0cb44c6cfe27cf_0]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://lu.ma/y9yw6eqo"\n Heuristic match: "api.lu.ma"\n Heuristic match: "cdn.lu.ma"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://lu.ma"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "lu.ma"\n Heuristic match: "nexus-websocket-a.intercom.io"\n Heuristic match: "o370968.ingest.sentry.io"\n Heuristic match: "static.cloudflareinsights.com"\n Heuristic match: "vitals.vercel-insights.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "lu.ma/y9yw6eqo"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.188.8"\n "UDP connection to 142.250.191.78"\n "UDP connection to 108.139.1.104"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7888_266005712\\adblock_snippet.js]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.44"\n Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.44\\LICENSE"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.241.73"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="&#x2a;",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/86 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'641c61a4603a681d33001968', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspiciou
2023-05-12 02:54:23Open TCP Port BannerNoCensys0040NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H061ZY9N5FV8EXSVB32WY78R Date: <REDACTED> Content-Length: 0 2600:1f18:2489:8201::c8
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NonePornhub Users (Category: XXXPORNXXX) https://www.pornhub.com/users/Battleb0tBattleb0t
2023-05-12 02:44:15IPv6 AddressNoDNS Resolver16030None2606:4700:3030::ac43:a8fcnuke.battleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:27Raw Data from RIRsNoTool - WhatWeb1020None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://oldfluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://oldfluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}]oldfluid.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneSnapchat Stories (Category: social) https://story.snapchat.com/s/loginlogin
2023-05-12 02:56:27HashNoHash Extractor0030None[MD5] 02ca825e4901e74c2c2d6f8e59341325<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None01039402468.github.io185.199.111.153
2023-05-12 02:44:31Internet NameNoDNS Resolver17020Nonepanel.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2086104.21.6.166
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Nonemalsup.github.io185.199.108.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneStartMotor (Net ID: 00:02:CF:A1:A1:06)40.2024, 29.0398
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneBudgetScottsdale (Net ID: 00:09:5B:29:02:37)33.6170672,-111.90564645297056
2023-05-12 02:55:32SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:48:35 2023 GMT Not After : Apr 14 17:48:34 2023 GMT Subject: CN=funny-face-pictures.nom-nom.link Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4: 8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62: 35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7: d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d: 46:7d:03:91:0a ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a9:fd:fd:93:70:29:b0:48:11:c8:ce:bf:67:f2:09:f0:18:36: 72:e2:d5:45:1a:22:98:73:7b:fc:63:f5:37:b4:8e:20:c8:45: e4:ce:e2:9e:72:73:e8:ad:47:bf:c0:35:30:a0:a9:68:42:7b: af:a0:57:45:fd:5a:91:a4:2e:d5:a2:69:b2:ca:b8:65:ec:5c: 97:2b:5a:c2:47:61:9f:c4:81:87:89:15:e0:4d:14:10:00:57: de:30:17:e4:75:38:ea:ab:0b:a9:2e:0e:a3:de:bf:1e:49:35: 76:16:95:0e:f2:76:59:a6:60:31:e4:31:da:5e:f7:3d:1a:b6: 45:fb:43:8b:75:fa:55:4a:bf:3c:53:c5:63:68:3b:09:79:60: 3e:59:90:9c:6f:29:ba:5e:2e:69:99:fe:bf:eb:b8:a8:a2:e5: 6a:e1:ab:7d:7b:0c:fc:a2:d8:0c:8f:d2:5f:a3:53:b9:f8:44: 96:05:f5:bc:85:79:5a:77:18:35:7d:ad:c6:2f:17:ce:cc:e8: 15:70:ec:81:d3:7e:77:0e:2a:9b:e5:1b:d9:8c:57:bd:a3:bc: 0a:e0:67:62:79:dd:4b:90:cc:e8:41:75:b0:89:34:3b:68:0e: 36:40:32:41:3e:6c:17:bc:5d:a4:cc:91:d3:38:4a:ce:c8:1b: ab:60:7c:08 battleb0t.xyz
2023-05-12 03:33:13Web Content LanguageNoLanguage Detector0050NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5a3bb81a1b')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="e35Zj8G5BDk9XldXhqgKMMl4m4jJjyX9hPpRt8lgb3o-1683861861-0-AeRvD12zRrpKT1Vj_NZpuXTYPY0T_C-IsEnAR9u2dCvcdsLy9Sv3iw7wV_fgwkqNl3iHxdj5qFwNZJL3xkB-iwW9vjUdMNxMyhnqv8JlscfNtie9SAcppGbOk7uCBiZIQLa1SBVNw6UUv-_a_FXFD2296FJ4KrNIS6arC6VFPDD30uM_354WVFgyW4mKtrSpYK5InwieJ1Vkv6ZxoCDhBRMhNxgPpigNP0QmWXw8y1_k8lflCwo_Q9K8uZ_qtQFf0Gfd14ZLuORqP0m48rgXZsNXk2d82Mm2SMemmjVviG7PuPUL1CbnB3WfSK2OQGeY4U-Gy7kSdq7i3_ymV00fkl4RBJdkPDOtsR2eeN44cG0QzvhUzJu9a18Wx-JBgeMkCDDp2c6FvebNEOQydvCZrys93XZSGdta0GBiBfCz0DM6AFXJXoguOORHg7MOd62eoxeeua6hY1HFOifFbgHz4R4_F4geEyT8xPiS9kLqmv-8Tv9wFT23J38aRv3VS8KGL7JX_pO7KJv7qjQiIN2XDIN1kP01EuKi5fpoFbmvumK_aQpspEPJd-oYkv6g3z8upJ_i8gMQOJzdPMV462qdkEt72KoSPvIxKpy4bKNXJwJjWy3MhsDm6o8-oFAI7dOznlN5m1idwbZgvsnclXbdkqJhXPQYzxjKdzlT7hyQKmtmMash-U3aTKSIpDEKkTstu-cs5rTf__9DuNB2pVPrKXIFuY7EwlrjB6j_0UJKavfBfT6h3NsKR3qKMg-rGVo2RSQdsEOud7Hh5F0cMs0nCAAWGTq86XwfC81O29W1K2i6OalWYJiW61x1Nv_qs72KoX0_Mpn3amoMA5KS1vGI6mPUPMiOwHSI0cRgqEERjtVjkE3-TwMesGkKvz-Aw2gGE9OL21frfN9JEzkR172OTICxrUfc7caDwzr9D9_NePtArl9cLDKFHEvxIxzgioPuODDLvyAfvi0dPWiWhMq7WkvCuoWovUiUA253wYEf7M9x4gD8lnc3kaUCBX9tFmIajIXhsaHhaKh_ysHvt7SDv4HQuHFmdW_PTHj46eP5odywpuZGDTSuWK7SWH7u71n7C_Ae4KUmVvgKAwroZ_dlv8I2ROpq-QoxjIwoWtmm2DsGljOITbn0msRXnKPyZMK8B7bxqx0Tk0lwfAxw5qFIfx9cKTkyEKNgMaJHKVRsdCxtQMpTYYbYCTs7ecYaFA-cfa8pDUJO-vS3eg6mjgEiRw-8bm1dPWtPUv2T1GYeSsTkWX7p26b8BfAn4XpyF65-516ZnQxFqk_LYA1aiczQzQWdLb1NuFpyAlTJVRij048j5uSY5WFvTrmsh7xjoZ2Z46DkwHtY4crfRZm3SD6Mg_03vOiI68rC6vzz6BqdsamaXqvoFcnUbGnDDjkCNPCk0I7LyG6AFbm_EwgFVB9gZOJPVWeWKxdCcEWIQQOyO_AqVnN-wyzH0S5fWbIjXusPp_qMzz38MsJyGlFbc7GOuh6S4SdpuQewqWPsqFDGHPGtQUEKXIDpP7weMLUYzqItqb4vPv3n4sxn1GsE-qNs3lpwxVrc1SL_ssnb3-_jfGgVSpkOmJliBGGmoH-AatJn35K3t_jno9HyCYJLmz1rZkbI33XoOACdRBNvladuDXSHE4m8J_n-NLMdDcqru4xU65kcr9OibRXR4hHHwc3rYYFV9kMj9KFuctQB10AWFL0_n3yW8Zlh4cik5rYLuGKboFr2i4pY9ykLSq7sms7Qe3oXXbRcmeWxKtL0NlB6gk_PWz-AAqtF3sr5sdva-7sRfyfrgrQxpiH5_wMb5DPqczx1O37xCMTLyF6YhMXn4ABmLQ-mt-EMWYX-tkGM85skgM2leXXJlv6HTAp-riDNoZ3OMVT4KeKIc6AIi8pOLxrJ9jD5oVgtqxZff2ZqlinhLXHPSVtkPU-H6FAHinPrzSf3uH_Q3H0UuvzybBwb61Kz9xfOtHBkP2nWMCU86xpSbO4c6VIi3roOnQLOncMey4LehldRzG60kvAcLOIIzsotkC6A0TzBdXW6h8WnOc98kvqVlyyluYDZoGL2sgBQP5iT8LeZ1GiKa6nuzXWAIZArCXDfvtsaNftRUiJODl-iLsalLmXB287qXlXnC-Sqn-VkYBIG1c0SYjAXzvc-MH1JJfTmtb7X2x-mXdkkqwoy16YRiEGxdDA84vt_3-1PJIVkwQFdJL01areTvrgmeIqm94L-DFciyanQyUBPitgHcxMUsm51YpB6KDWM18BLL4ehHRO7XO7TX_IIKdZiHbwQcPJ8FX04IKxS2S5Y3q_h8S65tynRA7TtY9YDIyDgHWfsgLSoL1L6GRBWm_cX_GqkdNtINyYbvrEjvcbcBhRdYEvzv7ySe_t5eEL9DPxXMRgGUTSk5GXudJNBbnpRMcYsT7qBIns8TOaWZIAFXnDbumx2Yzf2QUY6Xnq_tYLe1hwa_1BstafWXYwwQNC50mTlgJK1S5YWtg1SKoybbC9x5fcZ1N-_oCRgLtaxFqIZMUnOoV0u2hpdcXGPpNrOH3SR"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '70037', cRay: '7c5f8c5a3bb81a1b', cHash: '1cbb584e4678a4a', cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'QLdIKmVk90yEleUYFE8hq2th+l+jM4Uner6m/PqgQtgOm/j9Wu0B6Nwve/VIS31m9W0lb1V8I9RlPI3LD6ZpGikA+cl1xSe9juPQwbg/Khf2e9vfPpLKN0X7UvbusnivZuKA6TGjro8M7MljUWp3taWc0NTFEoxbvZYXtf23gnOsGXD0P3fio4y3xX1t0tyqoIYWkX6yVqHvCXS1I5Mc00CNY00FBcI/7efFMNVH6yXhbtO4DyojjSzFMA05WgLv1NMq/SwjeKgTF2UQjV1ScyP6xlwF4X/SOwW0/jc9ATHtwcZox/DXcQhTbYvzRGwtclm7F8sB4NPhEbop1gXy97S6V5xE84j90At9GihMuWgC3j9pOQviCNo3sewEE1wcCPBex3qLyb9lbO0GI3TZ/lO3ce3eYjSncgsTFzLP72SeeH7Cmkp5RZNQKUNY6KsNqv0SoqAADgpekKlGL1tqVOG6O7u3V3DisK9MR45AkotpTXq8Qr9XZQjfqaCO5Yfbn8lV1zfjI7l05/9wUrB6DYoT7pc7b3AgDm+BZdc44QE9FZKV/xPKQptYvP3Z+ZLT', t: 'MTY4Mzg2MTg2MS40NzgwMDA=', m: 'l9x6fYD43AkOSli+eEX3TiMPXRiBndCq0G/Dpt1PKp4=', i1: 'nuJed/J938+IZsnq9K0k2g==', i2: 'LCpeQRd016F0btwfkm2M8w==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5a3bb81a1b'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5a3bb81a1b'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None\005\014\006\035\026\027\003\037\003\037\022\032\0 (Net ID: 00:06:25:0B:A9:FE)39.0469, -77.4903
2023-05-12 02:47:07SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: c7:83:d8:18:48:a0:26:ac:0e:41:bf:5e:7d:c6:c3:07 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Jan 17 09:16:26 2023 GMT Not After : Apr 17 09:16:25 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c9:69:39:93:28:ab:3e:d3:a5:d5:a5:72:cd:be: 43:92:fc:b1:41:1e:65:40:ba:b6:a5:98:c9:0a:c1: 0a:16:38:c6:f0:6f:13:8a:f1:50:6e:63:c7:c9:4d: 3d:84:6a:35:2b:f1:16:92:ef:9c:26:1f:97:22:55: e7:7e:fd:a5:40:94:99:7b:2a:b2:9f:89:9a:e1:30: e0:1b:38:af:f1:7d:fe:1d:f3:e2:fc:ad:49:66:7b: 1e:5b:c2:73:59:c0:35:17:1a:cb:8b:a8:f6:c4:6d: b8:77:b7:bc:64:fb:68:2f:62:4e:80:30:15:70:8f: 2d:50:8e:a9:f6:b0:b5:02:42:f1:48:e2:81:92:3e: 44:a6:5b:69:a6:54:e5:ee:c1:74:2a:c1:ec:11:dc: 59:f2:1e:65:9f:eb:94:d2:24:cd:99:20:ee:91:26: 11:c9:44:8f:62:f0:c5:34:f8:77:d4:9d:29:a7:42: e2:30:2c:71:73:82:02:34:4e:a9:30:9a:b9:ab:95: 0a:72:71:e0:79:05:25:70:cd:6a:cc:a1:b4:51:7d: 04:6f:2b:68:12:e1:a4:1d:84:68:0d:5c:76:58:33: de:fd:16:f6:1b:5f:7b:dc:4d:c0:66:3d:ae:d0:46: c8:c8:e1:83:f9:b8:7a:33:57:f8:8e:90:08:fd:c7: e2:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 31:FB:31:C7:D3:F3:CF:11:AF:91:FA:E4:71:40:41:2F:C4:66:90:11 X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/mFVJO6PGh8g CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/Zn3bDrcK0Gs.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 8f:de:2d:05:92:69:48:3c:56:fc:22:08:a2:35:bd:c8:57:65: b5:6f:33:0c:aa:bc:76:e8:1d:42:77:47:bc:ae:0e:80:ed:dd: d3:8e:f7:0f:aa:49:99:2e:fb:bb:2f:e3:ed:b0:fc:04:11:23: 70:ae:f2:d5:ad:55:18:89:fd:c2:f1:f7:ab:64:01:10:ce:86: 6e:5a:5f:19:d1:b4:39:19:cf:7c:c2:bd:e3:c7:5a:bd:91:f4: 86:d0:db:9a:02:e1:5f:ff:08:f2:7f:c9:ca:5d:f9:53:49:db: 4d:e4:6b:a2:d8:53:33:76:e9:c8:7d:9b:a1:37:1c:e1:fd:14: c0:c4:e2:28:fe:cc:ba:5c:25:d8:86:52:ce:0d:c5:7f:e7:b5: d9:3e:e1:65:14:17:4f:8c:55:fc:01:58:43:fe:c7:c5:4b:26: e2:ea:0b:c9:ff:2c:52:b5:ab:00:e9:06:49:51:c2:01:ca:b5: 6a:c4:ae:a2:17:c3:86:ec:ec:a7:72:a4:4e:b6:4e:3e:d9:0b: df:8f:84:de:6a:96:ce:0d:8d:26:ac:b2:5c:45:1f:a0:e5:df: 88:dd:84:9f:fe:46:1e:e9:a2:91:bb:ae:08:4d:ff:a2:51:db: 43:d0:e5:a3:df:91:dd:52:a9:23:85:54:e1:34:57:f4:c7:f8: 24:6b:63:ba battleb0t.xyz
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.68): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneInterwrx1 (Net ID: 00:02:2D:A8:7E:D5)33.6170672,-111.90564645297056
2023-05-12 03:09:36Affiliate - Internet NameNoDNS Resolver0040None221.30.196.104.bc.googleusercontent.com104.196.30.221
2023-05-12 02:44:09SSL Certificate - Raw DataNoSSL Certificate Analyzer0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 Validity Not Before: Feb 21 00:00:00 2023 GMT Not After : Mar 20 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f: a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af: ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24: 29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09: 23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a: 5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed: f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99: 4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77: c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2: 38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3: f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57: 77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee: 3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76: b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1: 95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f: 43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97: 2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07: 24:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4 X509v3 Subject Key Identifier: 8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Feb 21 15:03:41.179 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD: F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24: D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25: A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53: A4:D8:EF:86:C7:5C:70:1A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6: 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5 Timestamp : Feb 21 15:03:41.162 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7: 09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3: 74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A: 04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37: AB:35:8B:24:23:B9:2B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Feb 21 15:03:41.130 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09: BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45: 49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98: 13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E: 4F:4E:1C:82:A5:B3 Signature Algorithm: sha256WithRSAEncryption 37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08: 1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79: 13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22: 8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37: 4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0: 4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43: 64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef: 4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c: f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a: fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da: 33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08: e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8: 28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96: d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75: 27:d0:e3:df battleb0t.xyz
2023-05-12 02:46:49SSL Certificate - Issued byNoSSL Certificate Analyzer0030NoneC=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA64.226.81.43
2023-05-12 02:53:45BGP AS MembershipNoCensys0020None541132606:50c0:8002::153
2023-05-12 03:01:03Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.111): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:06URL (Uses Javascript)NoPage Information0030Nonehttp://fluid.battleb0t.xyz<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="Cache-Control" content="no-cache"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes"> <link rel="apple-touch-icon" href="logo.png"> <link rel="icon" href="logo.png"> <title>WebGL Fluid Simulation</title> <meta name="description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:type" content="website"> <meta property="og:title" content="Webgl Fluid Simulation"> <meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/"> <meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png"> <script type="text/javascript" src="dat.gui.min.js"></script> <style> @font-face { font-family: 'iconfont'; src: url('iconfont.ttf') format('truetype'); } * { user-select: none; } html, body { overflow: hidden; background-color: #000; } body { margin: 0; position: fixed; width: 100%; height: 100%; } canvas { width: 100%; height: 100%; } .dg { opacity: 0.9; } .dg .property-name { overflow: visible; } .bigFont { font-size: 150%; color: #8C8C8C; } .cr.function.appBigFont { font-size: 150%; line-height: 27px; color: #A5F8D3; background-color: #023C40; } .cr.function.appBigFont .property-name { float: none; } .cr.function.appBigFont .icon { position: sticky; bottom: 27px; } .icon { font-family: 'iconfont'; font-size: 130%; float: right; } .twitter:before { content: 'a'; } .github:before { content: 'b'; } .app:before { content: 'c'; } .discord:before { content: 'd'; } .promo { display: none; /* display: table; */ position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 1; overflow: auto; color: lightblue; background-color: rgba(0,0,0,0.4); animation: promo-appear-animation 0.35s ease-out; } .promo-middle { display: table-cell; vertical-align: middle; } .promo-content { width: 80vw; height: 80vh; max-width: 80vh; max-height: 80vw; margin: auto; padding: 0; font-size: 2.8vmax; font-family: Futura, "Trebuchet MS", Arial, sans-serif; text-align: center; background-image: url("promo_back.png"); background-position: center; background-repeat: no-repeat; background-size: cover; border-radius: 15px; box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19); } .promo-header { height: 10%; padding: 2px 16px; } .promo-close { width: 10%; height: 100%; text-align: left; float: left; font-size: 1.3em; /* transition: 0.2s; */ } .promo-close:hover { /* transform: scale(1.25); */ cursor: pointer; } .promo-body { padding: 8px 16px 16px 16px; margin: auto; } .promo-body p { margin-top: 0; mix-blend-mode: color-dodge; } .link { width: 100%; display: inline-block; } .link img { width: 100%; } @keyframes promo-appear-animation { 0% { transform: scale(2.0); opacity: 0; } 100% { transform: scale(1.0); opacity: 1; } } </style> <script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-105392568-1', 'auto'); ga('send', 'pageview'); </script> <script async src="https://www.google-analytics.com/analytics.js"></script> </head> <body> <canvas></canvas> <!-- Mother of God, pls forgive me --> <div class="promo"> <div class="promo-middle"> <div class="promo-content"> <div class="promo-header"> <span class="promo-close">&times;</span> </div> <div class="promo-body"> <p>Try Fluid Simulation app!</p> <div class="links-container"> <a class="link" id="apple_link" target="_blank"> <img class="link-img" alt="Download on the App Store" src="app_badge.png"/> </a> <a class="link" id="google_link" target="_blank"> <img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/> </a> </div> </div> </div> </div> </div> <script src="./script.js"></script> </body> </html>
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.219): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneDCO (Net ID: 00:0C:41:66:5E:C3)33.6170672,-111.90564645297056
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneGreeceexpressdryclean.gr
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneSteam (Category: gaming) https://steamcommunity.com/id/Battleb0tBattleb0t
2023-05-12 03:21:08Account on External SiteNoAccount Finder0020NoneChomikuj.pl (Category: misc) https://chomikuj.pl/dawidsulej/dawidsulej
2023-05-12 03:08:29Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.185.199.109.153
2023-05-12 03:09:39Affiliate - Internet NameNoDNS Resolver0040None111.48.229.35.bc.googleusercontent.com35.229.48.111
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonefriday28 (Net ID: 00:06:25:BF:BB:2F)33.336199,-111.89446440830702
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneU+Net (Net ID: 00:02:A8:81:E3:25)50.1188, 8.6843
2023-05-12 03:11:16Physical CoordinatesNoAbstractAPI0020None37.751, -97.8222a06:98c1:3120::1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:66:AA:84)33.336199,-111.89446440830702
2023-05-12 02:54:48Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H06G1PB5R3RGDWCWXWQ2TAMN Date: <REDACTED> Content-Length: 0 34.148.97.127
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneikizler (Net ID: 00:12:BF:32:87:51)40.2024, 29.0398
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:64:DA:1A)33.617190550339146,-111.90827887019054
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonelogitecgameuser (Net ID: 00:01:8E:15:D4:A7)37.780462,-122.390564
2023-05-12 03:03:23Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00-duino.github.io
2023-05-12 02:44:15SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 Validity Not Before: Dec 21 00:00:00 2022 GMT Not After : Jan 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae: cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d: b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88: 23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86: 5a:94:02:42:28 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A X509v3 Subject Key Identifier: 3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F X509v3 Subject Alternative Name: DNS:*.netlify.app, DNS:netlify.app X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Dec 21 09:03:52.902 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB: C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17: 00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58: FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86: 6C:21:15:5D:B2:9C:A1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Dec 21 09:03:52.857 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B: 44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD: 03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D: D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8: 5D:FA:B6:44:79:49:3C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B: 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17 Timestamp : Dec 21 09:03:52.852 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D: 58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23: F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9: 3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8: 4E:E8:E8:BE:9A:FD:22 Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea: 95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e: 80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02: 31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03: ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6: 8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49 funny.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonevapor (Net ID: 00:02:2D:09:FB:FD)37.780462,-122.390564
2023-05-12 02:53:22IPv6 AddressNoMnemonic PassiveDNS0020None2606:4700:3030::ac43:a8fcnwapi2.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:92:53:2C)41.8781, -87.6298
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0030Nonehttps://funny.battleb0t.xyz/images/random_5.pnghttps://funny.battleb0t.xyz/
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonestudiobleu (Net ID: 00:0C:41:86:C7:5C)39.0469, -77.4903
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneFOX (Net ID: 00:01:71:0C:5D:4A)52.3759, 4.8975
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:14IPv6 AddressNoDNS Resolver15010None2606:50c0:8003::153battleb0t.xyz
2023-05-12 02:45:48Internet NameNoVirusTotal0020Nonewww.battleb0t.xyzkekw.battleb0t.xyz
2023-05-12 02:53:01Malicious IP AddressYesVirusTotal0030NoneVirusTotal [34.148.97.127] https://www.virustotal.com/en/ip-address/34.148.97.127/information/34.148.97.127
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePokec (Category: social) https://pokec.azet.sk/loginlogin
2023-05-12 02:55:04Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://anonymousplanet-ng.org/guide.html#how-to-share-files-or-chat-anonymously', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7516:120:WilError_01"\n "SM0:7680:120:WilError_01"\n "Local\\SM0:7680:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:7680:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7516:120:WilError_01"\n "Local\\SM0:7516:304:WilStaging_02"\n "SM0:7516:304:WilStaging_02"\n "SM0:7516:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7516:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7516:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7516:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base 7060000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base 60c0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\IMM32.DLL" at base 9400000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 60c0000\n "msedge.exe" loaded module "%WINDIR%\\TEMP\\VXOLE64.DLL" at base ff6c0000\n "msedge.exe" loaded module "NTMARTA.DLL" at base 5020000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 7060000\n "msedge.exe" loaded module "COMBASE.DLL" at base 8c60000\n "msedge.exe" loaded module "OLE32.DLL" at base 86c0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 4480000'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"216.239.36.21:443"\n "185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"anonymousplanet-ng.org"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007516]\n "f_00024d" has type "JPEG image data baseline precision 8 1094x527 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00007732]\n "d7540acf-f2a5-4f49-a1ea-307942bec9de.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\d7540acf-f2a5-4f49-a1ea-307942bec9de.tmp]- [targetUID: 00000000-00007516]\n "f_000268" has type "JPEG image data progressive precision 8 500x500 components 3"- [targetUID: N/A]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7516_1432934247\\shopping_iframe_driver.js]- [targetUID: 00000000-00007516]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007516]\n "f_00023e" has type "PNG image data 1472 x 711 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00007732]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Speech Recognition\\1.15.0.1\\manifest.json]- [targetUID: 00000000-00007516]\n "f_000243" has type "JPEG image data baseline precision 8 957x630 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00007732]\n "05718f91-038a-4a83-95b9-0746c34b8b24.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 1189 x 366 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007732]\n "18782bcb-f0c5-4225-b53e-723a5c8e090c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\18782bcb-f0c5-4225-b53e-723a5c8e090c.tmp]- [targetUID: 00000000-00007516]\n "d91d444f-c302-4c6f-acf6-06790042151e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\d91d444f-c302-4c6f-acf6-06790042151e.tmp]- [targetUID: 00000000-00007516]\n "f_00026e" has type "JPEG image data baseline precision 8 1079x836 components 3"- [targetUID: N/A]\n "d214a62f-b179-445a-8f70-dd89475f7efa.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d214a62f-b179-445a-8f70-dd89475f7efa.tmp]- [targetUID: 00000000-00007516]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007516]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Speech Recognition\\1.15.0.1\\manifest.fingerprint]- [targetUID: 00000000-00007516]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007516]\n "f_00026b" has type "JPEG image data baseline precision 8 1062x601 components 3"- [targetUID: N/A]\n "24123523-1b93-4cf0-be94-11e2071c1fe5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://anonymousplanet-ng.org/guide.html#how-to-share-files-or-chat-anonymously"\n Pattern match: "https://anonymousplanet-ng.org"\n Heuristic match: "anonymousplanet-ng.org"\n Pattern match: "ect.org/manual/_"\n Heuristic match: "roJ\'ect.org"\n Heuristic match: "https:I/briarproJ\'ect.org/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-36', u'name': u'Process binds to unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Process "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" binds to port 49712\n Process "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" binds to port 49713\n Process "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" binds to port 49714'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/92 Antivirus vendors marked sample as malicious (1% detection rate)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-11', u'name': u'The analysis extracted a file that was identified as malicious', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None185.199.109.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonersi (Category: gaming) https://robertsspaceindustries.com/citizens/loginlogin
2023-05-12 03:17:36Similar Domain - WhoisNoWhois1020NoneDomain Name: AHU.XYZ Registry Domain ID: D196165314-CNIC Registrar WHOIS Server: whois.google.com Registrar URL: https://domains.google.com Updated Date: 2023-05-04T03:02:40.0Z Creation Date: 2020-08-10T01:10:12.0Z Registry Expiry Date: 2026-08-10T23:59:59.0Z Registrar: Google Inc Registrar IANA ID: 895 Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Contact Privacy Inc. Customer 7151571251 Registrant State/Province: ON Registrant Country: CA Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.DAN.COM Name Server: NS2.DAN.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: registrar-abuse@google.com Registrar Abuse Contact Phone: +1.2065311374 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ahu.xyz Registry Domain ID: D196165314-CNIC Registrar WHOIS Server: whois.google.com Registrar URL: https://domains.google.com Updated Date: 2023-05-04T03:02:40Z Creation Date: 2020-08-10T01:10:12Z Registrar Registration Expiration Date: 2026-08-10T23:59:59Z Registrar: Google LLC Registrar IANA ID: 895 Registrar Abuse Contact Email: registrar-abuse@google.com Registrar Abuse Contact Phone: +1.8772376466 Domain Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: go663216313251 Registrant Name: Contact Privacy Inc. Customer 7151571251 Registrant Organization: Contact Privacy Inc. Customer 7151571251 Registrant Street: 96 Mowat Ave Registrant City: Toronto Registrant State/Province: ON Registrant Postal Code: M4K 3K1 Registrant Country: CA Registrant Phone: +1.4165385487 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: https://domains.google.com/contactregistrant?domain=ahu.xyz Registry Admin ID: go663216313251 Admin Name: Contact Privacy Inc. Customer 7151571251 Admin Organization: Contact Privacy Inc. Customer 7151571251 Admin Street: 96 Mowat Ave Admin City: Toronto Admin State/Province: ON Admin Postal Code: M4K 3K1 Admin Country: CA Admin Phone: +1.4165385487 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: https://domains.google.com/contactregistrant?domain=ahu.xyz Registry Tech ID: go663216313251 Tech Name: Contact Privacy Inc. Customer 7151571251 Tech Organization: Contact Privacy Inc. Customer 7151571251 Tech Street: 96 Mowat Ave Tech City: Toronto Tech State/Province: ON Tech Postal Code: M4K 3K1 Tech Country: CA Tech Phone: +1.4165385487 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: https://domains.google.com/contactregistrant?domain=ahu.xyz Name Server: NS1.DAN.COM Name Server: NS2.DAN.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:16:36.418919Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en Please register your domains at: https://domains.google.com/ This data is provided by Google for information purposes, and to assist persons obtaining information about or related to domain name registration records. Google does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, will you use this data to: 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail (spam); or 2) enable high volume, automated, electronic processes that apply to this WHOIS server. These terms may be changed without prior notice. By submitting this query, you agree to abide by this policy. ahu.xyz
2023-05-12 02:44:22Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.108.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX55154FA6D (Net ID: 00:01:E3:54:FA:6D)52.3759, 4.8975
2023-05-12 02:56:01Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.eleuzina.sk/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar17A3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar17A4.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3664"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_IE_EarlyTabStart_0xe60_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_ConnHashTable<3664>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e50_ConnHashTable<3664>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e50_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "N0EQF2XV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N0EQF2XV.txt]- [targetUID: 00000000-00003664]\n Dropped file: "7D2Y51ZU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7D2Y51ZU.txt]- [targetUID: 00000000-00003664]\n Dropped file: "CD5VNIO4.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CD5VNIO4.txt]- [targetUID: 00000000-00003080]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab17A2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1791.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003080]\n "Tar17A3.tmp" has type "data"- Location: [%TEMP%\\Tar17A3.tmp]- [targetUID: 00000000-00003080]\n "~DFD224B327448F3092.TMP" has type "data"- Location: [%TEMP%\\~DFD224B327448F3092.TMP]- [targetUID: 00000000-00003664]\n "~DF2BFAF84F2483A9EA.TMP" has type "data"- Location: [%TEMP%\\~DF2BFAF84F2483A9EA.TMP]- [targetUID: 00000000-00003664]\n "~DF07EEC741044523D3.TMP" has type "data"- Location: [%TEMP%\\~DF07EEC741044523D3.TMP]- [targetUID: 00000000-00003664]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003080]\n "N0EQF2XV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N0EQF2XV.txt]- [targetUID: 00000000-00003664]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar17A4.tmp" has type "data"- Location: [%TEMP%\\Tar17A4.tmp]- [targetUID: 00000000-00003080]\n "~DF6A3365F64F9D0A70.TMP" has type "data"- Location: [%TEMP%\\~DF6A3365F64F9D0A70.TMP]- [targetUID: 00000000-00003664]\n "Cab17A2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab17A2.tmp]- [targetUID: 00000000-00003080]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003664]\n "RecoveryStore._8662D845-7FF9-11ED-8F03-0800277C4D18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "7D2Y51ZU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7D2Y51ZU.txt]- [targetUID: 00000000-00003664]\n "site_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003080]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003080]\n "_8662D847-7FF9-11ED-8F03-0800277C4D18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.eleuzina.sk/site.webmanifest"\n Pattern match: "https://www.eleuzina.sk"\n Pattern match: "www.eleuzina.sk"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 285\nContent-Type: application/octet-stream\nDate: Tue, 20 Dec 2022 00:54:55 GMT\nEtag: "50b305a2becc1418afde3a122a99e9e1-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMPGDGGGDB0PF7SK4KRJ104.196.30.220
2023-05-12 03:09:35Affiliate - Internet NameNoDNS Resolver0040None214.30.196.104.bc.googleusercontent.com104.196.30.214
2023-05-12 02:46:53Affiliate - Domain NameNoDNS Resolver2020Nonecloudflare.netroute2.mx.cloudflare.net
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneLinktree (Category: social) https://linktr.ee/ayhuayhu
2023-05-12 02:52:59Web TechnologyNoTool - WAFW00F0020NoneNone Nonewww.battleb0t.xyz
2023-05-12 03:01:15Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.138): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:39Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Jan 23 21:31:46 2023 GMT Not After : Apr 23 21:31:45 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85: 67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9: c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8: 12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6: c7:25:79:67:99 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA384 30:65:02:30:7d:70:13:0d:8c:86:f5:d2:71:80:52:b0:81:9f: d1:36:dd:fc:cb:3b:22:94:33:e2:be:58:b6:3f:ed:5d:35:71: fe:92:a5:53:e0:f1:36:f0:a2:e7:eb:a2:ad:86:80:be:02:31: 00:b4:75:e4:7e:fc:a0:b6:34:ee:54:89:8a:b5:86:bf:2b:19: a0:d9:77:ee:64:10:e8:70:df:08:20:8e:21:54:dc:0c:9d:83: c5:fb:9a:5e:61:df:01:60:14:be:f2:93:65
2023-05-12 02:44:30Internet NameNoDNS Resolver0020Nonebattleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneGiphy (Category: social) https://giphy.com/channel/ayhuayhu
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"}
2023-05-12 03:11:20Physical LocationNoAbstractAPI0030NoneFrankfurt am Main, Hesse, 60313, Germany, Europe165.232.113.85
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.59): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:EC:0F:F7)41.8781, -87.6298
2023-05-12 02:57:08Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 68, u'compromised_hosts': [u'35.229.48.116', u'35.229.48.116'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://mysqldump.guru/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"mysqldump.guru"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_854_ConnHashTable<2132>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_854_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2132"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_854_IE_EarlyTabStart_0xc68_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_854_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_854_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_854_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar8CD.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:80"\n "35.229.48.116:443"\n "184.31.135.120:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab8CC.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar8CD.tmp" has type "data"- Location: [%TEMP%\\Tar8CD.tmp]- [targetUID: 00000000-00002208]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002132]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002208]\n "Cab8CC.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab8CC.tmp]- [targetUID: 00000000-00002208]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._58ED487B-3D2F-11ED-9DB5-08002741DD17_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002132]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002208]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFF720781AB97005DE.TMP" has type "data"- Location: [%TEMP%\\~DFF720781AB97005DE.TMP]- [targetUID: 00000000-00002132]\n "~DF0A8CE01EE8BEF551.TMP" has type "data"- Location: [%TEMP%\\~DF0A8CE01EE8BEF551.TMP]- [targetUID: 00000000-00002132]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00002208]\n "ASZHC220.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ASZHC220.txt]- [targetUID: 00000000-00002208]\n "69C78A422A93F5B3CB1D3541A88DAA86" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C78A422A93F5B3CB1D3541A88DAA86]- [targetUID: 00000000-00002208]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002132]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"mysqldump.guru" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://mysqldump.guru/"\n Pattern match: "http://mysqldump.guru"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: https://htext.top/ (AV positives: 1/88 scanned on 09/26/2022 02:00:13)\n URL: http://goofy-brown-edae5e.netlify.app/ (AV positives: 9/88 scanned on 09/26/2022 01:45:05)\n URL: http://seovrggseo.netlify.app/distro-recommendation-for-mac.html (AV positives: 8/88 scanned on 09/26/2022 01:43:58)\n URL: http://v337546-yahoo-co-uk.netlify.app/ (AV positives: 15/88 scanned on 09/26/2022 01:40:17)\n URL: http://melanyrondon51.netlify.app/ (AV positives: 14/89 scanned on 09/26/2022 01:20:06)\n File SHA256: 78552f5436b9bf8f079510592f7d61c991abc31f687db116c76cda7b3d1de8dd (AV positives: 3/74 scanned on 09/16/2022 23:21:30)\n File SHA256: 7bc285600b6097490f580cbbf954c30b4b28f56e27f45bb03cbdeb5586089f0d (AV positives: 3/74 scanned on 09/16/2022 23:45:12)\n File SHA256: 230ad0dc3aad34538acddddc1b4af39a8ac95c43969cfde95caf1c07875e7c4d (AV positives: 23/75 scanned on 09/14/2022 23:23:07)\n File SHA256: e2751961ab69c5971a27f14e01f2fb4faca5f0817ec38fbe5c65cfa3fdd0e53a (AV positives: 20/74 scanned on 09/05/2022 15:20:03)\n File SHA256: 38bedee13bcb166766735d56317b1e49d580910c404c27ade070987cf3dc6d5f (AV positives: 25/74 scanned on 08/30/2022 00:15:34)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-33', u'name': u'Malicious artifacts seen in the context of the input URL', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 7, u'description': u'Found malicious artifacts related to the input domain "http://mysqldump.guru" (IP: 35.229.48.116): ...\n\n URL: https://htext.top/ (AV positives:35.229.48.116
2023-05-12 03:03:43Internet NameNoDNS Resolver0040Nonepanel.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://panel.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://panel.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.71.14']}}}, {}]
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.249): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:08:54Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7134.74.170.74
2023-05-12 03:31:31Affiliate - Email AddressNoE-Mail Address Extractor0070Nonec26pf75p2tc@networksolutionsprivateregistration.com Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:40:26Z Creation Date: 2018-06-27T20:51:35Z Registry Expiry Date: 2024-06-27T20:51:35Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:41:04Z Creation Date: 2018-06-27T20:51:35Z Registrar Registration Expiration Date: 2024-06-27T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32256 Registrant Country: US Registrant Phone: +1.5707088622 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Admin ID: Admin Name: PERFECT PRIVACY, LLC Admin Organization: Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Admin City: Jacksonville Admin State/Province: FL Admin Postal Code: 32256 Admin Country: US Admin Phone: +1.5707088622 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Tech ID: Tech Name: PERFECT PRIVACY, LLC Tech Organization: Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Tech City: Jacksonville Tech State/Province: FL Tech Postal Code: 32256 Tech Country: US Tech Phone: +1.5707088622 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned Registrar Abuse Contact Email: domain.operations@web.com Registrar Abuse Contact Phone: +1.8777228662 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en This listing is a Network Solutions Private Registration. Mail correspondence to this address must be sent via USPS Express Mail(TM) or USPS Certified Mail(R); all other mail will not be processed. Be sure to include the registrant's domain name in the address. The data in Networksolutions.com's WHOIS database is provided to you by Networksolutions.com for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. Networksolutions.com makes this information available "as is," and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; or (2) enable high volume, automated, electronic processes that apply to Networksolutions.com (or its systems). The compilation, repackaging, dissemination or other use of this data is expressly prohibited without the prior written consent of Networksolutions.com. Networksolutions.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonealex-home (Net ID: 00:01:E3:58:87:1F)50.1188, 8.6843
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NonePicsart (Category: art) https://picsart.com/u/ayshooayshoo
2023-05-12 02:44:18Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Noneebrahemsamir.github.io185.199.108.153
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0001vrn.github.io] https://www.openphish.com/feed.txt0001vrn.github.io
2023-05-12 03:08:57Vulnerability - CVE MediumYesTool - Retire.js0040NoneCVE-2020-11022 https://nvd.nist.gov/vuln/detail/CVE-2020-11022 Score: 6.1 Description: In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.http://code.jquery.com/jquery-3.2.1.js
2023-05-12 02:44:22Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyzCN=oldfluid.battleb0t.xyz
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.204): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c53def4fc411045-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.71.14
2023-05-12 02:44:15Open TCP PortNoSSL Certificate Analyzer0020None185.199.111.153:443185.199.111.153
2023-05-12 03:09:53Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.97
2023-05-12 02:53:42HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["7C6A:7C80:2850A39:3919A91:645D8DCD"], "Age": ["1827"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-kigq8000031-CHI"], "X_Cache_Hits": ["1"], "X_Timer": ["S1683854577.750981,VS0,VE4"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8d-239b\""], "X_Fastly_Request_Id": ["01d5273de282686844c6b1cd964008c7007600d9"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["HIT"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}185.199.109.153
2023-05-12 02:54:12Linked URL - InternalNoWeb Spider4010Nonehttps://battleb0t.xyz/battleb0t.xyz
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:8443172.67.135.9
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/ein_2.pnghttps://funny.battleb0t.xyz/
2023-05-12 03:08:49Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11235.229.48.116
2023-05-12 03:00:32Affiliate - Email AddressNoE-Mail Address Extractor0040Nonefl@e9.lb[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://macinstruct.sertfidancilik.com/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2434.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.7.33:443"\n "65.8.165.119:443"\n "104.196.30.220:443"\n "172.67.176.214:443"\n "65.8.165.51:80"\n "23.61.169.89:80"\n "65.8.165.104:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dc4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dc4_IESQMMUTEX_0_519"\n "IsoScope_dc4_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dc4_ConnHashTable<3524>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3524"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_dc4_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_dc4_IE_EarlyTabStart_0x530_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\MSIMGSIZECacheMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data Windows 2000/XP setup 4817 bytes 1 file at 0x2c +A "disallowedcert.stl" number 1 1 datablock 0x1 compression"\n "Cab2433.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "4L134F50.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n Dropped file: "XVLMDIKC.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XVLMDIKC.txt]- [targetUID: 00000000-00003524]\n Dropped file: "CVDBBF2V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CVDBBF2V.txt]- [targetUID: 00000000-00003524]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsmacinstruct.sertfidancilik.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003384]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003524]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003384]\n "logo_1_.png" has type "PNG image data 128 x 128 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003384]\n "~DF77AE68F8612CDCE2.TMP" has type "data"- Location: [%TEMP%\\~DF77AE68F8612CDCE2.TMP]- [targetUID: 00000000-00003524]\n "9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1]- [targetUID: 00000000-00003384]\n "iphone_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "4L134F50.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003524]\n "5E42C65D472B356D49EB3B8AD6849196" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\5E42C65D472B356D49EB3B8AD6849196]- [targetUID: 00000000-00003384]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003384]\n "O7UT3CDV.htm" has type "HTML document ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\O7UT3CDV.htm]- [targetUID: 00000000-00003384]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003524]\n "mac_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://macinstruct.sertfidancilik.com/"\n Pattern match: "https://macinstruct.sertfidancilik.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-s
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 02:44:09SSL Certificate - Issued toNoCertSpotter1010NoneCN=*.ayhu.xyzayhu.xyz
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0070NoneIdentity Digital Inc.Domain Name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2022-06-08T05:38:27Z Creation Date: 2022-06-03T05:37:56Z Registry Expiry Date: 2026-06-03T05:37:56Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-06-03T05:37:56.70Z Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:27Internet NameNoDNS Resolver0020Nonenwapi2.battleb0t.xyzCN=nwapi2.battleb0t.xyz
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.118): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:59:58Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemanuel.ebner@ebnerfamily.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'Curated Live Sessions Preview.htm', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f98_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f98_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f98_ConnHashTable<3992>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"\n "IsoScope_f98_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f98_IE_EarlyTabStart_0x9a8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f98_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "142.250.191.74:443"\n "185.199.108.153:443"\n "207.58.149.159:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"queryfibre.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "mastermanpublications.com"\n "query.prod.cms.msn.com"\n "queryfibre.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003992]\n "slps_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00003992]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "CabD0C8.tmp" has type "data"- Location: [%TEMP%\\CabD0C8.tmp]- [targetUID: 00000000-00002780]\n "splice_1_.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003992]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "~DF4D711661B7A04B97.TMP" has type "data"- Location: [%TEMP%\\~DF4D711661B7A04B97.TMP]- [targetUID: 00000000-00003992]\n "~DF4E28665F3A902F14.TMP" has type "data"- Location: [%TEMP%\\~DF4E28665F3A902F14.TMP]- [targetUID: 00000000-00003992]\n "~DF143E17619557CCD4.TMP" has type "data"- Location: [%TEMP%\\~DF143E17619557CCD4.TMP]- [targetUID: 00000000-00003992]\n "~DF4659A31BF6BFFA2F.TMP" has type "data"- Location: [%TEMP%\\~DF4659A31BF6BFFA2F.TMP]- [targetUID: 00000000-00003992]\n "~DF30EEA2AB51846FC9.TMP" has type "data"- Location: [%TEMP%\\~DF30EEA2AB51846FC9.TMP]- [targetUID: 00000000-00003992]\n "_E0E36BB9-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "RecoveryStore._E0E36BB7-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_E9939342-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_9005BE62-EDB0-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002780]\n "4QKL12T1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4QKL12T1.txt]- [targetUID: 00000000-00003992]\n "FDR3QYMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FDR3QYMD.txt]- [targetUID: 00000000-00003992]\n "6JPHIXX5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JPHIXX5.txt]- [targetUID: 00000000-00003992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "search_1_.json" has type "JSON data"- [targetUID: 00000000-00003992]\n "splice_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: 00000000-00003992]\n "ZN7JGHLC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZN7JGHLC.txt]- [targetUID: 00000000-00003992]\n "CAGRGPOL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CAGRGPOL.txt]- [targetUID: 00000000-00003992]\n "UIT1QO2U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UIT1QO2U.txt]- [targetUID: 00000000-00003992]\n "W8PZ9GMH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W8PZ9GMH.txt]- [targetUID: 00000000-00003992]\n "CabBAEC.tmp" has type "data"- Location: [%TEMP%\\CabBAEC.tmp]- [targetUID: 00000000-00002780]\n "CabBACB.tmp" has type "data"- Location: [%TEMP%\\CabBACB.tmp]- [targetUID: 00000000-00002780]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "urlref_httpqueryfibre.github.iov4splice.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'HTTPS traffic to "142.250.191.74" on port "443"\n HTTPS traffic to "185.199.108.153" on port "443"
2023-05-12 02:45:53Raw Data from RIRsNoAbstractAPI0040None{u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:52'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3037::6815:470e', u'continent': u'North America', u'region_iso_code': u'QC'}2606:4700:3037::6815:470e
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneSpotify (Category: music) https://open.spotify.com/user/ayhuayhu
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 02:53:55Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://zeptojs.com/zepto.min.js', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6140:120:WilError_01"\n "Local\\SM0:4356:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:4356:120:WilError_01"\n "Local\\SM0:4356:120:WilError_01"\n "SM0:6140:120:WilError_01"\n "Local\\SM0:6140:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:6140:304:WilStaging_02"\n "Local\\SM0:6140:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6140:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""baysidebuddy.com"," (Indicator: "ebuddy.com")\n ""comeherebuddy.com"," (Indicator: "ebuddy.com")\n ""www.facebook.com"," (Indicator: "facebook.com")\n ""linkedin.com"," (Indicator: "linkedin.com")\n ""paypal.com"," (Indicator: "paypal")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""blingbykey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""boosted-luckey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bowlingmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""burgeonbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""busybeescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\MICROSOFT EDGE.LNK"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00006140]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.32\\Ruleset Data]- [targetUID: 00000000-00006140]\n "wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\\6140_130057699\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00006140]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00006140]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00006140]\n "Filtering Rules" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\Filtering Rules]- [targetUID: 00000000-00006140]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6140_130057699\\wallet.bundle.js]- [targetUID: 00000000-00006140]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6140_130057699\\vendor.bundle.js]- [targetUID: 00000000-00006140]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006140]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6140_130057699\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00006140]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006140]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\product_page.js]- [targetUID: 00000000-00006140]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006140]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\auto_open_controller.js]- [targetUID: 00000000-00006140]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6140_130057699\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00006140]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6140_130057699\\Notification\\notification.bundle.js]- [targetUID: 00000000-00006140]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Platform Notifications\\000003.log]- [targetUID: 00000000-00006140]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6140_1928901235\\Filtering Rules-AA]- [targetUID: 00000000-00006140]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006140]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\shoppingfre.js]- [targetUID: 00000000-00006140]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"wallet-drawer.bundle.js.LICENSE.txt" has type "Unk185.199.109.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonemariposa (Net ID: 00:01:24:F1:B8:36)37.7642, -122.3993
2023-05-12 02:44:50Raw Data from RIRsNoCRXcavator1010None[{"platform": "Chrome", "version": "2.1", "data": {"entrypoints": {"window.addEventListener": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jstorage.min.js": [14, 15]}, "chrome.tabs.query": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [59, 82], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/popup.js": [13], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [34, 49]}, "chrome.runtime.onMessage": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/content.js": [367], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [4], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [21]}}, "risk": {"webstore": {"website": 1, "last_updated": 2, "users": 1, "address": 1, "total": 7, "support_site": 1, "rating_users": 1}, "retire": {"total": 110, "medium": 100, "low": 10}, "permissions": {"total": 30}, "total": 524, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "metadata": {}}, "extcalls": ["https://s.click.aliexpress.com/deep_link.htm?aff_short_key=_DClxvSL&dl_target_url=", "https://www.ebay.", "http://www.dropshipping-ebay.com", "https://", "https://www.google.com/analytics/web/inpage/pub/inpage.js?", "https://ssl.google-analytics.com/j/__utm.gif", "http://www.google-analytics.com", "https://www.google.%/ads/ga-audiences?", "http://www.google.com/"], "retire": [{"results": [{"detection": "filename", "vulnerabilities": [{"info": ["https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "2432", "summary": "3rd party CORS request may execute"}, "severity": "medium"}, {"info": ["https://bugs.jquery.com/ticket/11974", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "11974", "summary": "parseHTML() executes scripts in event handlers"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"], "identifiers": {"CVE": ["CVE-2019-11358"], "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11022"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11023"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://github.com/jquery/jquery.com/issues/162"], "identifiers": {"summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates"}, "severity": "low"}], "version": "2.2.4.min", "component": "jquery"}], "file": "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jquery-2.2.4.min.js"}], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "ohfgljdgelakfkefopgklcohadegdpjf": {"rating": 4.65096, "users": 3000000, "platform": "", "short_description": "Easy-to-use PDF tools to Edit, Convert, Merge, Split and Compress PDF files.", "icon": "https://lh3.googleusercontent.com/JeGWeZiGxLb3KWGAn6FWnAjCyJDsmC7lu_O_x-h8TpDGQRa_VBnOhh-Uxh_XocOgczrfiPO_hzR_MDCleFQJeyiMwg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2865, "name": "Smallpdf - Edit, Compress and Convert PDF"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "icnekagcncdgpdnpoecofjinkplbnocm": {"rating": 4.4411764, "users": 2000000, "platform": "", "short_description": "Read articles without distractions - use reader view. Make your reading process exceptional.", "icon": "https://lh3.googleusercontent.com/YBio0Hy33x3naSYfOCJBEMCntZexQLygzl17tRtLkxQXhR6esY8BtGoe7tgYNDmg3ZYAC2iTrQBdY-NVWXivPsn6r5A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34, "name": "Easyview Reader view"}, "fejgiddmdpgdmhhdjbophmflidmdpgdi": {"rating": 4.3333335, "users": 2000000, "platform": "", "short_description": "Increase audio volume up to 600% from the maximum! Boost your sound", "icon": "https://lh3.googleusercontent.com/0LHATIT-6LW9AX2Yy9uzoPDenL7TkUN-C_nsXHx9fODi7cQCp97p20zVArwcsk4UcocYknKLTd5Wyr6y4iW1q5T3hWE=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Volume Booster Plus"}, "efaidnbmnnnibpcajpcglclefindmkaj": {"rating": 4.290437, "users": 10000000, "platform": "", "short_description": "Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.", "icon": "https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34937, "name": "Adobe Acrobat: PDF edit, convert, sign tools"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "bpconcjcammlapcogcnnelfmaeghhagj": {"rating": 4.6261697, "users": 1000000, "platform": "", "short_description": "Record screencasts - record video from your screen. Screen Capture FULL Web page or any part. Edit screenshots.", "icon": "https://lh3.googleusercontent.com/VOnmhiXEBw4cIinxoJYNVSdqWr-xOchHol4frxQCitlE2mmsh1TByQ2zYNDv8sdyEP0lNrmwY4_FOi64MV1WQCnRS6U=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 16882, "name": "Nimbus Screenshot & Screen Video Recorder"}, "admmjipmmciaobhojoghlmleefbicajg": {"rating": 3.0946643, "users": 4000000, "platform": "", "short_description": "A cloud-based password manager that makes it easy to log in to your favorite sites.", "icon": "https://lh3.googleusercontent.com/uJX-GTxk93n7vQYuG55g9ULQFUknftFjN3ZAjbObhTQ3DIQlDHrcVfgfw7sLBpvSQDSl_Kv10WqpB1HvNUg9nWF_YQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1162, "name": "Norton Password Manager"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "bkkbcggnhapdmkeljlodobbkopceiche": {"rating": 4.7756734, "users": 2000000, "platform": "", "short_description": "Block popups, ads, cookie requests, trackers, notifications, ads on social media & more. A clean browsing experience starts today.", "icon": "https://lh3.googleusercontent.com/R9P6olNFUIkjebO_S6vG-1SulDiFYNVgtI8U-r3rm9Gq6TI__wd5ZIdeMxEB_9jL01MmRJve7CI28HLY18dJUOFibJs=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 80784, "name": "Pop up blocker for Chrome\u2122 - Poper Blocker"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "mlomiejdfkolichcflejclcbmpeaniij": {"rating": 4.6202865, "users": 2000000, "platform": "", "short_description": "Ghostery is a powerful privacy extension. Block ads, stop trackers and speed up websites.", "icon": "https://lh3.googleusercontent.com/CpXOKuccvzh9oCG7G6NLr5nAvqUEdMLgfqWsYrKR92loF74N42s1B6LPtolnoVJphyP7WMTOtQRY7eAb2v61x1tOmQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 12836, "name": "Ghostery \u2013 Privacy Ad Blocker"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "fjgncogppolhfdpijihbpfmeohpaadpc": {"rating": 4.473016, "users": 2000000, "platform": "", "short_description": "Fast, one-click access to millions of research papers.", "icon": "https://lh3.googleusercontent.com/orDWHjYrSVYleMvmm7KTV9GHN_DcjWfOUKP6MVQ-JxjaW3BUF61B9Z2gPU__qY23z764gn7FLubSqYbcZZ8H_w3LJg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 315, "name": "EndNote Click - Formerly Kopernio"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you ayhu.xyz
2023-05-12 03:11:18Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Amsterdam', u'security': {u'is_vpn': False}, u'city_geoname_id': 2759794, u'region_geoname_id': 2749879, u'country': u'Netherlands', u'region': u'North Holland', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'CloudFlare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/NL_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/NL_flag.png', u'unicode': u'U+1F1F3 U+1F1F1', u'emoji': u'\U0001f1f3\U0001f1f1'}, u'postal_code': u'1012', u'longitude': 4.8975, u'country_code': u'NL', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Amsterdam', u'current_time': u'05:11:17'}, u'latitude': 52.3759, u'country_geoname_id': 2750405, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'188.114.97.1', u'continent': u'Europe', u'region_iso_code': u'NH'}188.114.97.1
2023-05-12 03:00:58Malicious AffiliateYesVXVault.net0130NoneVXVault Malicious URL List [cdn-185-199-110-153.github.com] http://vxvault.net/URL_List.phpcdn-185-199-110-153.github.com
2023-05-12 02:52:11Malicious IP AddressYesVirusTotal0130NoneVirusTotal [172.67.168.252] https://www.virustotal.com/en/ip-address/172.67.168.252/information/172.67.168.252
2023-05-12 02:50:16Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 17:04:53 2023 GMT Not After : Jun 25 17:04:52 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24: 59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb: 24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c: 2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52: 95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06: 2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20: e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa: a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6: 91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20: 37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a: 50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e: 0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe: a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56: 10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77: c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4: 5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a: 4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50: 36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c: 84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e: 0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a: 98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06: 5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45: 85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81: f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b: 6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c: 69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea: b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59: 65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a: 5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50: 4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2: bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad: d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d: d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34: 1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c: 5d:09:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 24:54:79:6e:3c:79:d5:ae:a0:b8:7c:0a:ff:89:93:3d:d6:57: 91:5f:7d:e2:ea:b5:70:87:04:12:dd:cf:ba:db:1a:dd:bf:5f: 7c:c6:d9:18:6d:ca:27:ff:1c:41:bc:85:75:b0:f4:d1:5d:dc: 45:87:06:cb:1f:49:05:31:eb:49:05:f4:6b:36:41:2f:39:66: bb:c1:2a:07:32:84:55:39:1c:a4:29:9c:55:fc:c5:e4:ad:62: 54:ad:d2:25:f2:67:4f:a1:c0:d0:75:ed:4f:e4:15:2f:b9:2f: 6f:67:f4:2e:dc:7e:0d:b9:75:12:29:49:c3:67:d0:7b:f2:21: 0c:ee:8a:58:d9:43:b2:12:a1:03:39:b0:0e:c1:ea:07:d2:2f: a3:20:c3:66:05:93:88:53:7a:4d:dc:f9:b6:ec:64:81:b8:41: 97:de:f9:a9:49:80:7b:d7:0d:4d:f9:f4:92:96:1e:c7:cc:e3: 98:1b:07:be:b0:bf:bd:9e:e3:6c:c7:67:ae:92:9a:78:90:eb: a0:3f:1e:59:bd:f5:c7:ec:43:04:a4:be:44:c3:74:12:39:82: e0:e3:bf:d9:c2:3b:8e:9a:08:be:3c:f1:c4:88:72:a0:ed:59: 9a:b6:1a:ae:e9:2d:33:e0:ea:a0:55:60:b8:66:48:ca:d5:05: c4:a4:9b:ca
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneClayton2 (Net ID: 00:02:2D:0E:A8:AC)37.7642, -122.3993
2023-05-12 02:53:25IP AddressNoMnemonic PassiveDNS0020None172.67.168.252www.battleb0t.xyz
2023-05-12 02:46:24Netblock MembershipNoRIPE8020None185.199.109.0/24185.199.109.153
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom6F5C74 (Net ID: 00:0C:F6:6F:5C:74)50.8897, 6.0563
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx BYOD (Net ID: 00:01:21:26:54:31)41.8781, -87.6298
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:EB:D2:2C)41.8781, -87.6298
2023-05-12 02:49:58Malicious IP AddressYesVirusTotal0120NoneVirusTotal [185.199.110.153] https://www.virustotal.com/en/ip-address/185.199.110.153/information/185.199.110.153
2023-05-12 02:54:48Physical LocationNoCensys1030NoneNorth Charleston, South Carolina, 29405, United States, North America34.148.97.127
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneGravatar (Category: images) http://en.gravatar.com/profiles/loginlogin
2023-05-12 02:50:23Blacklisted IP AddressYesHoneypot Checker0130NoneHoneypotproject (172.67.168.252): Search Engine Last Activity: 0 days ago Threat Level: 29172.67.168.252
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.143): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx BYOD (Net ID: 00:01:21:26:54:21)41.8781, -87.6298
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonethemeforest (Category: art) https://themeforest.net/user/ayhuayhu
2023-05-12 02:44:20Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.110.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneDribbble (Category: art) https://dribbble.com/loginlogin
2023-05-12 02:53:06Web TechnologyNoTool - WAFW00F0020NoneCloudflare Inc. Cloudflarenuke.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMyVolvoLpyPOa (Net ID: 00:10:02:39:B3:DE)32.8608, -79.9746
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Host": ["87.248.157.102:2080"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Horde DAV Server\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 02:53:35HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["872A:0A4B:BBF254:10FE511:645C54E0"], "Etag": ["W/\"64556a8c-239b\""], "Age": ["0"], "X_Cache_Hits": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache": ["MISS"], "X_Timer": ["S1683772640.067376,VS0,VE28"], "Connection": ["keep-alive"], "Via": ["1.1 varnish"], "X_Fastly_Request_Id": ["13b6057c2e99facbd081defdf7bc9d1ff579d6e4"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100052-CHI"], "Accept_Ranges": ["bytes"]}185.199.110.153
2023-05-12 03:00:13Internet Name - UnresolvedNoCertificate Transparency0010Nonecpcontacts.ayhu.xyzayhu.xyz
2023-05-12 02:54:20Linked URL - ExternalNoWeb Spider0030Nonehttps://support.cloudflare.com/hc/en-us/articles/200171916-Error-521http://nuke.battleb0t.xyz/
2023-05-12 03:18:06Externally Hosted JavascriptNoPage Information0030Nonehttps://use.fontawesome.com/9dfc16ed6b.js<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F4:A6:7E)41.8781, -87.6298
2023-05-12 03:00:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.12): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00089.github.io] https://www.openphish.com/feed.txt00089.github.io
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget1020None007316.xyz185.199.111.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneDubtronicssid (Net ID: 00:01:24:F0:BB:A4)37.7813933,-122.3918002
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 26:cc:7f:01:c6:92:25:78:13:50:9e:48:80:75:15:57 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Mar 23 22:37:05 2023 GMT Not After : Jun 21 22:37:04 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:aa:7b:81:42:e7:bb:ef:b8:0c:29:95:16:51:5f: 17:ef:12:01:ea:12:d1:38:f6:d6:ab:de:90:73:55: a4:af:cb:7c:f7:08:2e:7f:ec:c7:d3:07:5d:b2:f5: bb:41:e9:04:92:a8:3c:a4:cb:ef:73:55:b5:a9:bc: 5c:d1:be:26:4b:99:f3:8a:57:d8:c7:77:79:1d:0e: 70:31:81:bc:da:4a:73:41:e5:08:81:59:46:c7:d8: 68:74:56:c2:f6:64:23:af:1b:88:8f:72:bd:52:09: 2e:97:9b:f1:a4:cf:09:d8:89:91:91:ca:2e:06:41: a2:84:ad:0d:6a:df:00:95:f5:ec:e2:1e:49:48:18: 0a:3f:98:fa:06:a5:50:9f:7c:2c:20:19:c1:55:cd: 77:d2:89:47:dd:a9:ee:13:f6:2f:e2:48:87:26:a5: fd:85:17:06:37:b0:a9:d0:53:b4:4d:e3:4c:ec:0e: 83:60:b2:ad:ad:2d:44:08:30:33:b0:91:f7:b0:f8: 00:7f:d1:49:37:39:19:99:a3:59:5c:dc:4a:a0:c5: bd:ef:ae:e1:d6:c3:40:3c:f6:35:0e:db:7b:df:4f: 54:c4:bd:f6:3a:2c:2b:ff:c9:5b:e5:d2:e9:69:24: 02:0b:f7:c6:94:a2:a1:ed:73:64:15:f9:25:08:00: 3b:85 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E7:35:7E:35:FD:7B:BC:32:B5:C0:52:8C:76:D9:7D:F0:37:0A:7A:3D X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/X4UdJFi-bqE CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/QCTFvWRh6mE.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 09:9f:cd:b5:43:3b:6a:2f:1d:c9:3b:c0:c8:50:40:4b:85:6c: a4:67:c0:ea:9c:ed:fa:82:03:5a:15:d9:da:e2:17:9e:f5:4d: 17:b3:27:61:b6:b3:76:a2:5c:3c:dc:1f:ca:d1:cf:2a:8c:c5: 9f:e1:42:b1:ce:4f:6c:8b:d7:5b:5d:4a:1a:37:bf:f7:48:1c: b0:1e:50:fd:1f:d7:83:b8:62:23:8e:ce:bc:13:38:47:cd:3d: 85:a8:0c:e6:2b:35:45:86:97:06:88:96:8f:aa:84:6c:ae:91: 25:1d:3c:c7:d6:f8:a1:4f:51:5e:ed:a9:fe:6b:22:98:84:a4: ef:b4:d3:2f:02:db:9e:b8:fb:29:cc:58:62:ad:6f:ac:48:dc: 16:46:0c:14:b4:34:7b:60:f1:ec:27:16:2b:4e:4a:c3:37:36: d0:34:81:c1:2b:54:8c:d5:17:57:ba:55:4c:71:58:26:4f:c6: 22:b8:65:ba:ad:e7:f5:f2:a8:04:c1:7d:df:11:ab:7d:f5:94: 7d:56:64:8a:41:7f:f4:d3:d7:1a:a0:c6:cc:e6:42:c8:ac:de: 6a:33:c1:21:70:bc:bd:6f:69:08:1f:8f:fa:9f:b7:aa:ca:2e: e6:b7:8f:15:ac:fb:89:0e:c0:5f:c0:b9:df:e8:c0:15:b9:87: ca:00:58:c5 battleb0t.xyz
2023-05-12 03:24:48CountryNoCountry Name Extractor0050NoneUnited StatesSeattle, Washington, 98108, United States, North America
2023-05-12 03:00:26Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabc@allianzgi.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_330_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_330_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "IsoScope_330_IE_EarlyTabStart_0x690_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_330_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarBB6A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarBA30.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "TarBB6A.tmp" has type "data"- Location: [%TEMP%\\TarBB6A.tmp]- [targetUID: 00000000-00002892]\n "_9E69994D-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002892]\n "~DF41FFD31729A203FF.TMP" has type "data"- Location: [%TEMP%\\~DF41FFD31729A203FF.TMP]- [targetUID: 00000000-00000816]\n "RecoveryStore._9E69994B-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "6JGINI9K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JGINI9K.txt]- [targetUID: 00000000-00000816]\n "J0N78Y0C.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0N78Y0C.txt]- [targetUID: 00000000-00000816]\n "CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBA1F.tmp]- [targetUID: 00000000-00002892]\n "S35ZJMPU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S35ZJMPU.txt]- [targetUID: 00000000-00000816]\n "MYW52O1X.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\MYW52O1X.htm]- [targetUID: 00000000-00002892]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBB69.tmp]- [targetUID: 00000000-00002892]\n "_A7F3014A-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF51E1B1269B03A86.TMP" has type "data"- Location: [%TEMP%\\~DFF51E1B1269B03A86.TMP]- [targetUID: 00000000-00000816]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "MUID1C5CECAFE62F66650020FE60E76367DFmsn.com/1025229670643231098083270159623031019620*"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.comAccept-Language"\n Heuristic match: "hctp_://rabet_anatkoo_ha.com"\n Pattern match: "https://llink.toaccess-control-allow-credentials"\n Pattern match: "https://llink.to"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025319012595231055838270143998031019620*"\n Pattern match: "MUIDB0843E9110DDB6B4E0942FBDE0C5F6A01ieonline.microsoft.com/9216229670643231098083269878373031019620*"\n Heuristic match: "rabetsanatkoosha.com"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*_EDGE_V1microsoft.com/9216229670643231098083269878373031019620*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "www.msn.com/"\n Pattern match: "https://rabetsanatkoosha.com/SNS/allianzgi.com/aBC@allianzgi.com"\n Pattern match: "llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "ianzgi.com"\n Heuristic match: "link.to"\n Heuristic match: "u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuris
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Host": ["87.248.157.102:2079"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Horde DAV Server\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonemotorola 8A4 (Net ID: 00:0C:E5:4D:D8:A4)39.0469, -77.4903
2023-05-12 03:09:34Affiliate - Internet NameNoDNS Resolver0040None211.30.196.104.bc.googleusercontent.com104.196.30.211
2023-05-12 02:56:51Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:18 2022 GMT Not After : Mar 27 01:46:17 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c: 8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e: 94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc: df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39: e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a: 41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c: 4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc: af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76: ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01: 78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa: b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4: 12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55: a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8: d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1: 8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47: e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b: 6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8: 25:d1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 27 02:46:18.221 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:73:56:94:2F:31:A8:B8:1A:98:8B:10:59: F6:53:2E:1E:0E:70:CF:6D:BF:D5:0A:CF:1C:31:3D:5B: 4C:23:37:67:02:21:00:9B:F2:01:A0:12:B4:3C:90:39: EA:84:E4:22:FA:75:BD:A0:C4:ED:89:F2:6C:18:97:FC: B8:F5:F0:56:AE:8E:01 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 27 02:46:18.274 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:05:3B:2E:33:08:22:D3:2E:0C:71:5D:CE: BB:25:C6:58:42:B3:AE:CA:D4:8F:0C:AD:30:6E:E3:A1: 6E:7B:1D:DD:02:21:00:B2:4C:68:98:17:12:76:10:DB: F7:E5:7C:1B:1E:CC:3D:22:69:57:D1:43:50:5C:F3:6B: C4:4A:45:D2:97:77:5D Signature Algorithm: sha256WithRSAEncryption b5:fc:32:be:0b:ef:36:0b:4c:2f:42:14:e0:23:44:71:fe:bb: 33:07:72:8b:73:2a:ff:5f:08:8a:b4:9e:62:31:57:db:a3:8b: f5:eb:48:64:20:6d:a4:a1:01:ca:d1:c5:02:57:6b:fa:f9:2f: 81:b9:22:b3:b6:f7:75:49:42:43:c2:49:2f:7b:79:d9:5f:e2: e1:45:6e:ec:6b:80:ad:7d:c6:5c:28:b1:1a:b9:4e:15:e6:17: ae:e5:e8:ce:6c:bb:82:2d:39:fb:ee:42:88:dd:71:2d:32:a2: 58:59:d5:82:ef:a1:1f:ed:eb:e8:31:65:9c:54:f9:39:7e:04: 23:d4:63:6c:f9:8a:fc:fe:32:6a:54:24:b9:87:53:d3:3a:ad: b3:bc:74:e2:09:7e:05:f6:6a:b2:b2:c9:5d:15:04:56:51:5c: 3a:24:39:1f:c5:f0:1f:67:f8:ff:79:1d:11:62:57:f1:41:b4: c9:fc:7e:59:46:0a:3f:48:58:e0:4d:a6:0a:10:72:2e:ed:1f: b6:1b:19:4d:de:20:09:8c:c8:8c:26:1e:82:7a:3b:88:90:1a: 7c:c4:2b:f0:2f:ca:82:25:42:7e:50:54:62:30:3f:49:63:0c: 7d:f1:3b:f3:90:d8:3c:ee:c3:09:83:3d:a5:08:3a:22:6f:f5: e3:2e:e6:d2
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:05:5D:EC:D6:A2)33.336199,-111.89446440830702
2023-05-12 03:00:36Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabusecomplaints@markmonitor.com Domain Name: GITHUBUSERCONTENT.COM Registry Domain ID: 1845671923_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-01-05T09:12:39Z Creation Date: 2014-02-06T21:17:00Z Registry Expiry Date: 2024-02-06T21:17:00Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: DNS1.P01.NSONE.NET Name Server: DNS2.P01.NSONE.NET Name Server: DNS3.P01.NSONE.NET Name Server: DNS4.P01.NSONE.NET Name Server: NS-1411.AWSDNS-48.ORG Name Server: NS-181.AWSDNS-22.COM Name Server: NS-1867.AWSDNS-41.CO.UK Name Server: NS-596.AWSDNS-10.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.
2023-05-12 02:54:16HTTP HeadersNoWeb Spider6020None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"}oldfluid.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonepostcrossing (Category: social) https://www.postcrossing.com/user/loginlogin
2023-05-12 02:56:50Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 21:24:59 2022 GMT Not After : Mar 18 21:24:58 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc: d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47: aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0: 0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e: 2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0: da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8: b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff: fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97: a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b: 6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03: 22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d: 9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac: 24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21: da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af: 7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7: 26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81: bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82: d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12: 18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d: 99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0: cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80: d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb: 59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72: 2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7: ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba: 53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33: 69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80: 18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23: 36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13: 84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4: 48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43: bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52: 0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1: 30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c: 5b:43:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 18 22:24:59.092 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:ED:60:61:6F:BC:46:EA:80:D9:9B:7E: 8F:A6:97:51:13:A3:13:6E:09:4B:69:DE:76:DA:06:A4: 9A:F6:AD:26:7A:02:21:00:8D:70:0F:85:A2:37:40:B9: EB:5B:60:8F:DC:06:DD:16:63:C3:4B:C4:FC:99:B1:34: 98:6B:48:67:B4:F0:C6:4E Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 18 22:24:59.634 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:B5:D7:F6:4B:EA:EE:D1:88:2A:2C:A7: F5:CC:0E:34:73:06:3D:CB:97:DC:EE:36:A9:A5:D7:84: 82:BC:B5:EB:C6:02:20:24:29:13:50:A0:1B:E8:D7:8C: B3:4A:9A:51:F0:3A:9F:E5:82:84:2A:82:72:A2:11:F0: F6:5B:BD:6F:C1:6E:17 Signature Algorithm: sha256WithRSAEncryption 9e:bd:00:c7:d3:5f:8b:8e:53:b7:5b:22:5d:0b:6d:c4:d2:9f: fb:d0:a2:7c:44:da:e1:f0:45:3d:e8:3d:22:cc:24:5a:a4:77: b1:7e:a7:5b:7d:47:e3:cc:9f:21:7b:68:ee:4b:fd:96:93:76: 17:26:af:1b:c0:e8:25:4c:33:00:f1:c2:7c:74:4c:aa:65:ed: 92:ae:6a:f9:36:e7:ca:f4:22:6d:f0:eb:29:e7:93:7f:63:23: 5f:e2:ba:1f:83:d2:38:d1:dc:cc:25:4e:61:6b:39:9c:a8:a4: 1a:fc:f9:45:e4:a1:28:63:0f:69:f3:83:90:4b:3d:de:98:18: fa:e8:6b:3c:fb:c2:5d:0d:ab:ed:f9:00:6d:a0:26:46:2f:05: 46:31:32:5f:a6:1d:17:f4:1e:34:3a:f6:2e:f1:f6:1f:09:08: 8f:de:c7:cd:9f:0a:d6:37:e5:8e:ad:71:44:31:1f:ee:c8:d7: 1e:cb:c5:98:bf:4b:bf:03:59:91:6e:75:8b:e9:11:d9:3b:3a: e6:90:a3:02:49:4e:21:28:66:07:46:87:31:86:8a:ff:ea:59: d0:c3:7e:c2:6d:3c:37:07:a6:50:55:a2:45:9b:f8:71:ef:35: ed:7a:04:62:6e:f1:59:e7:59:4b:40:35:fd:a2:ed:39:31:90: 80:53:1f:29
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:09:5B:FC:D9:A0)39.0469, -77.4903
2023-05-12 03:11:26Raw Data from RIRsNoAbstractAPI0030None{u'format': {u'international': u'+14806242599', u'local': u'(480) 624-2599'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14806242599', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'}+14806242599
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePicsart (Category: art) https://picsart.com/u/loginlogin
2023-05-12 02:45:34Raw DNS RecordsNoDNS Raw Records0010Nonebattleb0t.xyz. 86400 IN NS daphne.ns.cloudflare.com. battleb0t.xyz. 86400 IN NS skip.ns.cloudflare.com.battleb0t.xyz
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5de9314c41108c-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.71.14
2023-05-12 03:03:28Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io001cat.github.io
2023-05-12 02:55:18Software UsedYesCensys0030Noneopenssh46.101.229.70
2023-05-12 02:45:50Physical LocationNoAbstractAPI1020NoneMontreal, Quebec, H4X, United States, North America2606:4700:3031::ac43:8709
2023-05-12 02:54:07HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}2606:4700:3031::ac43:8709
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneSWKIDNEY1 (Net ID: 00:02:6F:ED:54:F8)33.336199,-111.89446440830702
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F6:1A:16)41.8781, -87.6298
2023-05-12 02:54:44Netblock MembershipNoCensys0030None35.229.48.0/2035.229.48.116
2023-05-12 02:59:59Affiliate - Email AddressNoE-Mail Address Extractor0030Nonenotatestuser@gmail.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000
2023-05-12 02:46:53Affiliate - Domain NameNoDNS Resolver2020Nonecloudflare.comskip.ns.cloudflare.com
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5d0de95ea502c0-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.97.1
2023-05-12 02:52:33Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.screentogif.com/downloads', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e38_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_e38_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e38_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e38_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3640"\n "IsoScope_e38_ConnHashTable<3640>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e38_IE_EarlyTabStart_0xe94_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3640"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.28.243:443"\n "192.30.255.117:443"\n "192.229.163.25:443"\n "20.125.62.241:443"\n "142.251.2.157:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.github.com"\n "c.clarity.ms"\n "platform.twitter.com"\n "query.prod.cms.msn.com"\n "stats.g.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "unicons.iconscout.com"\n "www.screentogif.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "platform.twitter.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Recorder-Old.220d6f4d_1_.gif" has type "GIF image data version 89a 574 x 465" and extension "gif"\n "Editor.3586032f_1_.gif" has type "GIF image data version 89a 743 x 521" and extension "gif"\n "Recorder-New.e3003335_1_.gif" has type "GIF image data version 89a 408 x 369" and extension "gif"\n "Loam.343c6915_1_.png" has type "PNG image data 1000 x 1000 8-bit/color RGBA non-interlaced" and extension "png"\n "Elmah.21a45df7_1_.png" has type "PNG image data 836 x 536 8-bit/color RGBA non-interlaced" and extension "png"\n "Noderaider.be4e9c67_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=0] progressive precision 8 400x400 components 3" and extension "jpg"\n "Whsr.385f0a38_1_.png" has type "PNG image data 512 x 512 8-bit colormap non-interlaced" and extension "png"\n "Bluepoint.27f1ef7b_1_.png" has type "PNG image data 307 x 90 8-bit/color RGBA non-interlaced" and extension "png"\n "logo.d2151712_1_.png" has type "PNG image data 256 x 256 8-bit/color RGBA non-interlaced" and extension "png"\n "c_1_.gif" has type "GIF image data version 89a 1 x 1" and extension "gif"\n "collect_1_.gif" has type "GIF image data version 89a 1 x 1" and extension "gif"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df9094ab384f940ba2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{3d8264cb-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa6cf4e6309c1db59.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{4b5d2cdb-eb38-11ed-a571-080027d31f80}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{3d8264cb-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{4b5d2cdb-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa6cf4e6309c1db59.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{3d8264c9-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff161ee818d5dda45.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Kreiseder.98f158f6_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Jetbrains.69724121_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Fosshub.48002ff1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "NDepend.943229b8_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "BrunnerBi.b7b9057f_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Windows.19802f6e_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Microsoft.a1fb1c95_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "app.d1265516_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "chunk-vendors.7bff679b_1_.js" has type "UTF-8 Unicode text with very long lines with LF NEL line terminators"- [targetUID: N/A]\n "Recorder-Old.220d6f4d_1_.gif" has type "GIF image data version 89a 574 x 465"- [targetUID: N/A]\n "app.7abc533d_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Editor.3586032f_1_.gif" has type "GIF image data version 89a 743 x 521"- [targetUID: N/A]\n "Recorder-New.e3003335_1_.gif" has type "GIF image data version 89a 408 x 369"- [targetUID: N/A]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "widgets_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Loam.343c6915_1_.png" has type "PNG image data 1000 x 1000 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab2DE8.tmp" has type "data"- Location: [%TEMP%\\Cab2DE8.tmp]- [targetUID: 00000000-00002720]\n "clarity_1_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "line_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Elmah.21a45df7_1_.png" has type "PNG image data 836 x 536 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Noderaider.be4e9c67_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=0] progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "unicons-10_1_.eot" has type "Embedded OpenType (EOT) unicons-10 family"- [targetUID: N/A]\n "releases_1_.json" has type "JSON data"- [targetUID: N/A]\n "unicons-17_1_.eot" has type "Embedded OpenType (EOT) unicons-17 family"- [targetUID: N/A]\n "unicons-18_1_.eot" has type "Embedded OpenType (EOT) unicons-18 family"- [targetUID: N/A]\n "unicons-5_1_.eot" has type "Embedded OpenType (EOT) unicons-5 family"- [targetUID: N/A]\n "unicons-15_1_.eot" has type "Embedded OpenType (EOT) unicons-15 family"- [targetUID: N/A]\n "unicons-12_1_.eot" 185.199.108.153
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.160): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:17:44Account on External SiteNoAccount Finder0010NoneTwitter (Category: social) https://twitter.com/_BattleB0t__BattleB0t_
2023-05-12 02:45:51Physical CoordinatesNoAbstractAPI0020None37.751, -97.8222606:4700:3031::6815:6a6
2023-05-12 03:24:00Similar DomainYesTLD Searcher1010Noneayhu.deayhu.xyz
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.82): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2082104.21.6.166
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneMicrosoft acquisitionsbattleb0t.github.io
2023-05-12 03:23:38Open TCP PortNoPulsedive0030None188.114.96.14:443188.114.96.0/24
2023-05-12 03:03:34Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00d.github.io
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneOpen-source software hosting facilitiesbattleb0t.github.io
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSMC (Net ID: 00:04:E2:D0:65:C0)50.8897, 6.0563
2023-05-12 02:54:57HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c4567d3ec4c10ff-ORD"]}2a06:98c1:3120::1
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES_RT-205 (Net ID: 00:12:BF:FE:00:5F)40.2024, 29.0398
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NonePHK140 (Net ID: 00:01:E3:06:9D:0B)52.3759, 4.8975
2023-05-12 03:08:48Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.226104.196.30.220
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Noneeduwifi (Net ID: 00:02:2D:54:36:B1)37.7642, -122.3993
2023-05-12 02:56:31Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.rstudio.com/products/rstudio/download/),', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.231.208.25:443"\n "104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9a0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_9a0_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_9a0_IESQMMUTEX_0_303"\n "IsoScope_9a0_IESQMMUTEX_0_331"\n "IsoScope_9a0_ConnHashTable<2464>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2464"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_9a0_IE_EarlyTabStart_0xf44_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "QK1MCF28.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QK1MCF28.txt]- [targetUID: 00000000-00002464]\n "_B73DAEC5-28A5-11ED-91FC-0800278F1A1D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002464]\n "Y43HX953.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y43HX953.txt]- [targetUID: 00000000-00002464]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003364]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002464]\n "~DFF06F6526CD877716.TMP" has type "data"- Location: [%TEMP%\\~DFF06F6526CD877716.TMP]- [targetUID: 00000000-00002464]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF185D4F22325C47E3.TMP" has type "data"- Location: [%TEMP%\\~DF185D4F22325C47E3.TMP]- [targetUID: 00000000-00002464]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002464]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002464]\n "~DF0774C0318426B25C.TMP" has type "data"- Location: [%TEMP%\\~DF0774C0318426B25C.TMP]- [targetUID: 00000000-00002464]\n "WXEY61N5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WXEY61N5.txt]- [targetUID: 00000000-00003364]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.rstudio.com/products/rstudio/download/"- [Source: Input]\n Pattern match: "https://www.rstudio.com"- [Source: Input]'}], u'threat_level': 0, u'size': None, u'job_id': u'630e944ecad9df06be085b88', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'35.231.208.25', u'104.196.30.220'], u'sha256': u'072e3ec83c217f53774393c7c55b71b6ac38b677006d238619898149b4ae8ff0', u'sha512': u'6373a2e033dac711da1fdb13838aa849d4eaa2844baa689de28f060328cc0e1980823496573f2cdbafaa48fa2740425e7d1121d4ed136f2300d338fa96e95b78', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.rstudio.com/products/rstudio/download/),', u'submission_id': u'630e944fcad9df06be085b89', u'created_at': u'2022-08-30T22:50:55+00:00', u'filename': None}], u'analysis_start_time': u'2022-08-30T22:50:55+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 5, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'b0994bcbd06abc41e182ae36f000740c', u'network_mode': u'default', u'processes': [], u'sha1': u'bd7835e0d2e2ad5d7166a9d745decc0958ec89e6', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]104.196.30.220
2023-05-12 03:31:23Malicious IP on Same SubnetYesblocklist.de0040Noneblocklist.de List [46.101.128.0/17] http://lists.blocklist.de/lists/all.txt46.101.128.0/17
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-cache-hits: 0{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 03:00:30Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneeAdisyon@ozgen (Net ID: 00:02:6F:C9:2B:E8)40.2024, 29.0398
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.62): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:21SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io185.199.108.153
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider5020Nonehttps://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiUhttps://ayhu.xyz/
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneApple Network 031c82 (Net ID: 00:02:2D:03:1C:82)33.336199,-111.89446440830702
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonesofurry (Category: art) https://login.sofurry.comlogin
2023-05-12 02:55:15Open TCP PortNoCensys0030None165.232.113.85:80165.232.113.85
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2083188.114.96.1
2023-05-12 03:31:31Affiliate - Email AddressNoE-Mail Address Extractor0070Noneabuse@namecheap.com Domain Name: NETCRAFT.COM Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-12-07T10:43:50Z Creation Date: 1994-10-18T04:00:00Z Registry Expiry Date: 2026-10-17T04:00:00Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: AUTHNS1.NETCRAFT.COM Name Server: AUTHNS2.NETCRAFT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: netcraft.com Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2020-09-21T12:40:37.88Z Creation Date: 1994-10-18T04:00:00.00Z Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Name Server: authns1.netcraft.com Name Server: authns2.netcraft.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:44:12Software UsedYesTool - Wappalyzer0020NoneSectigokekw.battleb0t.xyz
2023-05-12 02:58:47Vulnerability - CVE LowYesTool - testssl.sh0210NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.ayhu.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneViking (Net ID: 00:01:71:0B:CD:2E)52.3759, 4.8975
2023-05-12 03:20:27Account on External SiteNoAccount Finder0020NonePillowfort (Category: social) https://www.pillowfort.social/patrick.pogodapatrick.pogoda
2023-05-12 03:15:39Vulnerability - CVE MediumYesTool - testssl.sh0030NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.165.232.113.85
2023-05-12 03:33:56Raw File Meta DataNoBinary String Extractor0040NonemntrRGB XYZ desc trXYZ <mluc -mluc 3`-O! 6fD` N@e@8 s$01@H @jlveI B4Pic .E"E3@YB 8RktA -B09: FRp.PD A7e k `kfZb A8tSNJ 4j@Q4 H8@I" `Y@A4 !Ot-T Hh4@OFx4 @2RIA .MoFZ S>J9` 1tjP@ A!<Il 3rInvMB 6flJ$ bPD1T_aAc _`0Zp 1 QVQ `MXp<K M39CvX JtP5A wtIXB -3nB- rtiC 1@f!X I.ABD '`jh tj!HC Fyv3/ -ApI 99pfaHF /jMql 5Oy@8U2Q9 Mpi.` y5_@. sTiQJ 4Qfqml wc7nAS 3fti0 w2MrS ?O`OU E7-B/ PQj@fQod 'ASM6 'aC_@ >JkA8 ks< j nP?2P 5z'0i ALQxL `-DJE -HqnK LSq a S`j68 sV\0i7 IIA4K/ a/L K R3E5H $ii/aD<V @9qEkj fdcK- k\p/ e<@E7 TPkZAY o@i>K IT 'v Ip@>u 9x:'F A/e7h vj/a1 BnMLh rJMD\ $5eiS r @k<rPfcnM nTqD 8JMKu -h eo 6OCil- NdZs>J H yZ4 eKvkJ MDA8n A8mJ' jTO!D wPKqVhttps://funny.battleb0t.xyz/images/fredo.PNG
2023-05-12 03:13:02Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00.github.io] https://www.openphish.com/feed.txt00.github.io
2023-05-12 02:56:25BGP AS MembershipNoRIPE0030None13335188.114.96.0/24
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneYouTube User2 (Category: video) https://www.youtube.com/@AltpapierAltpapier
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "whostmgrsession=%3a8HJb2gy62wgW5AEl%2cc019e95b194ab8d9598010e513f0ec9b; HttpOnly; path=/; port=2087; secure", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2087; secure", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 02:47:42Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://sahnawaz786.github.io/Facebook_login_clone_project', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://sahnawaz786.github.io/facebook_login_clone_project', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://sahnawaz786.github.io/facebook_login_clone_project', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://sahnawaz786.github.io/Facebook_login_clone_project', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sahnawaz786.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /Facebook_login_clone_project HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "user-agent: ")\n "GET /Facebook_login_clone_project/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "user-agent: ")\n "GET /Facebook_login_clone_project/Images/fblogo.png HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project/Images/fblogo.png HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /Facebook_login_clone_project/Images/facebook.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://sahnawaz786.github.io/Facebook_login_clone_project/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project/Images/facebook.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://sahnawaz786.github.io/Facebook_login_clone_project/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "facebook_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_d74_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_d74_ConnHashTable<3444>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d74_IESQMMUTEX_0_331"\n "IsoScope_d74_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3444"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d74_IE_EarlyTabStart_0x97c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d74_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sahnawaz786.github.io"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "PHD1U0AR.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PHD1U0AR.txt]- [targetUID: 00000000-00003444]\n Dropped file: "3SZP8PGX.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3SZP8PGX.txt]- [targetUID: 00000000-00003444]\n Dropped file: "ZF56VNU9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZF56VNU9.txt]- [targetUID: 00000000-00002884]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "~DFA37422F32059F537.TMP" has type "data"- Location: [%TEMP%\\~DFA37422F32059F537.TMP]- [targetUID: 00000000-00003444]\n "~DF94049321D0CFF6EA.TMP" has type "data"- Location: [%TEMP%\\~DF94049321D0CFF6EA.TMP]- [targetUID: 00000000-00003444]\n "~DF7AA4F6B0C2777651.TMP" has type "data"- Location: [%TEMP%\\~DF7AA4F6B0C2777651.TMP]- [targetUID: 00000000-00003444]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "Facebook_login_clone_project_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "Facebook_login_clone_project_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "~DFA29BB38809160733.TMP" has type "data"- Location: [%TEMP%\\~DFA29BB38809160733.TMP]- [targetUID: 00000000-00003444]\n "PHD1U0AR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PHD1U0AR.txt]- [targetUID: 00000000-00003444]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "3SZP8PGX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3SZP8PGX.txt]- [targetUID: 00000000-00003444]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003444]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002884]\n "_5CFD1796-A009-11ED-9493-080027E9E15B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "fblogo_1_.png" has type "PNG image data 512 x 512 8-bit colormap non-interlaced"- [targetUID: N/A]\n "RecoveryStore._8BEC63F7-A007-11ED-9493-080027E9E15B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_8BEC63F9-A007-11ED-9493-080027E9E15B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /Facebook_login_clone_project HTTP/1.1\nAccept185.199.111.153
2023-05-12 02:57:33Raw Data from RIRsNoCertificate Transparency8010None[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]ayhu.xyz
2023-05-12 02:44:32Affiliate - Internet NameNoDNS Resolver2020Nonecdn-185-199-109-153.github.com185.199.109.153
2023-05-12 03:03:28Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000yesnt.github.io
2023-05-12 03:09:47Affiliate - Internet NameNoDNS Resolver0040None72.170.74.34.bc.googleusercontent.com34.74.170.72
2023-05-12 02:44:20Internet NameNoDNS Resolver2020Nonenwapi2.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:31:29Affiliate - Email AddressNoE-Mail Address Extractor0050Noneabuse@support.gandi.netDomain Name: scoop.sh Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS Registrar WHOIS Server: whois.gandi.net Registrar URL: https://www.gandi.net Updated Date: 2022-05-25T08:13:34Z Creation Date: 2013-06-20T11:02:06Z Registry Expiry Date: 2023-06-20T11:02:06Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: QLD Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: ns-1530.awsdns-63.org Name Server: ns-604.awsdns-11.net Name Server: ns-308.awsdns-38.com Name Server: ns-1776.awsdns-30.co.uk DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain Name: scoop.sh Registry Domain ID: UNDEF-ROID Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2023-04-21T08:07:40Z Creation Date: 2013-06-20T09:02:06Z Registrar Registration Expiration Date: 2023-06-20T11:02:06Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Name Server: NS-604.AWSDNS-11.NET Name Server: NS-1776.AWSDNS-30.CO.UK Name Server: NS-308.AWSDNS-38.COM Name Server: NS-1530.AWSDNS-63.ORG Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/
2023-05-12 03:24:29Company NameNoCompany Name Extractor0040NoneNetlify\, IncC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneSprint Drive (Net ID: 00:0A:F5:55:59:00)39.0469, -77.4903
2023-05-12 02:44:42Internet NameNoDNS Resolver0020Nonepanel.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 13:27:58 2022 GMT Not After : Mar 18 13:27:57 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e: aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9: 19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3: 5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c: ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e: 9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14: 1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3: e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15: 68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c: 7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3: 43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4: 23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0: 7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75: 8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09: cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b: 9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d: 8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73: 3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1: ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a: 80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66: 3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a: b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45: 0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b: 87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2: fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c: cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e: 26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be: ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2: ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32: 1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03: 33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29: 15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67: 2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20: 7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5: 3c:bf:e5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 18 14:27:58.330 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:5D:91:A5:EC:4A:FC:74:A1:CB:A1:43:42: 98:62:F0:F5:48:D8:59:AD:3A:BF:07:84:B7:A0:B8:FB: F5:7F:02:9D:02:20:12:51:01:88:30:77:0C:12:2D:94: E1:FC:28:63:C7:64:51:4C:7A:14:F6:58:60:D3:18:55: AA:0B:5F:BF:83:CC Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 18 14:27:58.947 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:D5:B1:CF:FB:EB:66:58:C1:7C:1F:B7: 27:25:02:E3:9E:12:C4:74:28:D8:27:C6:B7:CB:84:D4: 7D:B7:00:1E:10:02:20:0C:56:3E:2A:0C:E4:D2:75:F2: E0:99:5F:A7:32:B4:86:4A:7F:09:D3:E9:8B:5E:F2:A9: 78:DC:08:7A:AD:C8:9D Signature Algorithm: sha256WithRSAEncryption 56:f1:41:e3:6f:ab:da:37:be:d4:6d:55:43:59:14:33:ac:42: 61:99:54:b2:cc:68:3b:12:68:7c:14:63:9a:e3:c7:2d:28:07: ac:4e:8c:b4:88:4d:80:ce:91:c9:a5:4d:dd:f1:2e:8e:58:cd: 80:0c:46:fa:23:e4:c8:e8:14:61:72:93:e1:44:e8:c3:77:c0: aa:ee:7c:6f:ea:e8:70:f4:d2:e3:e8:1b:8a:39:ca:f5:73:f4: 96:02:3b:a3:36:c0:cb:29:b2:45:5f:f0:82:fc:84:4a:6e:b5: 8b:1c:4a:0e:46:1e:66:a9:10:39:d1:75:3c:a8:c4:57:7f:9f: 62:b2:b2:a2:ec:e6:f3:84:e9:0c:f9:be:3e:3f:3f:98:a2:49: b7:f8:ec:62:7a:a6:69:6f:94:d9:c6:a1:e0:cd:b8:20:3a:ae: 44:80:7f:ac:d9:a3:54:24:56:5d:f1:bf:01:6e:fe:df:0c:62: 2d:77:e4:5c:18:4d:90:25:51:13:68:40:ac:f8:0c:fc:86:c6: 34:50:55:8e:da:35:b1:44:f3:0d:df:99:4c:2f:5a:3f:d4:52: 8d:52:80:94:14:ff:5b:30:58:13:05:5b:9a:df:d5:d4:32:40: 69:ff:dd:82:79:46:62:09:c8:ab:58:69:3f:2e:57:89:60:f9: 31:9d:86:6b
2023-05-12 02:56:57Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/angular/angular.js/pull/2902', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/angular/angular.js/blob/master/src/ng/urlutils.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://pickerwheel.com/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1892:120:WilError_01"\n "Local\\SM0:2444:120:WilError_01"\n "Local\\SM0:2444:304:WilStaging_02"\n "SM0:2444:120:WilError_01"\n "InternetShortcutMutex"\n "ChromeProcessSingletonStartup!"\n "SM0:1892:304:WilStaging_02"\n "Local\\SM0:1892:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1892:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1892:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1892:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.215.114.29:443"\n "13.227.74.39:443"\n "172.64.143.38:443"\n "52.223.40.198:443"\n "13.227.77.47:443"\n "13.227.74.67:443"\n "142.251.2.157:443"\n "13.227.74.85:443"\n "13.227.74.30:443"\n "104.18.34.10:443"\n "104.22.53.86:443"\n "18.235.185.19:443"\n "54.186.215.15:443"\n "184.26.129.51:443"\n "104.18.25.185:443"\n "13.227.78.117:443"\n "74.119.118.151:443"\n "54.67.2.147:443"\n "35.227.252.103:443"\n "172.67.72.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.teads.tv"\n "a177a0690a0ac8223a5887b6f44f3a4f.safeframe.googlesyndication.com"\n "aax.amazon-adsystem.com"\n "acdn.adnxs.com"\n "acds.prod.vidible.tv"\n "ad.doubleclick.net"\n "ads.adthrive.com"\n "adx.g.doubleclick.net"\n "api.rlcdn.com"\n "ats.rlcdn.com"\n "bidder.criteo.com"\n "btlr.sharethrough.com"\n "c.amazon-adsystem.com"\n "c2shb.pubgw.yahoo.com"\n "c2shb.ssp.yahoo.com"\n "cdn.ampproject.org"\n "cdn.brandmetrics.com"\n "cdn.confiant-integrations.net"\n "cdn.id5-sync.com"\n "cdn.jwplayer.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00001892]\n "2cebbc13-a880-451d-8f90-183cd02c69f7.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 366884"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00001892]\n "000009.log" has type "data"- [targetUID: N/A]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00001892]\n "4adfb1408c1f9cb9_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4adfb1408c1f9cb9_0]- [targetUID: 00000000-00001892]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00001892]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]\n "Session_13325706525672020" has type "data"- [targetUID: N/A]\n "508ed6539f911a22_0" has type "data"- [targetUID: N/A]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "de7d83af72dd8e77_0" has type "data"- [targetUID: N/A]\n "f_0004d7" has type "gzip compressed data from Unix original size modulo 2^32 763040"- [targetUID: N/A]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00002444]\n "9b2c1c9dc80fc2b3_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9b2c1c9dc80fc2b3_0]- [targetUID: 00000000-00001892]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jwplayer.com" seems to be random\n "direct.adsrvr.org" seems to be random\n "g2.gumgum.com" seems to be random\n "lb.eu-1-id5-sync.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://pickerwheel.com/"\n Pattern match: "https://pickerwheel.com"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://acdn.adnxs.com/video/outstream/ANOutstreamVideo.jsaD`D`\xaeD`Q"\n Pattern match: "https://acdn.adnxs.com/video/outstream/ANOutstreamVideo.jsaD`D`D`Q"\n Pattern match: "http://modern.ie"\n Pattern match: "http://www.patternify.com"\n Pattern match: "http://designer.videojs.com/"\n Pattern match: "http://www.cssplay.co.uk/layouts/fixed.html"\n Pattern match: "https://github.com/videojs/video.js/blob/master/src/css/video-js.less"\n Pattern match: "http://www.w3.org/TR/NOTE-datetime"\n Pattern match: "http://www.pelagodesign.com/blog/2009/05/20/iso-8601-date-validation-that-doesnt-suck/"\n Pattern match: "https://msdn.microsoft.com/en-us/library/ms537509(v=vs.85).aspx"\n Pattern match: "https://github.com/petkaantonov/bluebird/wiki/Optimization-killers#32-leaking-arguments"\n Pattern match: "https://msdn.microsoft.com/en-us/library/cc288060(v=vs.85).aspx"\n Pattern match: "http://bugs.jquery.com/ticket/1450"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ie/cc196988(v=vs.85).aspx"\n Pattern match: "https://github.com/angular/angular.js/blob/master/src/ng/urlUtils.js"\n Pattern match: "http://www.aptana.com/reference/html/api/HTMLAnchorElement.html"\n Pattern match: "http://stackoverflow.com/a/472729"\n Pattern match: "http://developer.mozilla.org/en-US/docs/Web/API/HTMLAnchorElement"\n Pattern match: "http://url.spec.whatwg.org/#urlutils"\n Pattern match: "https://github.com/angular/angular.js/pull/2902"\n Pattern match: "http://james.padolsey.com/javascript/parsing-urls-with-the-dom/"\n Pattern match: "http://www.w3.org/1999/xhtml"\n Pattern match: "https://stash.corp.appnexus.com/projects/VIDEO/repos/resources_video-ad-video-player-html5-plugin-vpaid/pull-requests/14/overview"\n Pattern match: "acdn.adnxs-simple.com/video/static/res/b2.mp4$Sy"\n Pattern match: "acdn.adnxs-simple.com/video/static/res/av2.mp4$a"\n Pattern match: "rb.adnxs-simple.com/pack?log=log_rb_video_waterfall_events&format=json$Sy"\n Pattern match: "rb.adnxs-simple.com/pack?log=log_rb_video_outstream&format=json$Sy"\n Heuristic match: "a.teads.tv"\n Heuristic match: "a177a0690a0ac8223a5887b6f44f3a4f.safeframe.googlesyndication.com"\n Heuristic match: "aax.amazon-adsystem.com"\n Heuristic match: "acdn.adnxs.com"\n Heuristic match: "acds.prod.vidible.tv"\n Heuristic match: "ad.doubleclick.net"\n Heuristic match: "ads.adthrive.com"\n Heuristic match: "adx.g.doubleclick.net"\n Heuristic match: "api.rlcdn.com"\n Heuristic match: "ats.rlcdn.com"\n Heuristic match: "bidder.criteo.com"\n Heuristic match: "btlr.sharethrough.com"\n Heuristic match: "c.amazon-adsystem.com"\n Heuristic match: "c2shb.pubgw.yahoo.com"\n Heuristic match: "c2shb.ssp.yahoo.com"\n Heuristic match: "cdn.ampproject.org"\n Heuristic match: "cdn.brandmetrics.com"\n Heuristic match: "cdn.confiant-integrations.net"\n Heuris35.229.48.116
2023-05-12 02:47:48Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': 100, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://www.travismathison.com:8080/assets/js/data/search.json', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows"), Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:49731"\n "185.199.108.153:49737"\n "185.199.111.153:49743"\n "185.199.109.153:49752"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2964:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2964:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7576:304:WilStaging_02"\n "Local\\SM0:7576:120:WilError_01"\n "Local\\SM0:2964:120:WilError_01"\n "Local\\SM0:2964:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3724:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.travismathison.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\2964_441367473\\Part-RU]- [targetUID: 00000000-00002964]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00002964]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00002964]\n "331833fe-aa24-4a32-a4fb-ef3c19aa8c0c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\331833fe-aa24-4a32-a4fb-ef3c19aa8c0c.tmp]- [targetUID: 00000000-00002288]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002964]\n "Part-NL" has type "PGP symmetric key encrypted data -"- Location: [%TEMP%\\2964_441367473\\Part-NL]- [targetUID: 00000000-00002964]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\2964_441367473\\Part-RU]- [targetUID: 00000000-00002964]\n "Session_13319115991286099" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13319115991286099]- [targetUID: 00000000-00002964]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00002964]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00002964]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\2964_842337331\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00002964]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\crl-set]- [targetUID: 00000000-00002964]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.fingerprint]- [targetUID: 00000000-00002964]\n "31695c7e-2be1-4080-af62-904e1deee83c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\31695c7e-2be1-4080-af62-904e1deee83c.tmp]- [targetUID: 00000000-00002964]\n "Part-ZH" has type "data"- Location: [%TEMP%\\2964_441367473\\Part-ZH]- [targetUID: 00000000-00002964]\n "46b20db5-be50-4bf4-b4f6-d1b4b39f1117.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\46b20db5-be50-4bf4-b4f6-d1b4b39f1117.tmp]- [targetUID: 00000000-00002964]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\2964_1124322810\\_metadata\\verified_contents.json]- [targetUID: 00000000-00002964]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\2964_812909146\\shopping_fre.html]- [targetUID: 00000000-00002964]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\LOG]- [targetUID: 00000000-00002964]\n "c53b5902-6f05-4039-9ca9-9a0b2029a141.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\c53b5902-6f05-4039-9ca9-9a0b2029a141.tmp]- [targetUID: 00000000-00002964]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00002964]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.travismathison.com:8080/assets/js/data/search.json"\n Pattern match: "http://www.travismathison.com"\n Pattern match: "www.travismathison.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "shoppingfre.js" - Location: [%TEMP%\\2964_812909146\\shoppingfre.js]- [targetUID: 00000000-00002964]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\2964_812909146\\auto_open_controller.js]- [targetUID: 00000000-00002964]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\2964_812909146\\shopping_iframe_driver.js]- [targetUID: 00000000-00002964]\n Dropped file: "product_page.js" - Location: [%TEMP%\\2964_812909146\\product_page.js]- [targetUID: 00000000-00002964]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\2964_812909146\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002964]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\2964_812909146\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002964]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\2964_441367473\\adblock_snippet.js]- [targetUID: 00000000-00002964]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\2964_812909146\\edge_tracking_page_validator.js]- [targetUID: 00000000-00002964]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-43', u'name': u'Writes a PE file header to disc', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 6, u'description': u'"msedge.exe" wrote 8192 bytes starting with PE header signature to file "%TEMP%\\2964_842337331\\_platform_specific\\win_x64\\widevinecdm.dll": 4d5a78000100000004000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000780000000e1fff0e00ff09ff21ff014cff21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e2400005045000064ff0a00 ...'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': 185.199.111.153
2023-05-12 03:03:19Internet NameNoDNS Resolver0030Nonekekw.battleb0t.xyz[{u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.373', u'id': 8595002735}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.278', u'id': 8512878872}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.851', u'id': 8238674246}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.092', u'id': 8232262063}]
2023-05-12 03:24:33Malicious AffiliateYesVXVault.net0140NoneVXVault Malicious URL List [cdn-185-199-111-154.github.com] http://vxvault.net/URL_List.phpcdn-185-199-111-154.github.com
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneDTLAMN (Net ID: 00:01:9F:20:3C:A0)34.0544, -118.244
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneTOMTSSID (Net ID: 00:02:2D:21:5D:E4)50.1188, 8.6843
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f605affff189d-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"}
2023-05-12 02:44:03Internal SpiderFoot Root eventNoSpiderFoot UI12000None"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 02:44:15Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonenetlify.apppics.battleb0t.xyz
2023-05-12 03:10:20Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0030NoneVOIPBL Publicly Accessible PBX List [188.114.97.0/24] http://www.voipbl.org/update188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneTheCs (Net ID: 00:09:0F:BC:AB:26)39.0469, -77.4903
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeens Gast (Net ID: 00:01:21:1F:B1:91)52.3759, 4.8975
2023-05-12 03:23:41Account on External SiteNoAccount Finder0080NonePillowfort (Category: social) https://www.pillowfort.social/baptiste.vautheybaptiste.vauthey
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneiskorpit (Net ID: 00:15:D0:36:48:62)40.2024, 29.0398
2023-05-12 02:44:07Internet NameNoCertSpotter19010Nonefluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:49:03Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://cytoscape.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5168:120:WilError_01"\n "Local\\SM0:2368:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:2368:120:WilError_01"\n "Local\\SM0:2368:120:WilError_01"\n "SM0:2368:304:WilStaging_02"\n "Local\\SM0:5168:304:WilStaging_02"\n "SM0:5168:304:WilStaging_02"\n "SM0:5168:120:WilError_01"\n "Local\\SM0:5168:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5168:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5168:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5168:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "69.16.175.42:443"\n "104.18.11.207:443"\n "142.250.191.46:443"\n "142.250.188.14:443"\n "52.10.229.192:443"\n "192.229.210.155:443"\n "192.229.163.25:443"\n "142.250.189.238:443"\n "142.251.214.142:443"\n "142.250.188.8:443"\n "108.138.246.126:443"\n "142.250.188.13:443"\n "142.251.46.227:443"\n "18.155.202.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"abs.twimg.com"\n "cytoscape.org"\n "home.ndexbio.org"\n "syndication.twitter.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"syndication.twitter.com" (Indicator: "twitter")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00005168]\n "f_00024d" has type "gzip compressed data max compression original size modulo 2^32 258173"- [targetUID: N/A]\n "f_000268" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 360x353 components 3"- [targetUID: N/A]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.json]- [targetUID: 00000000-00005168]\n "0bb730fb-1fbe-4afa-904a-b584b39204fd.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 2253262"- Location: [%TEMP%\\0bb730fb-1fbe-4afa-904a-b584b39204fd.tmp]- [targetUID: 00000000-00005168]\n "3b5c0edd43425875_0" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "PNG image data 380 x 122 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "68e6dbb3-f4d1-41b2-92aa-03d128f088dc.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\68e6dbb3-f4d1-41b2-92aa-03d128f088dc.tmp]- [targetUID: 00000000-00005296]\n "f_000243" has type "PNG image data 2422 x 1838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 380 x 168 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00005296]\n "b227a39674051662_0" has type "data"- [targetUID: N/A]\n "5b1db3ddc4fa4aec_0" has type "data"- [targetUID: N/A]\n "1c5433fc0e218662_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\1c5433fc0e218662_0]- [targetUID: 00000000-00005168]\n "00ed96a6-c8b3-4034-8071-093867526c70.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\00ed96a6-c8b3-4034-8071-093867526c70.tmp]- [targetUID: 00000000-00005168]\n "d0e3a151e37a5784_0" has type "data"- [targetUID: N/A]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003264]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://cytoscape.org/"\n Heuristic match: "abs.twimg.com"\n Pattern match: "https://creativecommons.org/"\n Heuristic match: "cytoscape.org"\n Heuristic match: "home.ndexbio.org"\n Pattern match: "https://cytoscape.org"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "syndication.twitter.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Heuristic match: "ytoscape.org"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.191.46"\n "UDP connection to 142.250.188.14"\n "UDP connection to 142.251.214.142"\n "UDP connection to 142.250.188.8"\n "UDP connection to 142.251.46.227"\n "UDP connection to 142.250.189.238"\n "UDP connection to 172.217.12.99"\n "UDP connection to 142.251.32.34"\n "UDP connection to 142.251.32.42"\n "UDP connection to 142.250.188.1"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "Unknown"- Location: [%TEMP%\\5168_407672804\\adblock_snippet.js]- [targetUID: 00000000-00005168]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="&#x2a;",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n "192.168.241.102"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}], u'threat_level': 0, u'size': None, u'job_id': u'642262aa36c72290dd02ee4c', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_a185.199.110.153
2023-05-12 02:49:38Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-3178248.html', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base a87d0000\n "msedge.exe" loaded module "COMBASE.DLL" at base ad600000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 8fcd0000\n "msedge.exe" loaded module "NTDLL.DLL" at base ade40000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base ad520000\n "msedge.exe" loaded module "SHELL32.DLL" at base ab320000\n "msedge.exe" loaded module "USER32.DLL" at base ac820000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base aa240000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base aa240000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base ad060000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base aa240000\n "msedge.exe" loaded module "KERNEL32" at base ac770000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base aa240000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base aa240000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base aa240000\n "msedge.exe" loaded module "C:\\PROGRAM FILES (X86)\\MICROSOFT\\EDGE\\APPLICATION\\103.0.1264.37\\MSEDGE.DLL" at base 79080000\n "msedge.exe" loaded module "KERNEL32.DLL" at base ac770000'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.30.148:443"\n "185.199.110.153:443"\n "104.17.24.14:443"\n "65.8.158.45:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"\n "O@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3784:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3784:120:WilError_01"\n "Local\\SM0:3784:304:WilStaging_02"\n "Local\\SM0:3784:120:WilError_01"\n "SM0:3784:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:3784:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3784:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3784:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00003784]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003784]\n "f213a3bc-fbce-4ad6-a09e-bbb499aa704f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f213a3bc-fbce-4ad6-a09e-bbb499aa704f.tmp]- [targetUID: 00000000-00003784]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003784]\n "e3e444f5-3bdf-46db-9837-c7ba81a12151.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e3e444f5-3bdf-46db-9837-c7ba81a12151.tmp]- [targetUID: 00000000-00003784]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\3784_1455271828\\shopping_fre.html]- [targetUID: 00000000-00003784]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00003784]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\3784_1496187747\\Filtering Rules]- [targetUID: 00000000-00003784]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006160]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003784]\n "shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\3784_1455271828\\shopping.html]- [targetUID: 00000000-00003784]\n "e3d08ea3-f64e-454e-b7c9-a3743c49cc7d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e3d08ea3-f64e-454e-b7c9-a3743c49cc7d.tmp]- [targetUID: 00000000-00003784]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.fingerprint]- [targetUID: 00000000-00003784]\n "bb56cbed-4a21-463b-bd79-c1344bc69767.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\bb56cbed-4a21-463b-bd79-c1344bc69767.tmp]- [targetUID: 00000000-00003784]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\LOG]- [targetUID: 00000000-00003784]\n "7a6ae75d-e992-40e0-b597-977e151f18ad.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7a6ae75d-e992-40e0-b597-977e151f18ad.tmp]- [targetUID: 00000000-00007240]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00003784]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\3784_2051281609\\_metadata\\verified_contents.json]- [targetUID: 00000000-00003784]\n "e6051345-1cca-48ef-9dbc-7df5a8571dfb.tmp" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e6051345-1cca-48ef-9dbc-7df5a8571dfb.tmp]- [targetUID: 00000000-00003784]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 172.67.30.148 on port 443"\n "HTTPS traffic to 185.199.110.153 on port 443"\n "HTTPS traffic to 104.17.24.14 on port 443"\n "HTTPS traffic to 65.8.158.45 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://getbootstrap.com/docs/4.0/examples/floating-labels/"\n Heuristic match: "zeptojs.com"\n Heuristic match: "C/_2877fc0_0be3b648f2_21898108c2b168a7cbe47279bb0cd47b3071S3c0bee2.ht"\n Heuristic match: "dpo@fi-group.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attc185.199.110.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:AA:8C:9E)41.8781, -87.6298
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-github-request-id: 69FA:0168:26C3619:3A6662D:645DAA55{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 02:54:12HTTP Status CodeNoWeb Spider0010None200battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCoxWiFi (Net ID: 00:0D:67:8C:21:AC)39.0469, -77.4903
2023-05-12 02:54:22Linked URL - InternalNoWeb Spider5030Nonehttps://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiUhttps://www.ayhu.xyz/
2023-05-12 02:55:24Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://metamasl.net/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "matomo.etoreeth.com"\n "metamasl.net"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"8.210.172.191:443"\n "142.250.188.10:443"\n "142.250.189.202:443"\n "142.250.188.3:443"\n "142.250.191.46:443"\n "142.251.32.46:443"\n "43.251.41.15:443"\n "104.16.88.5:443"\n "142.251.214.131:443"\n "47.242.77.136:443"\n "104.17.183.73:443"\n "104.16.89.5:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "142.250.191.34:443"\n "142.251.32.38:443"\n "142.251.32.42:443"\n "142.250.189.182:443"\n "142.250.191.33:443"\n "185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_97c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_97c_IE_EarlyTabStart_0xcf4_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_97c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2428"\n "IsoScope_97c_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_97c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_97c_ConnHashTable<2428>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_97c_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Tar3CB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar573.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab572.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3BB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "undo_2x_1_.png" has type "PNG image data 96 x 96 8-bit gray+alpha non-interlaced"- [targetUID: N/A]\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 450x450 components 3"- [targetUID: N/A]\n "counters_1_.gif" has type "GIF image data version 89a 1 x 1"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003304]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20012 version 1.1"- [targetUID: N/A]\n "V0HGCQ2Y.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V0HGCQ2Y.txt]- [targetUID: 00000000-00003304]\n "dapp-opensea_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "config_1_.js" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "6VGQERV2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6VGQERV2.txt]- [targetUID: 00000000-00002428]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nIf-Modified-Since: Mon, 16 Oct 2017 17:32:56 GMT\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "GET /embed/YVgfHZMFFFQ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: https://metamasl.net/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.youtube.com\nDNT: 1\nConnection: Keep-Alive\nCookie: CONSENT=WP.2676ba" (Indicator: "youtube")\n "GET /pagead/id HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: googleads.g.doubleclick.net\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "youtube")\n "GET /pagead/id?slf_rd=1 HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: googleads.g.doubleclick.net\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "youtube")\n "HTTP/1.1 302 Found\nP3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"\nTiming-Allow-Origin: *\nCross-Origin-Resource-Policy: cross-origin\nLocation: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1\nAccess-Control-Allow-Credentials: true\nAccess-Control-Allow-Origin: https://www.youtube.com\nDate: Sun, 12 Feb 2023 01:00:28 GMT\nPragma: no-cache\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\nCache-Control: no-cache, no-store, must-revalidate\nContent-Type: text/html; charset=UTF-8\nX-Content-Type-Options: nosniff\nServer: cafe\nContent-Length: 0\nX-XSS-Protection: 0\nAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000" (Indicator: "youtube")\n "GET /instream/ad_status.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.doubleclick.net\nIf-Modified-Since: Thu, 12 Dec 2013 23:40:16 GMT\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1\nAccept: */*\nOrigin: https://www.youtube.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: x-goog-api-key, content-type, x-user-agent\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows N185.199.109.153
2023-05-12 02:57:23Internet Name - UnresolvedNoCertificate Transparency0010Noneportainer.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:94:30:70)41.8781, -87.6298
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NonePHK140 (Net ID: 00:01:E3:04:F3:9A)52.3759, 4.8975
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_phone (Net ID: 00:0C:E6:C9:2D:E3)50.8897, 6.0563
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeensGroep (Net ID: 00:01:21:1C:17:A0)52.3759, 4.8975
2023-05-12 03:32:00Open TCP PortNoPulsedive0030None188.114.97.1:443188.114.97.0/24
2023-05-12 02:54:20Raw Data from RIRsNoCensys0040None{"last_updated_at": "2023-05-12T00:39:56.858Z", "ip": "2600:1f18:2489:8200::c8", "location_updated_at": "2023-05-10T21:06:43.663615Z", "autonomous_system_updated_at": "2023-05-10T21:06:43.664291Z", "location": {"province": "Washington", "city": "Seattle", "country": "United States", "coordinates": {"latitude": 47.5413, "longitude": -122.3129}, "postal_code": "98108", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"admirable-sawine-258e70.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:20.591261186Z"}, "www.writingsubmissiontracker.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T20:18:06.345552317Z"}, "fishietime.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:16.369720917Z"}, "adwtt-2021.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:16.331503175Z"}, "fitness-for-hire.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:12.312546246Z"}, "docs.avohq.io": {"record_type": "CNAME", "resolved_at": "2023-03-28T16:11:01.233563954Z"}, "au.podandparcel.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T16:00:18.714848447Z"}, "fosterr-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:13.588030615Z"}, "fervent-shockley-921698.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-04T12:07:52.496791149Z"}, "askdrfigo-drportal.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:52.205880574Z"}, "elegant-tesla-a1ea12.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-05T12:08:03.794016320Z"}, "a244ca4d-f02d-4158-9d95-f3ecc3f53891.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-04-01T23:11:30.247345504Z"}, "www.carobee.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T23:13:35.058671591Z"}, "buildandtone.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:05.200621107Z"}, "orthodox.cashforcars.io": {"record_type": "CNAME", "resolved_at": "2023-03-14T00:28:21.035306733Z"}, "www.mmwmarine.com": {"record_type": "CNAME", "resolved_at": "2023-03-02T14:27:26.178750795Z"}, "www.oehu.org": {"record_type": "CNAME", "resolved_at": "2023-05-08T21:49:53.230466821Z"}, "amazing-monstera-507875.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:52.087973415Z"}, "prae.hcosmin.ro": {"record_type": "CNAME", "resolved_at": "2023-05-01T02:30:40.584393332Z"}, "www.wyattboyer.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T14:41:58.989657965Z"}, "app.nakise.org": {"record_type": "CNAME", "resolved_at": "2022-12-22T22:18:11.155660010Z"}, "oms-user.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-06T12:08:14.593436334Z"}, "lauraxu.com": {"record_type": "AAAA", "resolved_at": "2023-03-18T14:38:04.519555246Z"}, "www.markxa.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T14:05:33.932607492Z"}, "www.thelockdownroom.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T03:20:20.549352015Z"}, "galatea.investments": {"record_type": "AAAA", "resolved_at": "2023-03-10T15:30:44.210263044Z"}, "superlative-lollipop-7e1b2d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:44.092336715Z"}, "darwined-api-docs.foris.ai": {"record_type": "CNAME", "resolved_at": "2023-04-12T21:43:06.097866268Z"}, "sinfitobahia.org.br": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:41:58.372964765Z"}, "adoring-liskov-894667.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:05:54.034044971Z"}, "chefsencasa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-23T12:07:44.780120228Z"}, "sad-colden-651d59.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-02T12:05:39.699906012Z"}, "drxmas-drugrecipts.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-01T12:08:22.715647640Z"}, "dao-lm.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:40.518073668Z"}, "agile-timer.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:10.570920164Z"}, "nanosensedashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-08T12:06:04.516399086Z"}, "purplestrategiccapital.net": {"record_type": "AAAA", "resolved_at": "2023-04-28T21:01:16.210611227Z"}, "www.dealersaver.com.au": {"record_type": "CNAME", "resolved_at": "2023-05-05T12:20:41.651412114Z"}, "budget.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-06T12:08:10.884739666Z"}, "begindrop.renovate.eu.org": {"record_type": "CNAME", "resolved_at": "2022-12-23T09:06:04.180902115Z"}, "kirigamii.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:17.747709193Z"}, "polite-wisp-220514.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:23.458189137Z"}, "clever-montalcini-a4440b.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:22.236272859Z"}, "karolklabisch-beta.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:08:02.851294150Z"}, "blankk.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:31.599875305Z"}, "musing-pasteur-944869.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:53.217150668Z"}, "adamcassidy.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T13:08:36.899965787Z"}, "linksxrs.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T02:04:48.962438278Z"}, "adairo.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T13:20:23.956589050Z"}, "asil-us-icc-task-force.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:53.107800117Z"}, "agitated-cori-358df7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-24T12:06:57.385364261Z"}, "blissful-franklin-4bf4f9.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-22T12:08:06.409034750Z"}, "minschkopattern.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-28T12:05:36.585201698Z"}, "fosterthewulff.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:07:54.220322909Z"}, "clever-chandrasekhar-7ec39e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:46.791037045Z"}, "app.projexion.io": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:54:00.586302912Z"}, "pod-flat.syndicut.io": {"record_type": "CNAME", "resolved_at": "2023-02-22T17:15:07.185464982Z"}, "ctrlup-signature.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:22.288735403Z"}, "ones.studio": {"record_type": "AAAA", "resolved_at": "2023-01-07T17:14:49.921899710Z"}, "admin.cuthequeue.com": {"record_type": "CNAME", "resolved_at": "2023-04-20T18:00:23.885081666Z"}, "dansabelli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:08:13.317776977Z"}, "aesthetic-babka-1b6f1e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-11T12:05:33.610465015Z"}, "druckzauber-erfolgreich-drucken-de.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:15.500256290Z"}, "dev--stream-alerts-v2.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-25T00:09:57.686313332Z"}, "minschkopattern.blumfelix.com": {"record_type": "CNAME", "resolved_at": "2023-05-02T05:42:07.653366604Z"}, "admirable-stardust-6a2b73.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:07.762491546Z"}, "drna.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:24.236571686Z"}, "accruent.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:07:47.807554309Z"}, "clever-davinci-4e13a8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-13T12:05:11.708344705Z"}, "afli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-09T12:06:11.740841843Z"}, "www.andraztech.si": {"record_type": "CNAME", "resolved_at": "2023-02-16T20:22:31.755627780Z"}, "rvh-admin-dev.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:41.806917383Z"}, "adoring-lichterman-6e1b2c.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T20:24:20.566234881Z"}, "aaronmbdev-website.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:07:03.899811400Z"}, "live-polls.patootie.app": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:07:56.159742549Z"}, "elastic-ramanujan-e0ad25.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:33.631556287Z"}, "four13-ops-app-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-11T12:07:42.998596444Z"}, "cupomonline.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:38.920516396Z"}, "awu4jxor2d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:07:09.638707720Z"}, "fervent-mccarthy-4b3659.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-14T12:07:10.401148413Z"}, "szc188.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:20.959762527Z"}, "moonlit-buttercream-62c2ba.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:44.779880090Z"}, "summit.openstack.cn": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:48:19.061204208Z"}, "www.healthymind.ai": {"record_type": "AAAA", "resolved_at": "2023-04-19T14:06:38.547519064Z"}, "fisheye-devdocs.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:03.646864570Z"}, "bullseye-admin.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T20:24:27.696168878Z"}, "www.wenyouwang.cn": {"record_type": "CNAME", "resolved_at": "2023-04-29T13:01:34.861621993Z"}, "noel-port.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:40.472919704Z"}, "agitated-montalcini-0f8ddc.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:02.220099521Z"}, "awesome-jones-c007a7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:08:00.284410270Z"}, "client-v3-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:22.911126012Z"}, "brave-borg-aef0af.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T06:56:58.555640984Z"}, "leafy-beijinho-b1ff73.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T17:34:44.565666088Z"}, "cenos-docs-antennas.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T15:32:55.497984285Z"}, "tubul2600:1f18:2489:8200::c8
2023-05-12 02:46:38BGP AS MembershipNoRIPE0030None36459185.199.109.0/24
2023-05-12 03:11:16Raw Data from RIRsNoAbstractAPI0020None{u'city': u'London', u'security': {u'is_vpn': False}, u'city_geoname_id': 2643743, u'region_geoname_id': 6269131, u'country': u'United States', u'region': u'England', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'CloudFLARENET-EU', u'organization_name': None, u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'W1B', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'22:11:15'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2a06:98c1:3120::1', u'continent': u'North America', u'region_iso_code': u'ENG'}2a06:98c1:3120::1
2023-05-12 02:54:30Open TCP PortNoCensys0030None64.226.81.43:2264.226.81.43
2023-05-12 02:54:13HTTP HeadersNoWeb Spider10010None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}ayhu.xyz
2023-05-12 02:54:38Raw Data from RIRsNoCensys0030None{"last_updated_at": "2023-05-11T22:46:19.213Z", "ip": "172.67.168.252", "location_updated_at": "2023-05-11T18:33:28.301878Z", "autonomous_system_updated_at": "2023-05-09T15:05:11.305022Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"mail.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-04-30T19:46:55.929914113Z"}, "www.5000miles.org": {"record_type": "A", "resolved_at": "2023-04-30T18:13:58.091307621Z"}, "vrukshali.com": {"record_type": "A", "resolved_at": "2023-04-08T16:35:57.455101722Z"}, "micojardihori.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:43.915610757Z"}, "webmail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "aphausomaharli.gq": {"record_type": "A", "resolved_at": "2023-05-03T00:41:30.483254854Z"}, "urposnasulebas.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:59:06.417667953Z"}, "smartshorties.com": {"record_type": "A", "resolved_at": "2023-05-08T16:08:44.911393475Z"}, "newbabyswing.com": {"record_type": "A", "resolved_at": "2023-01-14T15:30:21.414055738Z"}, "www.myobots.com": {"record_type": "A", "resolved_at": "2023-04-09T14:51:23.310423040Z"}, "portsaintjoescallopingcharters.com": {"record_type": "A", "resolved_at": "2023-04-21T15:46:43.176740366Z"}, "beautifytopsultimation.buzz": {"record_type": "A", "resolved_at": "2022-11-17T12:23:28.036579596Z"}, "www.searchtermresults.com": {"record_type": "A", "resolved_at": "2023-04-29T15:52:34.091641640Z"}, "demedetomi.cf": {"record_type": "A", "resolved_at": "2023-04-28T13:02:53.957272859Z"}, "kasabugraphics.com": {"record_type": "A", "resolved_at": "2023-05-01T14:43:01.025149560Z"}, "ope8.tv": {"record_type": "A", "resolved_at": "2023-05-03T22:04:13.875331255Z"}, "cpanel.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-05-04T14:36:47.242935150Z"}, "sgenundia.tk": {"record_type": "A", "resolved_at": "2023-03-24T07:24:26.513019486Z"}, "rigophogisvito.tk": {"record_type": "A", "resolved_at": "2023-04-22T20:38:42.905568413Z"}, "www.kjgenerationministries.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-10T18:40:04.194871729Z"}, "take2s.com": {"record_type": "A", "resolved_at": "2023-04-13T01:23:15.149064879Z"}, "remenhillcockvu.ml": {"record_type": "A", "resolved_at": "2023-04-23T18:26:05.960236771Z"}, "grrrlhub.com": {"record_type": "A", "resolved_at": "2023-05-06T15:01:46.516202883Z"}, "tilimotica.ml": {"record_type": "A", "resolved_at": "2023-05-07T18:36:13.077272212Z"}, "mistwarctolylong.tk": {"record_type": "A", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "liaromispepun.cf": {"record_type": "A", "resolved_at": "2023-05-09T12:55:45.304346039Z"}, "yarmun.ru": {"record_type": "A", "resolved_at": "2022-11-24T10:10:59.048282776Z"}, "www.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-24T22:38:44.245072355Z"}, "topcourse.org": {"record_type": "A", "resolved_at": "2023-05-03T21:16:34.517625638Z"}, "ningchartjump.ml": {"record_type": "A", "resolved_at": "2023-01-07T15:35:22.698042631Z"}, "it-a-br-newcarok.live": {"record_type": "A", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "24hrupdate.online": {"record_type": "A", "resolved_at": "2023-03-02T19:07:43.323480368Z"}, "control.vipe.us": {"record_type": "A", "resolved_at": "2023-04-29T21:53:25.082390823Z"}, "jocworkvi.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:39:03.920122991Z"}, "cienciaexamanismo.com.br": {"record_type": "A", "resolved_at": "2022-10-22T20:43:17.637185692Z"}, "www.farasoacademy.com": {"record_type": "A", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "tiketpabe.ml": {"record_type": "A", "resolved_at": "2022-12-20T15:20:04.499578994Z"}, "slanchogled.vipe.us": {"record_type": "A", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "www.septlightchristministries.org.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:49.197349430Z"}, "www.seki.ro": {"record_type": "A", "resolved_at": "2023-05-03T21:28:23.180761483Z"}, "nnfejv-dkfe.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-04-14T21:16:09.910917494Z"}, "ydemle.tk": {"record_type": "A", "resolved_at": "2023-05-03T04:55:08.861274859Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "www.septlightchristministries.org": {"record_type": "CNAME", "resolved_at": "2022-11-14T16:33:28.688596487Z"}, "www.brevardnc.org": {"record_type": "A", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "reistomam.ml": {"record_type": "A", "resolved_at": "2023-04-04T19:32:24.563529019Z"}, "businesscreditcarddeal.com": {"record_type": "A", "resolved_at": "2023-04-30T19:35:33.121417755Z"}, "plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-11-07T13:56:43.968941354Z"}, "prechcamithotem.ga": {"record_type": "A", "resolved_at": "2023-04-28T18:15:48.598414983Z"}, "cvgy.top": {"record_type": "A", "resolved_at": "2023-05-03T04:55:52.694688313Z"}, "road.vipe.us": {"record_type": "A", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "www.clicarmoires.ca": {"record_type": "A", "resolved_at": "2023-04-17T17:46:34.291559938Z"}, "venoqymoty.gq": {"record_type": "A", "resolved_at": "2023-05-03T00:41:48.616482387Z"}, "marchailil.gq": {"record_type": "A", "resolved_at": "2022-12-16T14:41:33.935986410Z"}, "youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-05T16:03:41.028406500Z"}, "www.youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-07T16:20:45.109859563Z"}, "cakedefi.ru": {"record_type": "A", "resolved_at": "2023-05-05T20:07:14.309451071Z"}, "terrtus.ch": {"record_type": "A", "resolved_at": "2023-05-11T12:57:19.817455256Z"}, "bestverfyspport.xyz": {"record_type": "A", "resolved_at": "2022-12-01T17:11:53.237569857Z"}, "cdn-0.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-05-05T14:02:23.133300194Z"}, "asexloyndicla.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:02.129956664Z"}, "evipesli.cf": {"record_type": "A", "resolved_at": "2023-05-01T12:47:01.066595854Z"}, "marwiwealolo.tk": {"record_type": "A", "resolved_at": "2023-05-09T21:26:23.147927370Z"}, "aqonecsymtuite.cf": {"record_type": "A", "resolved_at": "2023-05-02T19:49:39.573463922Z"}, "luigisitalianrestaurantuvalde.com": {"record_type": "A", "resolved_at": "2023-04-27T15:46:08.997890816Z"}, "beleukemiatip.live": {"record_type": "A", "resolved_at": "2023-04-24T18:39:32.424276429Z"}, "cpcalendars.seki.ro": {"record_type": "A", "resolved_at": "2023-01-29T20:35:39.444163903Z"}, "tizhoo.ir": {"record_type": "A", "resolved_at": "2022-12-14T15:27:25.652479467Z"}, "smartarena.vipe.us": {"record_type": "A", "resolved_at": "2023-05-03T22:17:28.866034171Z"}, "powernet.asia": {"record_type": "A", "resolved_at": "2023-05-10T12:19:53.194054542Z"}, "cosmicstory.info": {"record_type": "A", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "www.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-04-26T14:47:46.439798109Z"}, "dev.wrightelliot.co.uk": {"record_type": "A", "resolved_at": "2023-05-05T20:36:24.562768060Z"}, "sterrecgondtic.cf": {"record_type": "A", "resolved_at": "2023-03-28T12:41:12.485923868Z"}, "www.kjgenerationministries.com": {"record_type": "CNAME", "resolved_at": "2022-12-05T13:35:30.694998001Z"}, "abkapp.vipe.us": {"record_type": "A", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "master-forex-v.com": {"record_type": "A", "resolved_at": "2023-05-02T15:28:26.304610299Z"}, "maturewell.org": {"record_type": "A", "resolved_at": "2023-05-07T21:17:46.109575572Z"}, "stocabpenope.tk": {"record_type": "A", "resolved_at": "2023-05-04T22:27:09.028863323Z"}, "martohacabe.ga": {"record_type": "A", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "www.terrtus.ch": {"record_type": "A", "resolved_at": "2023-04-28T13:06:01.112458353Z"}, "tiabolihochwildpa.tk": {"record_type": "A", "resolved_at": "2023-04-23T21:28:52.237979185Z"}, "rensumexiberk.ml": {"record_type": "A", "resolved_at": "2023-05-03T01:55:35.944855020Z"}, "mail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-27T14:03:01.187052953Z"}, "www.comunicacaodedados.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-13T18:07:05.732544519Z"}, "lenscarspock.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:33.881756893Z"}, "rec.vipe.us": {"record_type": "A", "resolved_at": "2023-04-30T03:14:09.561279109Z"}, "mail.pitubasolflat.com": {"record_type": "A", "resolved_at": "2023-05-06T15:53:33.146143534Z"}, "rotaryclubdeitaguaje.org.br": {"record_type": "A", "resolved_at": "2023-05-07T12:43:12.589324662Z"}, "trakagcicsalutci.tk": {"record_type": "A", "resolved_at": "2023-05-01T20:45:54.004504568Z"}, "www.vrukshali.com": {"record_type": "A", "resolved_at": "2023-05-08T16:37:33.689821521Z"}, "www.24hrupdate.online": {"record_type": "A", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "brockhoff.fr": {"record_type": "A", "resolved_at": "2023-04-30T22:44:30.853447549Z"}, "factoryoutletusa.shop": {"record_type": "A", "resolved_at": "2023-03-30T07:59:51.872078107Z"}, "tinghoxad.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:24.408979445Z"}, "tournleadnabatemo.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:16.541179614Z"}, "5000miles.org": {"record_type": "A", "resolved_at": "2023-05-03T21:08:08.392120085Z"}, "arpaman.ga": {"record_type": "A", "resolved_at": "2022-10-21T07:33:02.998113361Z"}, "vikk-play.space": {"record_type": "A", "resolved_at": "2023-01-29T18:05:12.078217209Z"}, "bitfari.net": {"record_type": "A", "resolved_at": "2023-05-03T02:29:48.944022709Z"}}, "names": ["brockhoff.fr", "youshareproject.com", "arpaman.ga", "sgenundia.tk", "tiabolihochwildpa.tk", "cienciaexamanismo.com.br", "yarmun.ru", "powernet.asia", "marchailil.gq", "cpanel.dailytungipara.com", "rigophogisvito.tk", "control.vipe.us", "aphausomaharli.gq", "rensumexiberk.ml", "www.septlightchristministries.org", "vikk-play.space", "www.terrtus.ch", "cvgy.top", "5000miles.org", "www.bre172.67.168.252
2023-05-12 02:56:41Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_a04_IESQMMUTEX_0_331"\n "IsoScope_a04_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a04_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2564"\n "IsoScope_a04_IE_EarlyTabStart_0xe64_Mutex"\n "IsoScope_a04_ConnHashTable<2564>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"150.214.110.212:443"\n "18.160.96.90:443"\n "142.250.31.95:443"\n "172.64.133.15:443"\n "104.17.24.14:443"\n "35.229.48.116:443"\n "151.101.1.91:443"\n "172.253.115.94:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /investiga/grupos/FQM346/?post%2CnjOkEHgROA4 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /investiga/grupos/FQM346/?post%2CnjOkEHgROA4 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /css2?family=Nunito:wght@400;600&display=swap HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css2?family=Nunito:wght@400;600&display=swap HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.15.2/css/all.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.15.2/css/all.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.15.2/webfonts/fa-regular-400.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.15.2/webfonts/fa-regular-400.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.15.2/webfonts/fa-solid-900.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.15.2/webfonts/fa-solid-900.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelementplayer.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelementplayer.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelement-and-player.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelement-and-player.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /center.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /center.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /vert.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /vert.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshRTA.woff HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshRTA.woff HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encod35.229.48.116
2023-05-12 02:54:19Linked URL - InternalNoWeb Spider1030Nonehttps://fluid.battleb0t.xyz/gp_badge.pnghttps://fluid.battleb0t.xyz/
2023-05-12 02:51:15Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c04_IE_EarlyTabStart_0x8b0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"\n "IsoScope_c04_IESQMMUTEX_0_303"\n "IsoScope_c04_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c04_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_c04_ConnHashTable<3076>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.66.40.106:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "191.101.3.40:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "llink.to"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "CabB51E.tmp" has type "data"- Location: [%TEMP%\\CabB51E.tmp]- [targetUID: 00000000-00002300]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003076]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFEEE2751A29384183.TMP" has type "data"- Location: [%TEMP%\\~DFEEE2751A29384183.TMP]- [targetUID: 00000000-00003076]\n "~DFFC90A9F2586EA360.TMP" has type "data"- Location: [%TEMP%\\~DFFC90A9F2586EA360.TMP]- [targetUID: 00000000-00003076]\n "~DFEF4FBE98200F22B4.TMP" has type "data"- Location: [%TEMP%\\~DFEF4FBE98200F22B4.TMP]- [targetUID: 00000000-00003076]\n "~DFE92125FE943442B9.TMP" has type "data"- Location: [%TEMP%\\~DFE92125FE943442B9.TMP]- [targetUID: 00000000-00003076]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "_BCFD0E53-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._BCFD0E51-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C766E17C-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002300]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "PZ85YNQQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PZ85YNQQ.txt]- [targetUID: 00000000-00003076]\n "P9VT4ER8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P9VT4ER8.txt]- [targetUID: 00000000-00003076]\n "QUTHNHLH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QUTHNHLH.txt]- [targetUID: 00000000-00003076]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "EAMNLP61.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EAMNLP61.txt]- [targetUID: 00000000-00003076]\n "benjamin.mckenzie@atimetals_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "II6KA114.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\II6KA114.txt]- [targetUID: 00000000-00003076]\n "B2FNP7N6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B2FNP7N6.txt]- [targetUID: 00000000-00003076]\n "QO8K1B53.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QO8K1B53.txt]- [targetUID: 00000000-00003076]\n "CabB51F.tmp" has type "data"- Location: [%TEMP%\\CabB51F.tmp]- [targetUID: 00000000-00002300]\n "CabC118.tmp" has type "data"- Location: [%TEMP%\\CabC118.tmp]- [targetUID: 00000000-00002300]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "CabC13A.tmp" has type "data"- Location: [%TEMP%\\CabC13A.tmp]- [targetUID: 00000000-00002300]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "6O2TX2Q0.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\6O2TX2Q0.htm]- [targetUID: 00000000-00002300]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.guelphcrc.ca" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com"\n Pattern match: "https://llink.to"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115_EDGE_Vmicrosoft.com/921614563724831110587320756521031032115SRCHDAF=NOFORMmicrosoft.com/10243323789440310856102"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131micr"\n Pattern match: "921614563724831110587321084646031032115MUID1C22022E23466767041B1123220A6603msn.com/102514563724831110587321084646031032115"\n Pattern match: "https://west.exchserverdata.one/?email=YmVuamFtaW4ubWNrZW56aWVAYXRpbWV0YWxzLmNvbQ=="\n Pattern match: "MUIDB31E817B6939460D9349A04BB92D861F2ieonline.microsoft.com/921614563724831110587320756521031032115"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025103905676831068342321084646031032115"\n Pattern match: 185.199.108.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f605ceb464381-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"}
2023-05-12 02:55:56SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1: a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99: 22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a: be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6: 21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f: cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4: d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e: c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e: cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2: 17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62: e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64: f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b: 5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc: 63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e: df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3: 58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb: f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa: 05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91: f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe: b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b: 03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40: 44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74: 54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27: 4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28: 32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97: 57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6: 26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8: 43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d: f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9: b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c: 1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9: ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39: 9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76: 9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10: eb:dc:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:03.171 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:96:05:95:D9:0A:4B:A3:9F:B3:54:99: 3D:9F:1C:1C:B3:12:27:04:D0:20:E1:F2:2F:C1:45:57: B6:CE:43:39:BB:02:20:00:C0:44:63:1A:7F:1F:D9:F8: FD:B5:9E:08:05:34:0B:45:8D:91:19:03:CA:A5:AA:D6: E1:FD:44:B5:26:35:45 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 10:44:03.648 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:9E:83:39:0E:B7:7E:92:F8:91:94:2D: C4:39:B4:D1:61:0F:10:40:37:17:81:C1:64:FE:E3:2B: 7F:80:28:64:1B:02:20:24:5F:97:C1:F8:98:B3:7F:80: 98:C6:50:33:A7:E2:50:93:AF:06:19:6A:DF:BA:37:94: 1F:D4:D6:CD:5F:4C:B0 Signature Algorithm: sha256WithRSAEncryption 40:a0:9d:f6:3d:3c:ac:ae:91:12:9b:4e:a3:fc:45:ec:e5:64: da:45:37:2c:ee:d8:2a:d2:8f:88:31:a0:95:c3:dc:c4:40:0e: a8:93:80:23:39:bf:89:3d:dd:29:75:89:26:f6:5c:52:03:15: 6f:e8:31:57:f9:25:b3:bd:ee:60:ab:89:7b:bf:4a:3b:90:d7: 1d:6e:f0:15:a6:a8:33:e3:0a:a3:63:24:df:b6:b2:88:74:9c: 53:ba:d0:31:ab:00:8b:eb:a4:eb:bb:ba:98:6b:22:46:8c:5e: 84:5b:6e:2e:cc:c4:3d:09:cd:d2:87:a3:5d:75:e5:ec:73:75: 14:60:08:bd:90:75:45:e0:a0:1e:53:73:ca:fb:93:72:15:2f: 6a:41:43:d4:73:dd:23:81:1a:84:6d:10:98:76:2d:ce:b5:a3: 74:e9:cc:ad:0f:8c:bd:73:70:b3:fe:0a:4e:d0:aa:f9:06:ca: 2e:6d:c1:ec:f4:03:98:d8:dd:ea:da:88:14:c5:af:7a:46:c1: 65:1f:db:ea:14:67:fb:45:d8:16:12:e2:c1:56:a5:f6:63:45: 0e:7f:b7:be:8a:a0:59:b7:47:0c:b8:cc:46:e6:d5:5e:8d:78: 17:a9:cd:35:86:26:df:ba:4a:09:fb:46:5e:4a:81:95:bb:26: df:1f:91:9c battleb0t.xyz
2023-05-12 03:08:54Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7334.74.170.74
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneMCName (Minecraft) (Category: gaming) https://mcname.info/en/search?q=Battleb0tBattleb0t
2023-05-12 03:00:00Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemadler@alumni.caltech.edu[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://goo.gl/uqaWYa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1736"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6c8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6c8_ConnHashTable<1736>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"74.208.236.106:80"\n "74.208.236.106:443"\n "172.217.12.106:443"\n "104.18.10.207:443"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.251.214.131:443"\n "142.250.189.206:443"\n "142.251.214.130:443"\n "142.251.46.230:443"\n "142.251.46.170:443"\n "52.155.62.95:443"\n "172.217.12.118:443"\n "172.217.12.97:443"\n "142.250.189.238:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"chrisfixed.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "chrisfixed.com"\n "fe0.google.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "goo.gl"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "play.google.com"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "static.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "trenta.media"\n "www.chris-fix.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "VISITOR_INFO1_LIVEziB5upP7Wiwyoutube.com/214749286534253099523106746390550359831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "5O0LJ4LH.txt")\n Found string "VISITOR_INFO1_LIVEDU_B5bFhQnkyoutube.com/214749286534253099523106746390472234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "DQKYX181.txt")\n Found string "VISITOR_INFO1_LIVEi1ZA35yJPt8youtube.com/214749286534253099523106746390597234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7JFMJ9XY.txt")\n Found string "VISITOR_INFO1_LIVE-bsB1yN3wW0youtube.com/214749286534253099523106746390784734831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7E6JY8J0.txt")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "function bz(a,b){var c=this;return b}bz.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),cz=["www.youtube.com","www.youtube-nocookie.com"],dz,ez=!1;" (Indicator: "dir "; File: "js_2_.js")\n Found string "www.youtube.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")\n file/memory contains long string with (Indicator: "dir "; File: "base_1_.js")\n Found string "{Bo:"r",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("gam_native_web_video")?{Bo:"n",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("admob_interstitial_video")?{Bo:"int",Do:Eo()}:{Bo:"j",Do:null}};" (Indicator: "dir "; File: "base_1_.js")\n Found string "By=function(a){a=g.Si(a);a=null!==a?a.split(".").reverse():null;return null===a?!1:"com"==a[0]&&a[1].match(/^youtube(?:kids|-nocookie)?$/)?!0:!1};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Uy=function(a,b,c,d,e){Sy||Ty.set(""+a,b,{IG:c,path:"/",domain:void 0===d?"youtube.com":d,W8:void 0===e?!1:e})};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Wy=function(a,b,c){Sy||Ty.remove(""+a,void 0===b?"/":b,void 0===c?"youtube.com":c)};" (Indicator: "dir "; File: "base_1_.js")\n Found string "sna=function(){this.j=g.hy("ALT_PREF_COOKIE_NAME","PREF");this.u=g.hy("ALT_PREF_COOKIE_DOMAIN","youtube.com");var a=g.Vy(this.j);a&&this.parse(a)};" (Indicator: "dir "; File: "base_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"insta-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "twitter-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "fb-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "sddefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "sddefault_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "yt-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "unnamed_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 Exif Standard: [TIFF image data little-endian direntries=1 software=Google] baseline precision 8 68x68 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'infor
2023-05-12 03:00:26Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes256-gcm@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneEminent (Net ID: 00:14:5C:87:88:F8)50.8897, 6.0563
2023-05-12 03:00:56Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.91): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:12:53Raw Data from RIRsNonumverify0030None{u'international_format': u'+14806242505', u'local_format': u'4806242505', u'number': u'14806242505', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'}+14806242505
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D8:F1)32.8608, -79.9746
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneUTAAPC (Net ID: 00:02:6F:3C:D0:53)37.7642, -122.3993
2023-05-12 02:53:39Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 8A7E:0CB6:1A24B9D:28318AF:645D907B Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 151 X-Served-By: cache-chi-klot8100035-CHI X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1683853586.391035,VS0,VE4 Vary: Accept-Encoding X-Fastly-Request-ID: b0816cb365cc757f5f8cced0af110244f06dfba5 185.199.108.153
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneGravatar (Category: images) http://en.gravatar.com/profiles/ayshooayshoo
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00why00.github.io185.199.111.153
2023-05-12 02:54:22Web ContentNoWeb Spider1020None<!DOCTYPE html> <html> <iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> </html> http://kekw.battleb0t.xyz/jar
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys_SES_39246 (Net ID: 00:1C:10:3F:F6:58)32.8608, -79.9746
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None101 (Net ID: 00:01:03:79:1F:E4)34.0544, -118.244
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.145): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:23SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io185.199.109.153
2023-05-12 03:08:49Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11135.229.48.116
2023-05-12 03:03:41Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01100111-01101001-01110100.github.io
2023-05-12 03:00:54Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.85): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneELSA (Net ID: 00:02:2D:20:CF:48)50.1188, 8.6843
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NonePornhub Users (Category: XXXPORNXXX) https://www.pornhub.com/users/ayshooayshoo
2023-05-12 02:54:15Linked URL - ExternalNoWeb Spider0030Nonehttps://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512https://nwapi2.battleb0t.xyz/
2023-05-12 02:45:57Malicious IP AddressYesMetaDefender0120Nonewebroot.com [172.67.135.9]172.67.135.9
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:2187.248.157.102
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11935.229.48.116
2023-05-12 02:56:58Raw Data from RIRsNoHybrid Analysis1030None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://calzedokondor.co/vitalie.porcescu@ansa.gov.md', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d54_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d54_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d54_IESQMMUTEX_0_303"\n "IsoScope_d54_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d54_ConnHashTable<3412>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d54_IE_EarlyTabStart_0xebc_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3412"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"calzedokondor.co"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "eon.nerz.cloudns.nz"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar34FF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3442.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.174.174.220:443"\n "35.229.48.116:443"\n "142.251.33.106:443"\n "69.16.175.10:443"\n "142.251.211.234:443"\n "104.18.22.52:443"\n "104.18.10.207:443"\n "104.17.24.14:443"\n "104.197.4.231:443"\n "172.64.203.28:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab34FE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3441.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "RXDGIQPF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n Dropped file: "MA7ZTF7R.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MA7ZTF7R.txt]- [targetUID: 00000000-00003412]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar34FF.tmp" has type "data"- Location: [%TEMP%\\Tar34FF.tmp]- [targetUID: 00000000-00003844]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003844]\n "jquery-3.2.1.slim.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Tar3442.tmp" has type "data"- Location: [%TEMP%\\Tar3442.tmp]- [targetUID: 00000000-00003844]\n "_5BFAE1C3-60BC-11ED-968F-08002744A090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "favicon_6_.ico" has type "MS Windows icon resource - 1 icon 16x16 32 bits/pixel"- [targetUID: N/A]\n "~DF0E5AFAE17F79F751.TMP" has type "data"- Location: [%TEMP%\\~DF0E5AFAE17F79F751.TMP]- [targetUID: 00000000-00003412]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF8B6A0A3E86D531A7.TMP" has type "data"- Location: [%TEMP%\\~DF8B6A0A3E86D531A7.TMP]- [targetUID: 00000000-00003412]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003844]\n "RXDGIQPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery-3.1.1.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md"\n Pattern match: "https://calzedokondor.co"\n Heuristic match: "calzedokondor.co"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "code.jquery.com"\n Heuristic match: "eon.nerz.cloudns.nz"\n Heuristic match: "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "vitalie.porcescu@ansa.gov.md"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'3/90 reputation engines marked "http://calzedokondor.co" as malicious (3% detection rate)\n 3/90 reputation engines marked "https://calzedokondor.co" as malicious (3% detection rate)\n 7/90 reputation engines marked "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md" as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'7/90 Antivirus vendors marked sample as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'636c9fea72902d08670f15f1', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'suspicious_identifiers': [], u'attck_id': u'T1114', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Email Collection', u'informative_identifiers': [], u'tactic': u'Collection', u'informative_identifiers_count': 0, u'suspicious_identifiers_count':35.229.48.116
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None104.21.71.14fluid.battleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:02:2D:03:B5:60)37.780462,-122.390564
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2053104.21.6.166
2023-05-12 02:54:15HTTP Status CodeNoWeb Spider0020None200www.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneprv.pl (Category: tech) https://www.prv.pl/osoba/loginlogin
2023-05-12 02:45:42Physical LocationNoAbstractAPI0020NoneSan Francisco (South Beach), California, 94107, United States, North America185.199.108.153
2023-05-12 02:50:19Physical LocationNoipstack0030NoneUnited States104.196.30.220
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.95): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:07Internet NameNoCertSpotter25010Nonenwapi.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None0263d4 (Net ID: 0C:EA:C9:05:4C:A3)37.751, -97.822
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMCName (Minecraft) (Category: gaming) https://mcname.info/en/search?q=loginlogin
2023-05-12 03:00:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.32): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonefactory (Net ID: 00:01:03:7C:37:39)52.3759, 4.8975
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None006blog.github.io185.199.111.153
2023-05-12 02:54:22HTTP Status CodeNoWeb Spider0220None404http://kekw.battleb0t.xyz/jar
2023-05-12 03:09:41Affiliate - Internet NameNoDNS Resolver0040None121.48.229.35.bc.googleusercontent.com35.229.48.121
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneDuolingo (Category: hobby) https://www.duolingo.com/profile/loginlogin
2023-05-12 02:54:21Linked URL - ExternalNoWeb Spider0040Nonehttps://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyzhttp://vscode.battleb0t.xyz/
2023-05-12 02:59:47Affiliate - Email AddressNoE-Mail Address Extractor0020Noneabuse@reg.ruDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5b6bb0ea398702-ORD"]}188.114.97.1
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS (Net ID: 00:00:C5:D7:5E:30)41.8781, -87.6298
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.27): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.143): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:02:2D:45:26:C8)34.0544, -118.244
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.236): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:10Physical LocationNoCensys0020NoneRosemont, Illinois, 60018, United States, North America2606:4700:3031::6815:6a6
2023-05-12 03:24:47CountryNoCountry Name Extractor0050NoneUnited StatesAshburn, Virginia, VA, United States, US
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCoxWiFi (Net ID: 00:0D:67:8C:21:B4)39.0469, -77.4903
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter0010NoneCN=battleb0t.xyzbattleb0t.xyz
2023-05-12 03:09:26SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com188.114.96.1
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020Noneomlet (Category: gaming) https://omlet.gg/profile/battleb0tbattleb0t
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet9102 (Net ID: 00:01:36:5B:91:00)34.0544, -118.244
2023-05-12 02:54:57Open TCP PortNoCensys0020None2a06:98c1:3120::1:4432a06:98c1:3120::1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonegjdsdnetwork (Net ID: 00:06:25:98:D4:36)33.336199,-111.89446440830702
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneCloud computing providersbattleb0t.github.io
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneThe Batcave (Net ID: 00:11:32:A4:B5:6B)50.8897, 6.0563
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None2WIRE169 (Net ID: 00:02:2D:8C:55:BE)37.7642, -122.3993
2023-05-12 02:56:27HashNoHash Extractor0030None[MD5] 02ca825e4901e74c2c2d6f8e59341325<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 03:09:28SSL Certificate - Raw DataNoSSL Certificate Analyzer0030NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:31:07:b9:c0:d0:b8:aa:df:7a:22:9b:22:71:4b:8d:b2:1d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 25 07:50:00 2023 GMT Not After : Jul 24 07:49:59 2023 GMT Subject: CN=donation.ecash-pay.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:98:22:d2:79:15:e6:86:77:ae:dd:99:02:aa:aa: 48:11:c4:f9:b7:cf:6a:12:e3:23:fd:3d:cf:bf:e8: 6d:23:63:9c:7c:3f:7d:7a:53:3c:93:e1:ed:15:d0: 63:f1:c4:39:b6:8c:54:b4:f7:91:ed:24:3c:85:08: 37:45:94:0b:5c ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A8:1F:4D:DC:19:88:72:CA:45:5D:51:D2:29:9C:6A:95:49:95:BE:55 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:donation.ecash-pay.com, DNS:www.donation.ecash-pay.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 25 08:50:00.708 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C3:19:9D:F5:28:8D:A1:E9:29:8F:C2: 8A:5F:94:43:BB:51:2E:A0:10:E3:31:98:4D:1D:E7:D2: 85:F3:74:81:CD:02:21:00:AB:FA:5E:02:65:52:97:6D: 06:5D:66:A3:98:A7:4A:9E:CD:B8:C2:D8:3E:F1:35:9D: 39:29:C0:1A:99:C6:41:BF Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Apr 25 08:50:00.710 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:C8:1D:E0:AF:06:5C:BF:FE:B1:7D:24: 11:75:73:CD:59:65:4E:B8:A9:07:AD:BD:CE:FC:B0:17: 86:D5:66:27:0E:02:20:00:F2:8C:15:A7:57:91:B4:F0: F3:2E:D7:3B:10:54:C8:3E:A6:21:BD:EC:74:0D:94:44: DB:4D:DB:42:5B:3E:70 Signature Algorithm: sha256WithRSAEncryption 10:a8:29:67:29:38:59:0b:e5:59:85:9b:ef:9b:02:9c:2f:ba: c6:2a:ba:16:de:48:89:a7:eb:78:2d:ba:2c:79:8e:17:d9:0c: 17:ec:5b:db:41:22:35:61:84:63:7a:9e:0f:7a:50:68:cd:42: 19:80:c7:47:af:27:2e:2b:a0:9c:85:c1:81:d5:72:b4:ee:4e: 12:ce:46:3d:34:79:a0:79:15:3a:dc:81:63:16:03:1c:d1:6f: 60:00:52:f1:da:2a:d6:45:05:3a:e5:22:4e:4d:b8:f9:22:dc: 0a:ad:32:bd:6f:5b:88:77:8c:4d:c5:e2:6c:c6:a4:8d:a4:9e: cc:c7:a2:c4:67:1a:d5:60:67:db:b8:f7:e4:c4:93:97:10:e2: bd:36:51:84:b9:db:f4:fd:d1:a5:a6:d2:9b:75:fd:69:8e:dd: 87:59:c8:c4:ff:2c:ac:15:bb:4a:7c:08:bd:13:fc:ac:07:62: 06:5e:d8:05:29:b3:9b:8f:4c:b8:33:f5:e1:8d:95:c2:55:17: 4f:e6:5b:9c:62:4f:ac:0f:91:15:cc:12:8b:94:a1:7e:17:97: 01:19:93:6b:83:49:e6:9c:1a:89:08:c3:ca:7e:db:c0:76:6f: 57:ce:0b:7d:3f:b5:ed:f2:34:b2:b0:39:17:e7:b0:58:a2:e9: 19:fc:4d:bc 165.232.113.85
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D7:34)32.8608, -79.9746
2023-05-12 02:45:49Physical CoordinatesNoAbstractAPI0020None37.751, -97.822172.67.135.9
2023-05-12 02:55:11Software UsedYesCensys0020NoneLiteSpeed Technologies LiteSpeed Web Server87.248.157.102
2023-05-12 02:54:27Raw Data from RIRsNoCensys0040None{"last_updated_at": "2023-05-11T14:03:34.697Z", "ip": "2600:1f18:2489:8202::c8", "location_updated_at": "2023-05-09T14:45:17.341917Z", "autonomous_system_updated_at": "2023-05-09T14:45:17.341961Z", "location": {"province": "Washington", "city": "Seattle", "country": "United States", "coordinates": {"latitude": 47.5413, "longitude": -122.3129}, "postal_code": "98108", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"ruwalls.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:51.030246706Z"}, "adwtt-2021.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-20T12:08:57.252679802Z"}, "cher-group.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:43.059032955Z"}, "125summer.tech": {"record_type": "AAAA", "resolved_at": "2023-04-08T21:50:10.818543379Z"}, "elastic-panini-108062.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:25.879261834Z"}, "vocal-zuccutto-9a1234.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:47.415156052Z"}, "elated-bhaskara-b52469.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:13.607651632Z"}, "brave-darwin-3ec1aa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:52.077576525Z"}, "www.w8listed.com": {"record_type": "CNAME", "resolved_at": "2023-02-22T15:38:13.554040678Z"}, "rvcrfu.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:09:37.427793959Z"}, "www.speedwrite.ai": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:13:59.413966827Z"}, "form-myonevent.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-23T12:19:23.632814547Z"}, "blog-doganaltinbas.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-05T12:05:17.905641717Z"}, "imaginative-douhua-e8b30d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:05:42.241405678Z"}, "orthodox.cashforcars.io": {"record_type": "CNAME", "resolved_at": "2023-03-07T16:15:29.380087979Z"}, "adoring-saha-207b27.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:18.592192599Z"}, "develop--admin.glimmerdao.io": {"record_type": "CNAME", "resolved_at": "2023-03-13T00:50:21.694680586Z"}, "www.nho.agency": {"record_type": "CNAME", "resolved_at": "2023-05-09T12:14:42.515710945Z"}, "www.mmwmarine.com": {"record_type": "CNAME", "resolved_at": "2023-02-27T18:30:41.725868265Z"}, "www.frentelibertad.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:59:07.880752059Z"}, "adoring-babbage-316479.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-04T12:05:34.884376961Z"}, "adminapp-stg-bb.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:26.217035493Z"}, "platform-houston.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:09:40.965157083Z"}, "prae.hcosmin.ro": {"record_type": "CNAME", "resolved_at": "2023-03-16T07:08:11.295823843Z"}, "www.wyattboyer.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T14:41:58.989657965Z"}, "finsteadrs.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:22.127243814Z"}, "pensioenbijmivena.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T12:06:16.135802084Z"}, "sweepbright-6112741c-fc43-466a-afec-9e3d89bdebe5-production.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:51.309771011Z"}, "lauraxu.com": {"record_type": "AAAA", "resolved_at": "2023-03-23T15:44:33.995264596Z"}, "fervent-curie-c076ac.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:07:46.188459180Z"}, "nanosensedashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:32.889341500Z"}, "www.thelockdownroom.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T03:20:20.549352015Z"}, "www.circuitsolvr.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T23:15:00.602131229Z"}, "b30.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:41.249032924Z"}, "agency-dynabuy.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-19T16:09:36.721111941Z"}, "adoring-ritchie-740a79.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:21.555197218Z"}, "flamboyant-dijkstra-08355c.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-22T12:08:18.752220145Z"}, "fervent-nobel-9e2866.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:17.572567563Z"}, "brave-heyrovsky-523ebe.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:15.978896420Z"}, "dao-lm.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-02T12:06:37.158872733Z"}, "keel-console.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:36.663864616Z"}, "curvance.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:12.552916108Z"}, "sweepbright-7d7ea465-ddf0-4c2d-a25c-95a50075bdc9-production.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-30T12:05:55.128899253Z"}, "www.markxa.com": {"record_type": "CNAME", "resolved_at": "2023-03-14T14:05:35.559589933Z"}, "www.nyagosu.net": {"record_type": "CNAME", "resolved_at": "2023-04-18T19:38:28.697007220Z"}, "onda-dashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-07T12:06:27.189051017Z"}, "fervent-panini-403ce8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:34.558822236Z"}, "lgs.blixem.app": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:33:56.182939800Z"}, "eloquent-almeida-032930.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-19T12:07:14.434881226Z"}, "awesome-yalow-1cc160.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:08:57.653831591Z"}, "taffeur.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-10T12:05:43.366792371Z"}, "ww2.globhe.com": {"record_type": "CNAME", "resolved_at": "2022-12-31T13:34:43.828501818Z"}, "my-dev-medaica-com.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:19.243369421Z"}, "bright-crumble-7c1693.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-01T12:05:54.969905762Z"}, "www.littleandromeda.co.nz": {"record_type": "CNAME", "resolved_at": "2022-12-23T11:32:14.228648885Z"}, "celebrated-cat-350490.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:05.802464120Z"}, "eduardocesb.com.br": {"record_type": "AAAA", "resolved_at": "2023-04-12T22:02:15.081895995Z"}, "maps.worlddata.ai": {"record_type": "CNAME", "resolved_at": "2023-03-12T12:07:34.845910122Z"}, "blackmeal-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-05T12:07:54.320842879Z"}, "saaze.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:25.471953725Z"}, "blissful-euler-74f7c7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:01:15.208249214Z"}, "moonowl.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-28T12:07:54.194709970Z"}, "staging-mi.eprenda.com": {"record_type": "CNAME", "resolved_at": "2023-05-06T14:50:08.481369014Z"}, "admin.cuthequeue.com": {"record_type": "CNAME", "resolved_at": "2023-05-06T14:40:35.616445164Z"}, "tubular-treacle-592747.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:37.643789453Z"}, "dansabelli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:34.070554379Z"}, "tallysg.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-25T12:08:22.921382976Z"}, "first-eet-kit.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:33.895379344Z"}, "ammandynamics.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:40.345393949Z"}, "nansite.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:08:12.063109274Z"}, "adoring-kilby-3a4082.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:26.626696081Z"}, "studio.stratongroup.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:29:26.908966138Z"}, "awesome-boyd-a9b001.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:06:54.693767464Z"}, "cerulean-arithmetic-d6e551.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:01.801401522Z"}, "rvh-admin-dev.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:41.806917383Z"}, "adoring-lichterman-6e1b2c.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-07T12:05:45.918031921Z"}, "www.mindfuel.ai": {"record_type": "CNAME", "resolved_at": "2023-05-05T12:13:54.357770256Z"}, "launch-highlight-games-bet.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:13.063684415Z"}, "live-polls.patootie.app": {"record_type": "CNAME", "resolved_at": "2023-03-13T20:12:50.085500654Z"}, "base64-converter.amitk.co.in": {"record_type": "CNAME", "resolved_at": "2023-04-29T17:41:26.878706088Z"}, "data.goodgovgroup.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:30:47.092778393Z"}, "centurionplaza.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-11T12:07:50.969569939Z"}, "szc188.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-24T12:06:53.942231457Z"}, "moonlit-buttercream-62c2ba.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:10.525669289Z"}, "summit.openstack.cn": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:48:19.061204208Z"}, "www.healthymind.ai": {"record_type": "AAAA", "resolved_at": "2023-04-09T12:12:49.796134609Z"}, "builditindia.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:24.666074639Z"}, "www.madeinjanne.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:48:29.495707139Z"}, "www.wenyouwang.cn": {"record_type": "CNAME", "resolved_at": "2023-05-07T13:02:43.041153650Z"}, "builtwithgravio-overview.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-26T12:07:12.361137607Z"}, "asil-us-icc-task-force.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-23T12:19:22.972044404Z"}, "narutmic.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:34.642983581Z"}, "brave-kowalevski-585af4.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-29T12:06:08.901355108Z"}, "ner-attack.ashita.nl": {"record_type": "CNAME", "resolved_at": "20232600:1f18:2489:8202::c8
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0020Nonehttps://nwapi.battleb0t.xyz/nwapi.battleb0t.xyz
2023-05-12 02:53:15IP AddressNoMnemonic PassiveDNS0010None104.21.71.14battleb0t.xyz
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0047ol.github.io] https://www.openphish.com/feed.txt0047ol.github.io
2023-05-12 03:12:14Affiliate - Domain WhoisNoWhois4060None Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-09-16T17:34:41Z Creation Date: 2014-07-15T10:59:40Z Registry Expiry Date: 2023-07-15T10:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-07-16T08:59:21Z Creation Date: 2014-07-15T05:59:40Z Registrar Registration Expiration Date: 2023-07-15T05:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice. clientify.net
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:02:53 2023 GMT Not After : May 25 03:02:52 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2: 4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da: 27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc: 93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57: 82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a: 64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39: b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1: 1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e: 27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a: df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2: 6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86: a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d: 21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d: fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07: 24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34: 0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73: 29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b: 6b:f7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 24 04:02:53.639 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:28:F1:70:B2:E6:F5:A1:9C:C3:2A:B9:98: B7:CA:DE:46:06:8A:0D:FD:5D:51:62:6A:9E:AF:A7:18: F8:56:D1:B0:02:20:21:A4:D3:7B:9B:94:A5:33:57:25: EA:F9:E9:6B:7D:DB:3E:9B:70:AC:99:47:BB:60:A1:D8: D4:9F:E0:9F:F4:44 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Feb 24 04:02:53.699 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:3D:E9:FF:70:A3:4B:24:45:DE:32:CD:C1: EB:D6:68:50:E8:90:39:17:70:65:2F:C3:8E:27:EF:8F: 0A:2C:12:42:02:20:63:BD:B7:88:53:11:AE:74:C0:8C: 3E:DD:9A:2F:D6:E5:34:A4:8C:A2:AB:43:8C:64:7E:9B: D2:8E:90:08:CE:60 Signature Algorithm: sha256WithRSAEncryption 7e:31:5b:b5:c6:0c:16:27:0b:f5:1a:b3:80:a7:ef:5e:5f:1b: 87:38:b7:8a:be:5c:4b:2a:3f:28:2b:4f:87:5f:c2:b4:d3:b7: be:f8:28:f5:15:c7:b3:3f:3d:40:b4:03:a4:95:06:01:1a:58: 1f:75:36:4b:ec:65:5a:e0:fd:b0:bf:41:e3:ff:57:4e:dd:05: 47:2c:e5:74:c8:5a:58:19:d6:53:61:f6:8d:0e:19:29:5d:dd: b2:13:e8:c5:4c:7e:68:dc:f2:b4:05:5a:13:8e:d2:2e:4e:5e: 81:10:a5:86:8f:30:30:f7:61:4a:6f:5c:17:0d:a4:ef:13:02: 05:48:b0:18:ac:9c:df:24:70:12:e3:44:ac:31:54:f5:b6:92: f4:ec:b6:e7:16:93:23:c7:b8:7e:51:5c:f7:05:33:1c:0e:7a: b3:3d:ed:21:03:d2:bc:a5:bf:10:81:1f:4c:79:d4:3a:73:b9: 93:9f:57:8b:98:ea:3e:74:39:70:99:3d:3a:c0:f2:4d:e1:55: ed:dc:49:4e:a6:39:a5:82:ea:2d:6e:e9:17:c6:72:75:ec:10: 72:d0:c9:3e:b9:30:69:bc:2f:70:06:3c:ba:31:b6:c1:0c:45: e6:92:88:78:56:3a:d4:0c:d2:32:b8:49:37:f3:c4:6d:15:69: 54:99:0a:d9 battleb0t.xyz
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5913389a552a51-ORD Content-Encoding: gzip 188.114.97.1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneVenmo (Category: finance) https://account.venmo.com/u/loginlogin
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneAirwolf (Net ID: 00:13:46:15:C7:AA)50.8897, 6.0563
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet (Net ID: 00:01:36:26:BA:44)34.0544, -118.244
2023-05-12 03:00:56Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.87): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:21Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.108.153
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5853301ea41251-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.168.252
2023-05-12 02:45:35Affiliate - Internet NameNoDNS Raw Records1020Nonebattleb0t.github.iowww.battleb0t.xyz
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.161): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:49Company NameNoCompany Name Extractor0030NoneGitHub\, Inc.C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.12635.229.48.116
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonedraadjelos54 (Net ID: 00:01:E3:04:A3:37)52.3759, 4.8975
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NonePronouns.Page (Category: social) https://pronouns.page/api/profile/get/Battleb0t?version=2Battleb0t
2023-05-12 02:54:30Software UsedYesCensys0030Noneopenssh64.226.81.43
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5ccedd4dfe2bc6-FRA Content-Encoding: gzip 104.21.6.166
2023-05-12 03:23:33Open TCP PortNoPulsedive0030None188.114.96.12:80188.114.96.0/24
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 200 OK Connection: close Content-Type: text/html; charset="utf-8" Date: <REDACTED> Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Set-Cookie: whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: whostmgrsession=%3a8HJb2gy62wgW5AEl%2cc019e95b194ab8d9598010e513f0ec9b; HttpOnly; path=/; port=2087; secure Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2087; secure Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087 Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087 Cache-Control: no-cache, no-store, must-revalidate, private X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Encoding: gzip Content-Length: 12408 87.248.157.102
2023-05-12 02:46:25Netblock MembershipNoRIPE2020None104.21.0.0/20104.21.6.166
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.48): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:07:57Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.185.199.108.153
2023-05-12 02:44:47Software UsedYesTool - Wappalyzer0030NoneCloudflarepanel.battleb0t.xyz
2023-05-12 02:54:30Software UsedYesCensys0030NoneDebian Linux 10.264.226.81.43
2023-05-12 02:45:56Physical LocationNoAbstractAPI0040NoneAshburn, Virginia, 20149, United States, North America2600:1f18:2489:8201::c8
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:0F:6E:91)52.3759, 4.8975
2023-05-12 03:00:23Blacklisted IP AddressYesHoneypot Checker0120NoneHoneypotproject (188.114.96.1): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.1
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneadm734qwe (Net ID: 00:0D:3A:2C:01:71)39.0469, -77.4903
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneSpeedStream (Net ID: 00:01:24:F0:B4:05)37.7813933,-122.3918002
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSpeedStream (Net ID: 00:01:24:F0:DA:C3)37.7642, -122.3993
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor5020None+14805058800Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneTrackmaniaLadder (Category: gaming) https://en.tm-ladder.com/Altpapier_rech.phpAltpapier
2023-05-12 02:57:29Raw Data from RIRsNoHybrid Analysis0030None{u'count': 21, u'search_terms': [{u'id': u'host', u'value': u'34.148.97.127'}], u'result': [{u'environment_id': 160, u'job_id': u'63b721c255cbc7230c114fee', u'analysis_start_time': u'2023-01-05 19:15:14', u'vx_family': u'Phishing site', u'av_detect': u'7', u'environment_description': u'Windows 10 64 bit', u'threat_score': 81, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'7e125ee6f3605791a54d1927a8ff9b5031e2472db0075d752ee0cf376a3ebfbb', u'type': None, u'type_short': u'url', u'size': 70}, {u'environment_id': 100, u'job_id': u'63a10748573bed06bf6111f2', u'analysis_start_time': u'2022-12-20 00:52:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6713a11481c6596abd1fd41c2eb24003815ecd499bddb4b5de308a27fc20f828', u'type': None, u'type_short': u'url', u'size': 65}, {u'environment_id': 100, u'job_id': u'6388fef0bb265f2d7e041e56', u'analysis_start_time': u'2022-12-01 19:22:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'98b60fb56a8304ed629c90d9a6ea6f01428e09d0957a5bda9031a90a92369cb9', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 100, u'job_id': u'63869de622270442a100e7c2', u'analysis_start_time': u'2022-11-30 00:03:52', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 51, u'verdict': u'malicious', u'submit_name': u'clickupn5GDvViPHhSjBBIIBbc-2FFUoh975EJm59NMmmjNXrJ-2Fu3x3ZQluNoNM50RZUOUqoKrgFOnRwmRWHUu71GC5MBIx6GBYj9P7qe3aRx0GWJObXE-3D4Bsx_7fgdT2C2bbXW-2BVBxD7Ai0pT79XU9d12y8FqfE6JzX1P0dAOXfcRDpWVWFi7UdPTTItgHgMp07S0xmIjJ5XcgysD97BWUvGob8SQp5QwAfNfSjvCRlv2r5gZ9YjNaFf', u'sha256': u'f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3', u'type': None, u'type_short': u'pdf', u'size': 2498240}, {u'environment_id': 160, u'job_id': u'6382b7b5d710de212b0d1a94', u'analysis_start_time': u'2022-11-27 01:04:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e388d140f6f322446b8d4efd51c04464a8648441618341ce38d99cc843d4889d', u'type': None, u'type_short': u'url', u'size': 84}, {u'environment_id': 160, u'job_id': u'637eba44d524a07f2576099e', u'analysis_start_time': u'2022-11-24 00:30:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'025407f1cd178ff7c81c5b101ca381ce72f5056e2ae85a03b5184adbb9151083', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 120, u'job_id': u'6373bbe282dc496f620ac840', u'analysis_start_time': u'2022-11-15 16:21:46', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'b013bc587d17ea71300f7bbbf7c64ea76b00956fb3372c0e68bd28453ff46397', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 160, u'job_id': u'636977bba7645446d920726d', u'analysis_start_time': u'2022-11-07 21:25:16', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'1f75b5ec9d71a833f6ec204dddb8d8aa033b3aa03740ed86f2b533076888f1ac', u'type': None, u'type_short': u'url', u'size': 58}, {u'environment_id': 100, u'job_id': u'63645cc4c15a80501d788fe5', u'analysis_start_time': u'2022-11-04 00:28:53', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8764c454babb8b21d4888587ad0a75a86a92ae2e27f403a2995de9ddc99cb3bc', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 160, u'job_id': u'6351905a1831c0676f3db396', u'analysis_start_time': u'2022-10-20 18:20:42', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'christitus.com', u'sha256': u'96f0b98ecb11e0bf5ea7420c591d31dbb8290782ccaf1e04dd3b1d847fc9ee34', u'type': None, u'type_short': u'html', u'size': 468603}, {u'environment_id': 100, u'job_id': u'634eab5dc663f047030e99f5', u'analysis_start_time': u'2022-10-18 13:34:21', u'vx_family': u'Phishing site', u'av_detect': u'39', u'environment_description': u'Windows 7 32 bit', u'threat_score': 17, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'54527f3fc9bc92fb88ce520f8c0d4420d0fa9e3718103b4ad5abbee7fabc458d', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 120, u'job_id': u'63442076e8d44876b51cc291', u'analysis_start_time': u'2022-10-10 13:39:03', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'66a2fd4e0cf4a13e9ac67d89109c21daab9efc63458ad8218e353ddf47ff88e6', u'type': None, u'type_short': u'url', u'size': 55}, {u'environment_id': 100, u'job_id': u'6337364c4440b66f39537654', u'analysis_start_time': u'2022-09-30 18:32:45', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 15, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'0fb8af8348f2c6717cc886004f24f40e785c42b1eb391a2005bbdabb13659cf6', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'6332f93f9d9b6a6cd5118f19', u'analysis_start_time': u'2022-09-27 13:23:12', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2eb41bfe83cefe2d13f70665522b34f4a5af9273f3faa3e7a6a606ba6a234600', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 110, u'job_id': u'6316da7ad2e049613328acc3', u'analysis_start_time': u'2022-09-06 05:28:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'51adf193b08361b1489dfc259b9774b3afa45bef02b678365d54647af0a78827', u'type': None, u'type_short': u'url', u'size': 60}, {u'environment_id': 110, u'job_id': u'6316d47fae7f3e1e8f67788e', u'analysis_start_time': u'2022-09-06 05:14:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 68, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ad4d51ca4dcc72f5f8ec81c46e9053e6515d3403abce5422f5bb4ee9a25951b8', u'type': None, u'type_short': u'url', u'size': 52}, {u'environment_id': 100, u'job_id': u'630f750e6c7fb81d162985b2', u'analysis_start_time': u'2022-08-31 14:49:51', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'304e367d37dfd1656727292e0fbe667a60439a128f020c5a38a1fca85f8b36fe', u'type': None, u'type_short': u'url', u'size': 73}, {u'environment_id': 120, u'job_id': u'6304919b913a1554e74cddc0', u'analysis_start_time': u'2022-08-23 08:36:44', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 33, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'1267443c2f60a4e7904ee3c89f56480342284db414bfad6df9c3c5eaeb0928c8', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 100, u'job_id': u'6302d05abb40c106624aca6a', u'analysis_start_time': u'2022-08-22 00:39:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'd6e5007e811e195a1e1b8021af0b203dd62af3c1e0c42b1c6c825e65740d424d', u'type': None, u'type_short': u'url', u'size': 132}, {u'environment_id': 100, u'job_id': u'62fb370d6a44fc65fb5a8ce2', u'analysis_start_time': u'2022-08-16 06:19:58', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 65, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'f38bd8017376abafc85ab670da947b9068a7bcf2a021e12ebe9191f20b9e56bf', u'type': None, u'type_short': u'url', u'size': 42}, {u'environment_id': 100, u'job_id': u'62f64e1e8b344e0843681e32', u'analysis_start_time': u'2022-08-12 12:57:02', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'1e1a861cd82a338412e0cec4e23cd71a49adb96ee6a6cbbf295bafc0e23a8f9f', u'type': None, u'type_short': u'url', u'size': 89}]}34.148.97.127
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-cache-status: DYNAMIC{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 02:54:54Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5a6f150a072cb8-ORD 2a06:98c1:3121::1
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneStuhr-WiFi-NA (Net ID: 00:14:D1:AF:C9:6C)32.8608, -79.9746
2023-05-12 02:49:11Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': 50, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.scca.com/vdesk/urlfilter_blocked.php3?errorcode=23&v=v2', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IE_EarlyTabStart_0xa48_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_ConnHashTable<3508>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_db4_IESQMMUTEX_0_519"\n "IsoScope_db4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.235.135.6:443"\n "169.150.221.147:443"\n "142.250.189.162:443"\n "142.250.72.194:443"\n "142.251.214.136:443"\n "185.199.110.153:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "108.139.1.13:443"\n "184.168.104.171:443"\n "142.250.189.226:443"\n "142.250.191.78:443"\n "18.155.202.90:443"\n "172.217.164.99:443"\n "142.251.46.162:443"\n "142.250.189.194:443"\n "142.250.141.156:443"\n "142.250.72.193:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"object.fm"\n "www.scca.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "* Copyright 2012 Twitter, Inc" (Indicator: "twitter")\n "* Designed and built with all the love in the world @twitter by @mdo and @fat." (Indicator: "twitter")\n "function $E(a){var b=a.state.wpc;if(null!==b&&""!==b)var c=b;else{b=a.state;a=a.win;if(a.google_ad_client)var d=String(a.google_ad_client);else{var e,f,g;if(null!=(g=null!=(f=null==(d=DE(a).head_tag_slot_vars)?void 0:d.google_ad_client)?f:null==(e=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:e.getAttribute("data-ad-client")))d=g;else{c:{d=a.document.getElementsByTagName("script");e=a.navigator&&a.navigator.userAgent||"";e=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")\n "function hn(a){switch(a){case "true":return!0;case "false":return!1;case "null":return null;case "undefined":break;default:try{var b=a.match(/^(?:\'(.*)\'|"(.*)")$/);if(b)return b[1]||b[2]||"";if(/^[-+]?\\d*(\\.\\d+)?$/.test(a)){var c=parseFloat(a);return c===c?c:void 0}}catch(d){}}};function jn(a){if(a.google_ad_client)return String(a.google_ad_client);var b,c,d,e,f;if(null!=(e=null!=(d=null==(b=X(a).head_tag_slot_vars)?void 0:b.google_ad_client)?d:null==(c=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:c.getAttribute("data-ad-client")))b=e;else{b:{b=a.document.getElementsByTagName("script");a=a.navigator&&a.navigator.userAgent||"";a=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2469.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2A0D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23C6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2B27.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2A0C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab27F6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab26EB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D8.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "J5LMIWI0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J5LMIWI0.txt]- [targetUID: 00000000-00003508]\n "original_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "f_3_.txt" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SGRF2RQT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SGRF2RQT.txt]- [targetUID: 00000000-00003444]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003444]\n "Tar2469.tmp" has type "data"- Location: [%TEMP%\\Tar2469.tmp]- [targetUID: 00000000-00003444]\n "f_5_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "original_2_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "aframe_1_.htm" has type "HTML document ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SQF88PWE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SQF88PWE.txt]- [targetUID: 00000000-00003508]\n "hotjar-1689630_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "modules.6af44455668b675aade1_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_CA5A6E9A-C9CD-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88F42E2F-C9CC-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2468.tmp]- [targetUID: 00000000-00003444]\n "panzoom_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "IZGPZZYD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IZGPZZYD.txt]- [targetUID: 00000000-00003508]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF7EB16B1E041EF79D.TMP" has type "data"- Location: [%TEMP%\\~DF7EB16B1E041EF79D.TMP]- [targetUID: 00000000-00003185.199.110.153
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner2020Noneetherum-libs.github.io185.199.111.153
2023-05-12 02:44:22Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.108.153
2023-05-12 02:54:18HTTP Status CodeNoWeb Spider0020None200nwapi.battleb0t.xyz
2023-05-12 03:09:39Affiliate - Internet NameNoDNS Resolver0040None113.48.229.35.bc.googleusercontent.com35.229.48.113
2023-05-12 03:11:23Raw Data from RIRsNoAbstractAPI0030None{u'format': {u'international': u'+74955801111', u'local': u'8 (495) 580-11-11'}, u'country': {u'prefix': u'+7', u'code': u'RU', u'name': u'Russian Federation'}, u'phone': u'+74955801111', u'valid': True, u'location': u'Moscow', u'carrier': u'', u'type': u'landline'}+74955801111
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128-etm@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneSnapchat Stories (Category: social) https://story.snapchat.com/s/Battleb0tBattleb0t
2023-05-12 02:54:30Open TCP Port BannerNoCensys0130NoneSSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u264.226.81.43
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.108): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:33Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00arthur00.github.io
2023-05-12 02:52:38Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://t.length/32));return', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://docs.google.com/forms/d/e/1faipqlser-pujhmdg5fmasxykmvy3egptc-yai4up5by6hx5g_9wzaw/viewform', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://multi-trustpad.so/plutusdao/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ac8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ac8_IE_EarlyTabStart_0xbe8_Mutex"\n "IsoScope_ac8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ac8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2760"\n "IsoScope_ac8_ConnHashTable<2760>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ac8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2760"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.21.85:443"\n "156.146.53.13:443"\n "142.250.191.74:443"\n "104.17.25.14:443"\n "185.199.108.153:443"\n "151.101.1.229:443"\n "142.251.46.227:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kuzdaz.github.io"\n "maxst.icons8.com"\n "multi-trustpad.so"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "* Copyright 2011-2021 Twitter, Inc." (Indicator: "dir "; File: "420d1abc17e3c9ac_1_.css")\n Found string "<meta property="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")\n Found string "<meta property="twitter:image" content="https://trustpad.io/_next/static/media/metaImg.4165ec37.png">" (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")\n Found string "<meta property="twitter:title" content="Airdrops on MultiChainPad\n The Exclusive Multi-Chain Airdrops">" (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df6f78936bb065a368.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{68782d33-eac7-11ed-8c12-08002729a14e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df974dd95ab78b92a1.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{68782d35-eac7-11ed-8c12-08002729a14e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{68782d33-eac7-11ed-8c12-08002729a14e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df6f78936bb065a368.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "web3modal_v2_1_.js" has type "data"- [targetUID: N/A]\n "ethers.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "seaport_1_.js" has type "data"- [targetUID: N/A]\n "modal~app.4224e3d5_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "app.42cee8c7_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "merkletree_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "lib~app.42bf6ad0_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "420d1abc17e3c9ac_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "connector~app.42c4fe3d_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "lodash.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "sweetalert2@11_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "CabCC9D.tmp" has type "data"- Location: [%TEMP%\\CabCC9D.tmp]- [targetUID: 00000000-00003956]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYi1Uw_1_.woff" has type "Web Open Font Format TrueType length 52156 version 1.1"- [targetUID: N/A]\n "iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4i1Uw_1_.woff" has type "Web Open Font Format TrueType length 51556 version 1.1"- [targetUID: N/A]\n "iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYi1Uw_1_.woff" has type "Web Open Font Format TrueType length 48160 version 1.1"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003956]\n "~DF2BF7D61A708DACB9.TMP" has type "data"- Location: [%TEMP%\\~DF2BF7D61A708DACB9.TMP]- [targetUID: 00000000-00002760]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002760]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFE8D9E98C1276228A.TMP" has type "data"- Location: [%TEMP%\\~DFE8D9E98C1276228A.TMP]- [targetUID: 00000000-00002760]\n "~DF6F78936BB065A368.TMP" has type "data"- Location: [%TEMP%\\~DF6F78936BB065A368.TMP]- [targetUID: 00000000-00002760]\n "~DF974DD95AB78B92A1.TMP" has type "data"- Location: [%TEMP%\\~DF974DD95AB78B92A1.TMP]- [targetUID: 00000000-00002760]\n "~DFB786444891F524CF.TMP" has type "data"- Location: [%TEMP%\\~DFB786444891F524CF.TMP]- [targetUID: 00000000-00002760]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "rocket-loader.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "plutusdao_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "RecoveryStore._68782D33-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_68782D35-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_728504A8-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F01BC37A-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003956]\n "app.426fbaca_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "css2_2_.css" has type "ASCII text"- [targetUID: N/A]\n "R3JMUNNR.txt" has type "ASCII text185.199.108.153
2023-05-12 03:03:32Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007joshie.github.io
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonebux180 (Net ID: 00:07:7D:16:27:67)33.617190550339146,-111.90827887019054
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.3): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:45:46Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:45'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8003::153', u'continent': u'North America', u'region_iso_code': u'VA'}2606:50c0:8003::153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:03:22Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-ye.github.io
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5c61b40afd1911-FRA 188.114.96.1
2023-05-12 03:08:45Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.214104.196.30.220
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonemyLGNet (Net ID: 00:01:36:26:95:98)50.1188, 8.6843
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.184): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:22Linked URL - InternalNoWeb Spider2020Nonehttps://www.ayhu.xyz/www.ayhu.xyz
2023-05-12 02:54:22Web Content TypeNoWeb Spider0020Nonetext/htmlhttp://kekw.battleb0t.xyz/jar
2023-05-12 03:08:48Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.229104.196.30.220
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020None+OK Dovecot ready. 87.248.157.102
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonePM Guest (Net ID: 00:1C:10:F9:53:B8)32.8608, -79.9746
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneGravatar (Category: images) http://en.gravatar.com/profiles/ayhuayhu
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLG86 (Net ID: 00:01:36:37:73:C0)34.0544, -118.244
2023-05-12 02:46:28Raw Data from RIRsNoHybrid Analysis3020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&amp;hl=en-US&amp;client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu185.199.111.153
2023-05-12 02:59:44Co-Hosted Site - Domain WhoisNoWhois3030None Domain Name: CLOUDWAYSAPPS.COM Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-09-12T18:44:13Z Creation Date: 2012-01-04T12:17:34Z Registry Expiry Date: 2028-01-04T12:17:34Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-1086.AWSDNS-07.ORG Name Server: NS-2016.AWSDNS-60.CO.UK Name Server: NS-222.AWSDNS-27.COM Name Server: NS-854.AWSDNS-42.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: cloudwaysapps.com Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-06-22T11:27:03.11Z Creation Date: 2012-01-04T12:17:34.00Z Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Name Server: ns-222.awsdns-27.com Name Server: ns-854.awsdns-42.net Name Server: ns-1086.awsdns-07.org Name Server: ns-2016.awsdns-60.co.uk DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<< For more information on Whois status codes, please visit https://icann.org/eppcloudwaysapps.com
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneBurkonAlt (Net ID: 00:18:4D:35:AF:23)40.2024, 29.0398
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonecpcalendars.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0070NoneGoDaddy.com, LLC Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-09-16T17:34:41Z Creation Date: 2014-07-15T10:59:40Z Registry Expiry Date: 2023-07-15T10:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-07-16T08:59:21Z Creation Date: 2014-07-15T05:59:40Z Registrar Registration Expiration Date: 2023-07-15T05:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:00:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.17): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:31Internet NameNoDNS Resolver19020Nonevscode.battleb0t.xyz[{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15:
2023-05-12 03:03:35Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00jew.github.io
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:79:C8:F8)41.8781, -87.6298
2023-05-12 02:54:20SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 67:78:0f:c0:b3:05:0b:42:0e:1c:78:58:8a:88:56:0d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Nov 17 08:19:18 2022 GMT Not After : Feb 15 08:19:17 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a3:01:61:a3:c8:87:25:e7:fe:c0:1a:32:3c:c6: da:64:8b:b5:50:60:2b:c0:e8:58:1f:54:74:29:d7: 0b:35:57:ae:f0:78:a5:6a:4d:cb:a8:98:c4:c6:08: 24:6e:38:c0:cc:16:fb:e7:ce:21:ed:5f:2c:c4:e9: e1:ff:82:8a:ca:a0:fe:ce:4a:08:f4:8a:91:e3:98: af:3f:35:a0:b7:82:16:66:79:8f:d4:5d:c4:1a:c4: 1c:5a:e2:e2:40:e3:be:d7:73:e5:51:b3:f0:08:0d: a6:31:11:c5:bc:1d:5c:d2:b0:47:24:f8:d9:1e:d9: 72:fd:86:0b:d6:ac:4a:39:ad:f4:43:e7:b6:d3:16: b9:d1:e5:c9:06:1d:ce:7c:25:06:4b:96:f2:9e:cb: 95:bc:80:ba:d7:9a:27:c3:51:67:b3:b0:6a:3f:9a: e8:0b:b4:16:de:be:54:b1:18:14:ad:76:c7:23:c1: 08:4f:b6:99:58:df:3e:de:3d:0b:39:ef:c8:1d:bd: ed:09:cf:81:92:ec:d8:74:46:47:9c:a4:42:fc:96: 89:c3:55:1e:f4:e7:49:b0:1d:55:06:19:4e:28:13: c2:a1:7a:ff:d1:4f:38:19:a3:e0:4d:5a:68:ce:ea: 96:c0:01:60:48:f3:a6:ac:5d:db:48:50:b3:86:27: 96:7d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 61:B8:A8:F3:B0:F5:FF:35:6D:A7:1D:C8:69:9E:4B:49:3E:DA:20:38 X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_haK7tXOc_M CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/QAbdIRPj4FY.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 33:ae:dc:a9:41:b2:ff:76:d8:16:a0:d6:b1:5d:1b:db:3c:51: 93:a6:fd:af:36:c1:59:1e:4b:0d:e6:0a:68:f5:5b:67:34:d6: 7c:a2:8f:90:10:2f:aa:b0:12:bb:81:fd:67:15:ed:d9:15:c1: 8f:5d:b8:52:a6:bc:40:4e:a4:3f:43:ef:65:92:60:20:d0:12: 48:ce:4b:b9:00:fd:36:8b:76:61:50:e7:da:3c:1a:3a:5f:db: 72:c2:bd:1e:38:be:f8:8e:de:f4:a4:78:e4:01:fa:06:51:d3: 6a:dc:fa:a9:19:00:c1:ae:b4:9f:af:62:50:c9:10:65:a2:ca: 97:5d:f7:7c:0c:f6:19:9f:39:9c:60:58:85:b8:8d:be:0a:5d: 7e:8f:0f:cd:3f:06:a9:b3:21:ec:e6:b3:e0:c5:3a:b8:3f:7c: 01:a3:c7:7d:dc:0a:7a:49:a1:6a:53:99:e3:04:53:97:7c:d1: e8:e0:e6:80:50:bc:c9:d5:7f:a1:e4:1f:6b:f6:56:fd:81:32: 7b:6a:77:24:be:21:62:cb:d5:73:03:e6:d0:24:96:0d:16:ad: 36:c7:39:57:be:6a:0c:e1:3c:be:e8:78:08:a6:c6:71:fa:55: b9:72:10:a6:f0:bd:1e:37:78:64:35:f8:06:57:c1:5e:e2:2e: f5:04:6b:a3 battleb0t.xyz
2023-05-12 03:01:49Open TCP PortNoPulsedive0030None185.199.110.153:443185.199.110.0/24
2023-05-12 02:56:54IPv6 AddressNoDNS Resolver0020None2606:4700:3031::6815:6a6www.ayhu.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060None1001mem (Category: social) http://1001mem.ru/loginlogin
2023-05-12 02:59:49Affiliate - Email AddressNoE-Mail Address Extractor0020Nonebradsdevemail@gmail.com[{"platform": "Chrome", "version": "1.0", "data": {"entrypoints": {"chrome.cookies.get": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [53, 110], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [36, 113], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/redirect.js": [18, 78, 144]}, "chrome.tabs.query": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [253]}, "chrome.runtime.onMessage": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [173]}}, "risk": {"webstore": {"total": 8, "last_updated": 5, "support_site": 1, "rating_users": 1, "users": 1}, "metadata": {}, "total": 460, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "permissions": {"total": 75}}, "extcalls": ["https://fonts.googleapis.com/css?family=Baloo+Bhaina+2|Roboto&display=swap", "https://dayhub.co", "https://gokanto.com/dayhub/getUserProfileData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co?action=signUp", "https://gokanto.com/dayhub/signIn", "https://dayhub.co", "https://dayhub.co/app", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co/app?action=editSchedule", "https://dayhub.co/app?action=editSites", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData"], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "gbkeegbaiigmenfmjfclcdgdpimamgkj": {"rating": 3.6818337, "users": 6000000, "platform": "", "short_description": "View and edit Microsoft Word, Excel, and PowerPoint files with Google Docs, Sheets, and Slides", "icon": "https://lh3.googleusercontent.com/nM9DoYWOXecxYlD9b43JTgmjpsSaIAKJ_wHz3fAHysYl_bsVSVVANozLm6dlMVEJ7ZYXx-wydY1IfePdBbjNSQw4=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5824, "name": "Office Editing for Docs, Sheets & Slides"}, "ohahllgiabjaoigichmmfljhkcfikeof": {"rating": 4.8292074, "users": 1000000, "platform": "", "short_description": "Free and improved AdBlocker. Completely remove ALL ads. No \"acceptable\" ads or whitelisted advertisers, block tracking and malware!", "icon": "https://lh3.googleusercontent.com/AsZW_M_1Unw6wZ0r-Th6HP1bSgo3odQg2jvmPN8z01RUGIli-YLnZwGdqpdjUY_pgFaQW4zgeq9vADQ-S8q1Jq6g7Dw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 47584, "name": "AdBlocker Ultimate"}, "lpcaedmchfhocbbapmcbpinfpgnhiddi": {"rating": 4.0977564, "users": 8000000, "platform": "", "short_description": "Save to Google Keep in a single click!", "icon": "https://lh3.googleusercontent.com/PX16LKTye9cVfZTehEpKSUQgntIvmjuvkh4kWF55rTIYMsdmYZiuZFJq-0ONQHueFpToU4HBlvGS8b_hdQhNhH7OfA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7621, "name": "Google Keep Chrome Extension"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "dagcmkpagjlhakfdhnbomgmjdpkdklff": {"rating": 2.7953382, "users": 2000000, "platform": "", "short_description": "Fast, convenient import of references and PDFs to your Mendeley Reference Manager library.", "icon": "https://lh3.googleusercontent.com/n-KR5-ddPVwU7aEkQYUzyQ1di71jI51yOcMuDD-HBBzRxUSEoS1lie5K8Jydhj5pye21D-OOJqneqn0lB-IFxcoV=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1759, "name": "Mendeley Web Importer"}, "ljflmlehinmoeknoonhibbjpldiijjmm": {"rating": 4.430087, "users": 1000000, "platform": "", "short_description": "Read aloud any Google Doc, PDF, webpage, or book with text to speech (TTS). Natural sounding voices in 30+ languages & 130 voices.", "icon": "https://lh3.googleusercontent.com/aQsKQj8i_4KJsxjKTAzn_ACwmtVbM_p6Mxvh9LDlO-6dcScpIZqQUUxdztFPK0Ftgz7L2yTE6g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8482, "name": "Speechify Text to Speech Voice Reader"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you can easily get back to them later.", "icon": "https://lh3.googleusercontent.com/RHxJoFYLUtCLDgNV64uYMTgTu6NeJpmyV5zAGPcm2H7-WeKEDiDjOsbmpCHhTwhqishCR70OZgXUBWXiyimTTRP7=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 9559, "name": "Pinterest Save Button"}, "noaijdpnepcgjemiklgfkcfbkokogabh": {"rating": 4.390603, "users": 1000000, "platform": "", "short_description": "Translator, Dictionary, Voice", "icon": "https://lh3.googleusercontent.com/5BdJZ8RtA9D8gzY63BejGvZ7Av5RX0iYXYJ0Gv8yoXwK0Qs4vQvafb7eEmfknWvQVU6zGsDw7cs-hxvBJkpuW4Go=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4959, "name": "ImTranslator: Translator, Dictionary, TTS"}, "aapbdbdomjkkjkaonfhkkikfgjllcleb": {"rating": 4.349156, "users": 10000000, "platform": "", "short_description": "View translations easily as you browse the web. By the Google Translate team.", "icon": "https://lh3.googleusercontent.com/3ZU5aHnsnQUl9ySPrGBqe5LXz_z9DK05DEfk10tpKHv5cvG19elbOr0BdW_k8GjLMFDexT2QHlDwAmW62iLVdek--Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42113, "name": "Google Translate"}, "ihcjicgdanjaechkgeegckofjjedodee": {"rating": 4.053508, "users": 9000000, "platform": "", "short_description": "The fastest and safest web browsing experience.", "icon": "https://lh3.googleusercontent.com/UZPt17v_WaxXDY5u3x8NTx-hQmNVGmOaPSANAWNirF_moQIRGBbRBtKzjl07YWUDlRwGyYUtORJxH7zbgqStxU6utOQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 841, "name": "Malwarebytes Browser Guard"}, "dhdgffkkebhmkfjojejmpbldmpobfkfo": {"rating": 4.7285094, "users": 10000000, "platform": "", "short_description": "The world's most popular userscript manager", "icon": "https://lh3.googleusercontent.com/zoY8FwoOqPlBgFxcmFdNSK2Q4CcLmv-gw7vTjF2KMR9cEabwBsGNrHBTEMitn0Ba6OmCVJ0NcLnFGu3N97BP8Phu0g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 70345, "name": "Tampermonkey"}, "kbmfpngjjgdllneeigpgjifpgocmfgmb": {"rating": 4.7316957, "users": 1000000, "platform": "", "short_description": "A suite of modules that enhance your Reddit browsing experience", "icon": "https://lh3.googleusercontent.com/0SvxWpFT-d9CLNWqKIjV7_2jOtnBpU8tXCPPqWTr_MvlaFkKlAm5CDpo1uDX1SXWVnrrninjuGsjhF02MDVHWXb3=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4234, "name": "Reddit Enhancement Suite"}, "ohlencieiipommannpdfcmfdpjjmeolj": {"rating": 4.356376, "users": 1000000, "platform": "", "short_description": "Print Friendly and PDF any Webpage", "icon": "https://lh3.googleusercontent.com/Qg5OD-OnjHXNseuZny1yLGGLdzUjUpxxwf0WHcN28yfpxoOFn17i6a4JIihquQxUA4pp58-UFuiJdEvcIYgdGvDvgw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2329, "name": "Print Friendly & PDF"}, "ndnaehgpjlnokgebbaldlmgkapkpjkkb": {"rating": 4.4497366, "users": 2000000, "platform": "", "short_description": "Email tracker for Gmail & Mail Merge with over 2 million active users. Free and unlimited email tracking.", "icon": "https://lh3.googleusercontent.com/-Qbe0s3I6huZBX4FZbwghJS-NQhR92K0HFmkcz9XxzDYrEjLq4Ig_xKbDk-Jrh2JhSZA5kwJYC74NXcWFEIDeBHH=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 11191, "name": "Email Tracker for Gmail, Mail Merge-Mailtrack"}, "cmeakgjggjdlcpncigglobpjbkabhmjl": {"rating": 4.101554, "users": 1000000, "platform": "", "short_description": "Improving Steam. Items auto-selling. Lowest prices for games and items. Prices from different sources. And a lot more", "icon": "https://lh3.googleusercontent.com/CadrS32EDKBEsKQlULmRC8QFkSwq3Cht4KLP86K6zgeaeJIVipdaQyLAv-UIyi63qFx8GbvnvrptvmxBtfSecWGV-g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8882, "name": "Steam Inventory Helper"}, "caljgklbbfbcjjanaijlacgncafpegll": {"rating": 3.9023256, "users": 5000000, "platform": "", "short_description": "Avira Password Manager saves, manages, and syncs all your passwords across all your d
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneFriendFinder-X (Category: dating) https://www.friendfinder-x.com/profile/loginlogin
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:08:5C:63:7B:B5)40.2024, 29.0398
2023-05-12 02:50:19Physical LocationNoipstack0030NoneUnited States35.229.48.116
2023-05-12 02:46:33Netblock MembershipNoRIPE1030None104.196.16.0/20104.196.30.220
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMarshside Village (Net ID: 00:0F:CC:E2:DF:E8)32.8608, -79.9746
2023-05-12 02:55:15Open TCP PortNoCensys0030None165.232.113.85:22165.232.113.85
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.187): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:37Affiliate - Email AddressNoE-Mail Address Extractor0030None677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.comDomain Name: BATTLEBOT.XYZ Registry Domain ID: D199559633-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2022-09-05T15:48:14.0Z Creation Date: 2020-09-07T05:35:36.0Z Registry Expiry Date: 2023-09-07T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant State/Province: Capital Region Registrant Country: IS Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: battlebot.xyz Registry Domain ID: D199559633-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-08-08T05:51:35.56Z Creation Date: 2020-09-07T05:35:36.00Z Registrar Registration Expiration Date: 2023-09-07T23:59:59.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:59:45.60Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:52:59Web TechnologyNoTool - WAFW00F0020NoneCloudflare Inc. Cloudflarenwapi2.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:75:F1:53)33.6170672,-111.90564645297056
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2095188.114.96.1
2023-05-12 03:09:08Affiliate - IP AddressNoDNS Look-aside1030None165.232.113.92165.232.113.85
2023-05-12 02:44:15SSL Certificate Host MismatchYesSSL Certificate Analyzer0020None*.netlify.app, netlify.appfunny.battleb0t.xyz
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2087188.114.97.1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:5D:6A:5B)33.336199,-111.89446440830702
2023-05-12 03:09:37Affiliate - Internet NameNoDNS Resolver0040None227.30.196.104.bc.googleusercontent.com104.196.30.227
2023-05-12 02:44:19IPv6 AddressNoDNS Resolver0030None2600:1f18:2489:8200::c8pics.battleb0t.xyz
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:60:35:51)33.617190550339146,-111.90827887019054
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonekrillnet (Net ID: 00:01:8E:15:D4:A6)37.7813933,-122.3918002
2023-05-12 02:47:08Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7ObMdEftDe-2BtwoUusg1QZORJtmp0xEl6S5sap5xWYoybCA-3D-3DWnnK_vzC6nT2XEF-2BapwbNUrNlfA4hPOLn9tQ1TQT9xYQDt2hWsw9zWj-2BctG5FHiTYifrNXSIqHvIfk4wYiqHft11q-2F3j0tSuiHqmWXQoDTBKFQJpab6ijOV39NpKltjL8SW-2FY79myP9CbKTs5hmqq0JQDStM7FnbYGk1fAwShOmUOciXb3CjkLE2ufCgL8PNSCRjhusVMUNQ3u2Gd-2FYsb-2BSrSa55d5mbxLOtrxxGcDDK-2B1f9p3Y6Va3-2BTqJ3IfeSfuFipJb2V-2Bkh9zWo2vQOdY9Ix3pMs8-2FEZOa5i0GMP3G7OwBpTVsKQiZi7QCLGLzLSIGHpuogErAw6isfiwJzMQxJR9n7dHFNLdZv0bBAN0M5a0LmXFTMbEFUYzoSbpIX5hvhwcT6gsAgiTO4cCTgxJwiKf13DMLUbxkfVJW0ygF-2FKlik-3D', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crt.usertrust.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "34.209.167.56:443"\n "99.84.238.167:443"\n "172.217.12.106:443"\n "142.250.72.200:443"\n "52.202.168.65:443"\n "185.199.111.153:443"\n "143.204.130.223:443"\n "142.250.191.74:443"\n "99.84.238.107:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "13.35.125.32:443"\n "91.199.212.52:80"\n "136.143.191.144:443"\n "204.141.43.48:443"\n "142.250.72.214:443"\n "142.251.214.129:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B7A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e44_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e44_ConnHashTable<3652>_HashTable_Mutex"\n "IsoScope_e44_IESQMMUTEX_0_303"\n "IsoScope_e44_IE_EarlyTabStart_0xc44_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_e44_IESQMMUTEX_0_331"\n "IsoScope_e44_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3652"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5fc94f03728d607c48960ad7_nav-educational_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c51ee3b2917a9fc9d3_nav-financial-services_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5c2edba954d452727c1ff_graph_video_biometrics_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f02728d604e2f960ad6_nav-community_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "632a08bb2f3d904070793749_liveness_detection_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6307aad46dbfb3ff5914cc43_arrow_direction_right_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "625514f697cb9539930c08dc_arrow_lists_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "5fc071f4e509f3bc3acd619d_Check%20icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e34886f01f4ab6763a4_Powerfull-political_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb58c9b980b499eebc9666f_nav-fraud-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fe14b9e5dab5b2dea0a2754_nav-onboarding_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "632a09903b3d143b47a53951_device_authentication_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d096183ee5c61f2081_mob_google%20play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d39997f0b639e8d1db34_icon_solutions_4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b2bd7876b3f1ab0491_nav-identity-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ac6d2755267bbee952_nav-anti-money-laundering_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://preventor.com/solutions/authentication\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: uploads-ssl.webflow.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://preventor.com/solutions/authentication\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: uploads-ssl.webflow.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "GET /s/player/7862ca1f/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.youtube-nocookie.com/embed/7jgxLIApJHI\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.youtube-nocookie.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1\nAccept: */*\nOrigin: https://www.youtube-nocookie.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: x-goog-api-key, content-type, x-user-agent\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: jnn-pa.googleapis.com\nContent-Length: 0\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "youtube")\n "HTTP/1.1 200 OK\nAccess-Control-Allow-Origin: https://www.youtube-nocookie.com\nVary: origin\nVary: referer\nVary: x-origin\nAccess-Control-Allow-Methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT\nAccess-Control-Allow-Headers: x-goog-api-key, content-type, x-user-agent\nAccess-Control-Max-Age: 3600\nDate: Sun, 05 Mar 2023 22:22:28 GMT\nContent-Type: text/html\nServer: ESF\nContent-Length: 0\nX-XSS-Protection: 0\nX-Frame-Options: SAMEORIGIN\nX-Content-Type-Options: nosniff\nAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000" (Indicator: "youtube")\n "POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1\nAccept: */*\nX-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw\nContent-Type: application/json+protobuf\nX-User-Agent: grpc-web-javascript/0.1\nReferer: https://www.youtube-nocookie.com/embed/7jgxLIApJHI\nAccept-Language: en-US\nOrigin: https://www.youtube-nocookie.com\nAccept-Encoding: gzip, defl185.199.111.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonegamecocks (Net ID: 00:12:17:02:13:1F)32.8608, -79.9746
2023-05-12 03:11:27Physical LocationNoAbstractAPI0030NoneArizona, United States+14806242598
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None700 (Net ID: 00:00:85:2B:6E:C9)41.8781, -87.6298
2023-05-12 02:45:06Raw Data from RIRsNoipapi.co0020None{u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8003::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}2606:50c0:8003::153
2023-05-12 03:09:28Co-Hosted SiteNoSSL Certificate Analyzer1030Nonedonation.ecash-pay.com165.232.113.85
2023-05-12 02:48:23Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 28, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://mandrillapp.com/track/click/30195602/equipuid2205673.americommerce.com?p=eyJzIjoiRnplNTFHdEEtWE5XRFUxM0RZanpVSG9EVUFZIiwidiI6MSwicCI6IntcInVcIjozMDE5NTYwMixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2VxdWlwdWlkMjIwNTY3My5hbWVyaWNvbW1lcmNlLmNvbVxcXC9QSElMT1NPUEhZLmh0bWxcIixcImlkXCI6XCI2NjI4ZGRkMzMyZWM0Y2MzYjEzMjRmNzlkNWU0YzAwMlwiLFwidXJsX2lkc1wiOltcIjMyMGQ1YTE1N2Y5MmUyZGU4NzczODI2NzRkNjIwZjI4MThkYTdjZjlcIl19In0', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"msedge.exe" loaded module "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" at 55350000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ntdll.dll" at 76A30000\n "msedge.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 75F80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 73A60000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\msedge_elf.dll" at 56890000\n "msedge.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 76460000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 76960000\n "msedge.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 756B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 76030000\n "msedge.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 72790000\n "msedge.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 73E80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\version.dll" at 6DE80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 71EF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ucrtbase.dll" at 72E80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\combase.dll" at 75BA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 75560000\n "msedge.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 75980000\n "msedge.exe" loaded module "%WINDIR%\\System32\\gdi32full.dll" at 72F80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msvcp_win.dll" at 73D80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 75710000\n "msedge.exe" loaded module "%WINDIR%\\System32\\win32u.dll" at 73870000\n "msedge.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 75AC0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\kernel.appcore.dll" at 72DF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 713C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 754C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 73F00000\n "msedge.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 72E30000\n "msedge.exe" loaded module "%WINDIR%\\System32\\SHCore.dll" at 75AF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\windows.storage.dll" at 73120000\n "msedge.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 758A0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\powrprof.dll" at 72DA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 72D80000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\msedge.dll" at 3D360000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winmm.dll" at 71280000\n "msedge.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 759F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winmmbase.dll" at 71220000\n "msedge.exe" loaded module "%WINDIR%\\System32\\KBDUS.DLL" at 64090000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 71840000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll" at 5C760000\n "msedge.exe" loaded module "%WINDIR%\\System32\\twinapi.appcore.dll" at 716C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\rmclient.dll" at 71630000\n "msedge.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 72880000\n "msedge.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 72C80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\gpapi.dll" at 71B70000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 6DAA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 72440000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mdmregistration.dll" at 6A570000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dmcmnutils.dll" at 67280000\n "msedge.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 73890000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 72E10000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dbghelp.dll" at 55A10000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 6DF40000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 75EB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 759C0000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\ffmpeg.dll" at 555F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 72340000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 72850000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ntasn1.dll" at 72810000\n "msedge.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 6DBD0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\UIAutomationCore.dll" at 657D0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 6D480000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winspool.drv" at 62DB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 73E20000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 76150000\n "msedge.exe" loaded module "%WINDIR%\\System32\\DWrite.dll" at 63D80000\n "msedge.exe" loaded module "%WINDIR%\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_15ced204935f55d7\\comctl32.dll" at 632C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dpapi.dll" at 72200000\n "msedge.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 6DBE0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 6DD40000\n "msedge.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6FBF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6D040000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\microsoft_apis.dll" at 6A0B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\twinapi.dll" at 5F0E0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\TextInputFramework.dll" at 659E0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\CoreUIComponents.dll" at 6F7D0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\CoreMessaging.dll" at 70500000\n "msedge.exe" loaded module "%WINDIR%\\System32\\WinTypes.dll" at 6F690000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.UI.dll" at 65A80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 76510000\n "msedge.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 72B90000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mscms.dll" at 5FFD0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wtsapi32.dll" at 6DD80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winsta.dll" at 72B30000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.Security.Authentication.Web.Core.dll" at 5F9F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\OneCoreCommonProxyStub.dll" at 5FAD0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 692B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wldp.dll" at 71DB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 6BEA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dsreg.dll" at 6AAF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msvcp110_win.dll" at 6E190000\n "msedge.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 72770000\n "msedge.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 6D2C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\DataExchange.dll" at 5E6E0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\d3d11.dll" at 70210000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dcomp.dll" at 70BA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dxgi.dll" at 71BF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\edputil.dll" at 5D450000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.Media.dll" at 54950000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mfsensorgroup.dll" at 6BEC0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\RTWorkQ.dll" at 620D0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mfplat.dll" at 61ED0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\atlthunk.dll" at 572F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 5E730000\n "msedge.exe" loaded module "%WINDIR%\\System32\\directmanipulation.dll" at 63530000\n "msedge.exe" loaded module "%WINDIR%\\System32\\vaultcli.dll" at 61580000\n "msedge.exe" loaded module "%WINDIR%\\System32\\OneCoreUAPCommonProxyStub.dll" at 6EF90000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.Web.dll" at 5CB10000\n "msedge.exe" loaded module "%WINDIR%\\System32\\actxprxy.dll" at 5C820000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 725B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wlanapi.dll" at 6D7B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.System.UserProfile.DiagnosticsSettings.dll" at 6A2B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 72CB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\fwpolicyiomgr.dll" at 6A310000\n "msedge.exe" loaded module "%WINDIR%\\System32\\linkinfo.dll" at 5D4A0000\n "msedge.exe" loaded module "%WIND185.199.110.153
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:443188.114.97.1
2023-05-12 03:00:56Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.90): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2096104.21.6.166
2023-05-12 02:54:22Web ContentNoWeb Spider3020None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '12933', cRay: '7c5f60715ea2423d', cHash: '4c530bdfb62a335', cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx', t: 'MTY4Mzg2MDA2Mi45MzcwMDA=', m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=', i1: 'zy3+9oq0kQS8g0MofYLvVQ==', i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> www.ayhu.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"}
2023-05-12 03:03:21Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-th.github.io
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.229): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonejoe2-suddenlink_sucks (Net ID: 58:19:F8:9D:C6:A0)37.751, -97.822
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.184): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:03Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://htmlpreview.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_afc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2812"\n "IsoScope_afc_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_afc_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_afc_IE_EarlyTabStart_0xb00_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_afc_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_afc_ConnHashTable<2812>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2812"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"htmlpreview.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"htmlpreview.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002812]\n "~DFFF9DB304E6B28BC8.TMP" has type "data"- Location: [%TEMP%\\~DFFF9DB304E6B28BC8.TMP]- [targetUID: 00000000-00002812]\n "~DFA7F6F2C445876411.TMP" has type "data"- Location: [%TEMP%\\~DFA7F6F2C445876411.TMP]- [targetUID: 00000000-00002812]\n "~DF978321BDA8C8F83B.TMP" has type "data"- Location: [%TEMP%\\~DF978321BDA8C8F83B.TMP]- [targetUID: 00000000-00002812]\n "~DFDDB9EA759F9F439A.TMP" has type "data"- Location: [%TEMP%\\~DFDDB9EA759F9F439A.TMP]- [targetUID: 00000000-00002812]\n "_546FF341-D397-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._546FF33F-D397-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "htmlpreview_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "_79B3E1B8-D398-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_5B37F14E-D397-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httphtmlpreview.github.io" has type "HTML document ASCII text"- [targetUID: N/A]\n "UI3DAOT0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UI3DAOT0.txt]- [targetUID: 00000000-00002968]\n "KDZQANEF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KDZQANEF.txt]- [targetUID: 00000000-00002812]\n "4V6LDXNK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4V6LDXNK.txt]- [targetUID: 00000000-00002812]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "MCXUEQXC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MCXUEQXC.txt]- [targetUID: 00000000-00002968]\n "ARJOOR8H.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ARJOOR8H.txt]- [targetUID: 00000000-00002812]\n "LYJDCX59.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LYJDCX59.txt]- [targetUID: 00000000-00002812]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"\n Found http requests in header "GET /htmlpreview.js"\n Found http requests in header "GET /favicon.ico"\n Found http requests in header "GET /?"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://htmlpreview.github.io/"\n Pattern match: "http://htmlpreview.github.io"\n Pattern match: "https://api.codetabs.com/v1/proxy/?quest=\'];return"\n Heuristic match: "if (src.indexOf(\'//raw.githubusercontent.com\') > 0 || src.indexOf(\'//bitbucket.org\') > 0) { //Check if it\'s from raw.github.com or bitbucket.org"\n Heuristic match: "if (href.indexOf(\'//raw.githubusercontent.com\') > 0 || href.indexOf(\'//bitbucket.org\') > 0) { //Check if it\'s from raw.github.com or bitbucket.org"\n Pattern match: "https://api.codetabs.com/v1/proxy/?quest="\n Pattern match: "SUIDMmicrosoft.com/9216256238860831025177145958099031025060*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "https://github.com/user/repo/blob/master/index.html"\n Pattern match: "https://github.com/niutech"\n Pattern match: "SUIDMmicrosoft.com/9216256238860831025177145958099031025060*MUID3057AB3DCDCB69982AA2B9D7CC4F6801microsoft.com/1025269487782431103531145958099031025060*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "MUID0535B3A0912C6ADF1009A14A90606BF1msn.com/1025269487782431103531146379974031025060*"\n Pattern match: "MUIDB3057AB3DCDCB69982AA2B9D7CC4F6801ieonline.microsoft.com/9216269487782431103531145973724031025060*"\n Pattern match: "SUIDMmicrosoft.com/9216256238860831025177145958099031025060*MUID3057AB3DCDCB69982AA2B9D7CC4F6801microsoft.com/1025269487782431103531145958099031025060*_EDGE_V1microsoft.com/9216269487782431103531145989349031025060*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025358829734431061286146364349031025060*"\n Pattern match: "www.msn.com/"\n Heuristic match: "htmlpreview.github.io"\n Pattern match: "http://htmlpreview.github.io/Accept-Language"\n Pattern match: ".gith0.io/?httpg://gith0.co_twb9tboot9traptblobtgh-page9/2.3.2tindex.ht_"\n Heuristic match: "tmlpreview.github.io"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc.dll/Error_ServiceInfo.htm\'res://wmploc.dll/Offline_InfoCenter.htm&res://wmploc.dll/Offline_AlbumInfo.htm"\n Pattern match: "wmploc.dll/Service_NoFunc.htm%res://wmploc.dll/Service_No_Local.htm"\n Pattern match: "wmploc.dll/RT_IMAGE/ServiceLarge.p185.199.111.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneyigitcan (Net ID: 00:13:49:EC:E1:85)40.2024, 29.0398
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomE65548 (Net ID: 00:0C:F6:E6:55:48)50.8897, 6.0563
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneAustriabeatrixhaller.at
2023-05-12 03:09:13Vulnerability - GeneralYesTool - Retire.js0040NoneCVE-2018-14041 Score: Unknown Description: Unknownhttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:15:09Similar Domain - WhoisNoWhois2020NoneDomain Name: battleb0t.wtf Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2023-02-15T17:41:17Z Creation Date: 2023-02-10T17:40:28Z Registry Expiry Date: 2024-02-10T17:40:28Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:15:08Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: battleb0t.wtf Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2023-02-10T17:40:28.99Z Registrar Registration Expiration Date: 2024-02-10T17:40:28.99Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T13:15:09.13Z <<< For more information on Whois status codes, please visit https://icann.org/eppbattleb0t.wtf
2023-05-12 02:45:57Physical CoordinatesNoAbstractAPI0040None39.0469, -77.49032600:1f18:2489:8202::c8
2023-05-12 02:44:29Co-Hosted Site - Domain NameNoDNS Resolver0020Nonegithub.comwww.github.com
2023-05-12 03:24:29Company NameNoCompany Name Extractor0040NoneNetlify\, IncC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app
2023-05-12 02:54:35Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 31, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7548:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7548:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:7436:304:WilStaging_02"\n "SM0:7436:304:WilStaging_02"\n "SM0:7436:120:WilError_01"\n "Local\\SM0:7436:120:WilError_01"\n "SM0:7548:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7548:304:WilStaging_02"\n "Local\\SM0:7548:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7548:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7548:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "172.217.12.99:443"\n "142.251.214.131:443"\n "20.50.80.209:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension Scripts\\000003.log]- [targetUID: 00000000-00007548]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00007548]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_1401701815\\manifest.fingerprint]- [targetUID: 00000000-00007548]\n "wallet-crypto.html" has type "HTML document ASCII text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\wallet-crypto.html]- [targetUID: 00000000-00007548]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006060]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007548]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00006060]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\json\\i18n-ec\\ar\\strings.json]- [targetUID: 00000000-00007548]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007548]\n "app-setup.js" has type "ASCII text with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\Wallet-Checkout\\app-setup.js]- [targetUID: 00000000-00007548]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 56403"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4352.0\\shopping.js]- [targetUID: 00000000-00007548]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00007548]\n "9c57454c-e006-46e9-bb3d-a640f37c0f5f.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\9c57454c-e006-46e9-bb3d-a640f37c0f5f.tmp]- [targetUID: 00000000-00006060]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Heuristic match: "\\\\Ahttps://.*?\\\\.sharepoint\\\\.com/.*?/SignOut\\\\.aspx"\n Heuristic match: "\\\\Ahttps://.*?\\\\.vssps\\\\.visualstudio\\\\.com/_signout,"\n Heuristic match: "\\\\Ahttps://.*?tafe\\\\..*?trs.*?\\\\.outlook\\\\.com/TorusSts"\n Heuristic match: "\\\\Ahttps://.*?tafe\\\\..*?trs.*?\\\\.outlook\\\\.com/TorusSts,"\n Heuristic match: "\\\\Ahttps://accounts\\\\.google\\\\.com/Logout,"\n Heuristic match: "\\\\Ahttps://accounts\\\\.google\\\\.com/ServiceLogin/signinchooser"\n Heuristic match: "\\\\Ahttps://login\\\\.microsoftonline\\\\.com/common/oauth2/logout,"\n Heuristic match: "\\\\Ahttps://login\\\\.microsoftonline\\\\.com/common/oauth2/v2\\\\.0/logout,"\n Heuristic match: "\\\\Ahttps://outlook\\\\.live\\\\.com/owa/logoff\\\\.owa,"\n Heuristic match: "\\\\Ahttps://www\\\\.office\\\\.com/estslogout,"\n Heuristic match: "\\\\Ahttps://www\\\\.office\\\\.com/login,"\n Pattern match: "www.gap.com"\n Pattern match: "www.gapfactory.com"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "http://www.w3.org/2000/svg"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://llink.to"\n Pattern match: "https://rabetsanatkoosha.com/SNS/site.php"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "rabetsanatkoosha.com"\n Heuristic match: "track.salesflare.com"\n Heuristic match: "{ default_config: { name: Default, options: { should_apply_reloads: false, remove_after_match: false, remove_all_query_parameters: false }, domains: [], path_regex: [] }, site_configs: [ { name"\n Pattern match: "https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/09/1/static/css/main.723f5859.css,static_js_url:https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/09/1/static/js/main.476faa97.js,static_version:50},edge_reward"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoin185.199.109.153
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Content_Type": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Pragma": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Content_Type": ["text/html; charset=\"utf-8\""], "Set_Cookie": ["cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "cpsession=%3a1TMQH6MZEuqlLsFz%2c7387de1c8dd6f13e5f0cbf314c13b1f5; HttpOnly; path=/; port=2082", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2082", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Pragma": ["no-cache"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 03:24:50CountryNoCountry Name Extractor0050NoneChinaDomain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com/ Updated Date: 2023-01-20T18:05:08.0Z Creation Date: 2022-12-18T04:19:38.0Z Registry Expiry Date: 2031-12-18T23:59:59.0Z Registrar: Name.com, Inc Registrar IANA ID: 625 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Registrant State/Province: YN Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1CNB.NAME.COM Name Server: NS2KNZ.NAME.COM Name Server: NS3CNA.NAME.COM Name Server: NS4BLX.NAME.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: jrupp@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com Updated Date: 2023-01-20T18:05:08Z Creation Date: 2022-12-18T04:19:38Z Registrar Registration Expiration Date: 2031-12-18T23:59:59Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Reseller: Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Aaron Young Registrant Organization: Registrant Street: 408 Longquan Rd. Registrant City: KM Registrant State/Province: YN Registrant Postal Code: 650000 Registrant Country: CN Registrant Phone: Non-Public Data Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant Registry Admin ID: Not Available From Registry Admin Name: Aaron Young Admin Organization: Admin Street: 408 Longquan Rd. Admin City: KM Admin State/Province: YN Admin Postal Code: 650000 Admin Country: CN Admin Phone: Non-Public Data Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin Registry Tech ID: Not Available From Registry Tech Name: Aaron Young Tech Organization: Tech Street: 408 Longquan Rd. Tech City: KM Tech State/Province: YN Tech Postal Code: 650000 Tech Country: CN Tech Phone: Non-Public Data Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech Name Server: ns2knz.name.com Name Server: ns4blx.name.com Name Server: ns3cna.name.com Name Server: ns1cnb.name.com DNSSEC: unSigned Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<< For more information on Whois status codes, please visit https://icann.org/epp The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
2023-05-12 02:46:24Malicious IP AddressYesMetaDefender0130Nonewebroot.com [104.196.30.220]104.196.30.220
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneCA-IL (Net ID: 00:00:C5:FA:44:D4)41.8781, -87.6298
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:85:9E:97:C1)41.8781, -87.6298
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneGWS (Net ID: 00:06:25:A0:D7:AA)33.336199,-111.89446440830702
2023-05-12 02:46:18Affiliate Description - AbstractNoDuckDuckGo0020NoneCloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration services. Cloudflare's headquarters are located in San Francisco, California. According to The Hill, it is used by more than 20 percent of the entire Internet for its web security services as of 2022.skip.ns.cloudflare.com
2023-05-12 02:54:44SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 21:24:59 2022 GMT Not After : Mar 18 21:24:58 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc: d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47: aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0: 0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e: 2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0: da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8: b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff: fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97: a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b: 6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03: 22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d: 9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac: 24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21: da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af: 7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7: 26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81: bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82: d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12: 18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d: 99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0: cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80: d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb: 59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72: 2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7: ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba: 53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33: 69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80: 18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23: 36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13: 84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4: 48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43: bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52: 0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1: 30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c: 5b:43:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a0:b0:46:e1:61:f3:0f:d5:bd:4b:02:c1:d6:75:b9:f8:08:3f: 64:70:3e:0a:8e:05:b2:6a:d5:2d:f4:c2:44:2e:a1:69:fc:5f: a9:1c:d9:a6:04:60:12:75:b1:76:52:fb:f1:ff:75:9e:04:19: 67:aa:4f:00:aa:4d:57:a4:a3:68:1c:aa:cb:35:1d:41:8c:dc: 11:dd:f7:90:a2:ae:7c:e8:50:6f:3b:c0:1b:42:7c:1c:15:9c: 91:57:04:35:95:16:bb:4c:ff:22:e0:0c:44:a1:11:6c:76:07: 39:1f:59:4c:5d:c4:6b:b6:12:26:1e:1d:32:67:40:25:44:dc: e3:1a:dc:31:b4:f1:92:10:ce:d6:3c:cd:02:c8:22:d7:81:50: ea:ac:04:3b:1f:4b:51:ae:33:f4:24:8b:7f:2e:d9:ff:38:ef: db:4c:3c:9b:ec:f5:3c:20:af:9a:a6:6e:49:52:0d:57:8a:fe: 12:8f:6b:6e:14:14:d7:22:a3:1b:92:9c:e8:00:cd:fb:2f:a9: 04:b2:c9:5f:ce:7b:7e:43:9a:5c:9d:bc:db:c0:27:6e:61:a2: 00:b8:76:ec:1b:e2:30:04:0a:2e:39:6e:d4:82:d8:1e:28:94: 6b:51:10:7b:2b:3f:22:2b:a5:a4:34:1d:1e:d0:b6:84:c0:7c: de:7e:13:7e battleb0t.xyz
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-th.github.io] https://www.openphish.com/feed.txt0-th.github.io
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.42): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.93): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneInternet Archive Account (Category: misc) https://archive.org/details/@loginlogin
2023-05-12 02:46:00Physical CoordinatesNoAbstractAPI0030None37.751, -97.822172.67.168.252
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None0000magda0000.github.io185.199.111.153
2023-05-12 03:12:12Co-Hosted Site - Domain WhoisNoWhois3040None Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://porkbun.com Updated Date: 2022-09-07T10:53:59Z Creation Date: 2021-09-13T01:07:39Z Registry Expiry Date: 2024-09-13T01:07:39Z Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: 5038508351 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: CURITIBA.NS.PORKBUN.COM Name Server: FORTALEZA.NS.PORKBUN.COM Name Server: MACEIO.NS.PORKBUN.COM Name Server: SALVADOR.NS.PORKBUN.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign's ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://www.porkbun.com Updated Date: 2022-01-28 17:32:18 Created Date: 2021-09-13 01:07:39 Registrar Registration Expiration Date: 2024-09-13 01:07:39 Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: +1.5038508351 Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Registrant Name: d3f c0n6 Registrant Organization: Boat Rolling Inc Registrant Street: 10 Voie de l&#39;Excelsior Registrant City: Val-de-Reuil Registrant State/Province: Normandy Registrant Postal Code: 27100 Registrant Country: FR Registrant Phone: +33:FR.268605683 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: d3fc0n6@protonmail.com Registry Admin ID: Admin Name: d3f c0n6 Admin Organization: Boat Rolling Inc Admin Street: 10 Voie de l&#39;Excelsior Admin City: Val-de-Reuil Admin State/Province: Normandy Admin Postal Code: 27100 Admin Country: FR Admin Phone: +33:FR.268605683 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: d3fc0n6@protonmail.com Registry Tech ID: Tech Name: d3f c0n6 Tech Organization: Boat Rolling Inc Tech Street: 10 Voie de l&#39;Excelsior Tech City: Val-de-Reuil Tech State/Province: Normandy Tech Postal Code: 27100 Tech Country: FR Tech Phone: +33:FR.268605683 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: d3fc0n6@protonmail.com Name Server: curitiba.ns.porkbun.com Name Server: fortaleza.ns.porkbun.com Name Server: salvador.ns.porkbun.com Name Server: maceio.ns.porkbun.com URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net >>> Last update of WHOIS database: 2022-01-28 17:32:18 <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Porkbun! rathook.cc
2023-05-12 03:16:21Physical LocationNoipapi.co0020NoneLondon, England, ENG, United Kingdom, GB2a06:98c1:3120::1
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomAE9EF4 (Net ID: 00:0C:F6:AE:9E:F4)50.8897, 6.0563
2023-05-12 03:19:24Open TCP PortNoPulsedive0030None185.199.109.154:80185.199.109.0/24
2023-05-12 02:47:42Open TCP PortNoPulsedive0030None35.229.48.116:44335.229.48.116
2023-05-12 02:52:01Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://testng.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb0_IESQMMUTEX_0_303"\n "IsoScope_bb0_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bb0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2992"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bb0_IE_EarlyTabStart_0xc28_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_bb0_ConnHashTable<2992>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb0_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb0_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"testng.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "testng.org"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"book-cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 240x240 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{5871dd0f-ed6d-11ed-8b85-0800279fc51b}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df34ee8deb327261c2.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df34ee8deb327261c2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{5871dd0f-ed6d-11ed-8b85-0800279fc51b}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa4eee6f450613449.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "CabDA7E.tmp" has type "data"- Location: [%TEMP%\\CabDA7E.tmp]- [targetUID: 00000000-00003848]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "prettify_1_.js" has type "HTML document ASCII text"- [targetUID: N/A]\n "urchin_1_.js" has type "C source ASCII text"- [targetUID: N/A]\n "shCore_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002992]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFA4EEE6F450613449.TMP" has type "data"- Location: [%TEMP%\\~DFA4EEE6F450613449.TMP]- [targetUID: 00000000-00002992]\n "~DF34EE8DEB327261C2.TMP" has type "data"- Location: [%TEMP%\\~DF34EE8DEB327261C2.TMP]- [targetUID: 00000000-00002992]\n "~DF06E476F392A812D4.TMP" has type "data"- Location: [%TEMP%\\~DF06E476F392A812D4.TMP]- [targetUID: 00000000-00002992]\n "~DF83692D717FE481FF.TMP" has type "data"- Location: [%TEMP%\\~DF83692D717FE481FF.TMP]- [targetUID: 00000000-00002992]\n "book-cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 240x240 components 3"- [targetUID: N/A]\n "doc_1_.htm" has type "Perl5 module source ASCII text with very long lines"- [targetUID: N/A]\n "shCore_1_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._5871DD0F-ED6D-11ED-8B85-0800279FC51B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_62BB807B-ED6D-11ED-8B85-0800279FC51B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_5871DD11-ED6D-11ED-8B85-0800279FC51B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "shThemeCedric_1_.css" has type "ASCII text"- [targetUID: N/A]\n "shBrushBash_1_.js" has type "ASCII text"- [targetUID: N/A]\n "beust_1_.css" has type "ASCII text"- [targetUID: N/A]\n "shBrushJava_1_.js" has type "ASCII text"- [targetUID: N/A]\n "shBrushXml_1_.js" has type "exported SGML document ASCII text"- [targetUID: N/A]\n "testng_1_.css" has type "ASCII text"- [targetUID: N/A]\n "banner_1_.js" has type "HTML document ASCII text"- [targetUID: N/A]\n "shBrushPlain_1_.js" has type "ASCII text"- [targetUID: N/A]\n "2164NNV6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2164NNV6.txt]- [targetUID: 00000000-00003848]\n "NY1L6JFD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NY1L6JFD.txt]- [targetUID: 00000000-00003848]\n "K0V0Z1ZR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K0V0Z1ZR.txt]- [targetUID: 00000000-00002992]\n "3CHE3NSB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3CHE3NSB.txt]- [targetUID: 00000000-00002992]\n "50L3A0E6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\50L3A0E6.txt]- [targetUID: 00000000-00003848]\n "MTWA1YU1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MTWA1YU1.txt]- [targetUID: 00000000-00003848]\n "0AU39AQO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0AU39AQO.txt]- [targetUID: 00000000-00002992]\n "2RGLQPTP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2RGLQPTP.txt]- [targetUID: 00000000-00003848]\n "8260X7M8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8260X7M8.txt]- [targetUID: 00000000-00002992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003848]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "GBE2J635.txt" has type "ASCII text"- Location: [%A185.199.108.153
2023-05-12 02:44:49Company NameNoCompany Name Extractor0020None(c) CentralNic LtdDomain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:44:44Software UsedYesTool - Wappalyzer0030NoneHTTP/3vscode.battleb0t.xyz
2023-05-12 03:36:14Blacklisted IP on Same SubnetYesDroneBL0040Nonedronebl.org - HTTP Proxy (45.131.109.106)45.131.109.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneHeisenberg (Net ID: 00:0C:F6:D0:27:08)50.8897, 6.0563
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:8880172.67.135.9
2023-05-12 02:55:22Raw Data from RIRsNoGoogle0010None{'webSearchUrl': u'https://www.google.com/search?q=site:ayhu.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://ayhu.xyz/', 'https://ayhu.xyz/lol.html']}ayhu.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonepfa (Net ID: 00:02:6F:C4:70:30)33.6170672,-111.90564645297056
2023-05-12 03:09:51Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.93
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonePACSStemp (Net ID: 00:0F:66:D6:82:2B)32.8608, -79.9746
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMistrzowie (Category: images) https://mistrzowie.org/user/loginlogin
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneInkBunny (Category: XXXPORNXXX) https://inkbunny.net/loginlogin
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-range.github.io] https://www.openphish.com/feed.txt0-range.github.io
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01010101coder.github.io] https://www.openphish.com/feed.txt01010101coder.github.io
2023-05-12 03:23:44Open TCP PortNoPulsedive0030None188.114.96.17:443188.114.96.0/24
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:80104.21.71.14
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneXTN-25BD34 (Net ID: 70:F8:E7:25:BD:34)37.751, -97.822
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneGuest (Net ID: 00:01:21:30:AF:A1)41.8781, -87.6298
2023-05-12 03:23:21Open TCP PortNoPulsedive0030None188.114.96.6:443188.114.96.0/24
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneSpaceStation (Net ID: 00:02:2D:01:CF:F8)37.7813933,-122.3918002
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx Guest (Net ID: 00:01:21:26:42:60)41.8781, -87.6298
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNet8682 (Net ID: 00:01:36:5B:86:80)37.780462,-122.390564
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 17:04:53 2023 GMT Not After : Jun 25 17:04:52 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24: 59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb: 24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c: 2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52: 95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06: 2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20: e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa: a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6: 91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20: 37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a: 50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e: 0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe: a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56: 10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77: c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4: 5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a: 4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50: 36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c: 84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e: 0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a: 98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06: 5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45: 85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81: f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b: 6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c: 69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea: b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59: 65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a: 5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50: 4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2: bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad: d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d: d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34: 1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c: 5d:09:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 27 18:04:53.353 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:C2:49:4E:83:B3:46:DC:0B:F2:4C:E0: 2C:BD:3A:21:A9:D3:87:F4:AC:B5:4F:45:81:1D:09:75: FB:9B:D3:9E:A5:02:20:54:1A:EC:0B:6C:62:AB:8A:0B: 14:2D:42:2F:00:E8:AD:FF:98:7D:A9:48:C3:5C:9D:C9: A1:63:83:E1:17:D2:4C Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 27 18:04:53.360 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:8C:E5:2C:49:4A:30:97:4C:B4:E6:F3: 86:6A:09:B6:EF:84:21:66:BD:9C:17:9A:88:7C:B9:2A: 4D:1D:CC:99:A2:02:20:13:E4:A1:38:F5:80:6B:55:F9: DB:4D:54:23:A0:D3:2F:61:E4:B8:03:26:A2:87:C1:4D: B4:9F:8A:D7:F3:2F:04 Signature Algorithm: sha256WithRSAEncryption 3d:8b:b7:2f:1c:19:9b:ce:8a:9f:49:6d:8e:1c:b1:06:ce:80: 4b:f8:df:50:39:97:3e:fb:8f:2c:ca:50:c1:5c:f8:46:84:02: f2:57:a0:5c:d2:47:ea:75:b7:5b:8e:d7:bb:b6:ac:23:17:33: df:77:0a:d0:66:44:16:5a:cd:a4:73:04:82:9c:6e:c5:c2:96: 07:18:e4:ea:f3:48:89:72:cc:2c:e6:89:4a:c1:18:8b:b6:a9: 9e:48:30:26:9c:5a:b4:6d:2c:74:dd:50:cc:be:12:4c:8d:38: 29:5e:de:cf:04:54:ae:14:ed:ec:f9:b8:a0:90:94:ff:e1:0c: 9e:34:2b:1c:68:fd:56:79:13:27:78:22:6f:18:f3:9e:26:b0: 3c:46:ba:7f:dd:d6:fc:c7:27:bd:b5:77:38:03:ba:7b:08:e5: f1:08:df:bb:f5:ea:f4:e1:c8:be:e6:b7:32:bc:2d:9d:1a:68: d8:d8:3b:7d:a5:0b:bf:d3:08:d9:73:26:67:23:22:51:a7:9a: 35:1e:3d:5b:8d:37:8d:5a:13:a6:11:a6:6e:3f:57:92:c4:df: b9:a6:2d:3e:a3:ac:33:74:bf:a3:4d:bc:55:ad:8d:cf:76:66: f9:f9:8f:df:06:4b:e6:21:7f:06:3d:9b:6e:9c:3f:93:fd:2b: 41:f7:2c:66 battleb0t.xyz
2023-05-12 02:56:55Internet Name - UnresolvedNoDNS Resolver0020Nonefiles.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 19:07:11 2023 GMT Not After : Apr 2 19:07:10 2023 GMT Subject: CN=files.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64: a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73: 63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50: e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72: aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77: e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11: 32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7: 52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7: 67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df: 54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae: 0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50: ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52: 06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8: 47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d: cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a: c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59: da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43: 38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40: b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4: 82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71: 31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33: 62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9: 68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0: ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21: 2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f: e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f: 58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3: bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f: 4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33: 84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f: 42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce: 0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c: ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df: 19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4: 12:1c:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:files.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 2 20:07:12.002 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:A6:85:F1:8A:49:83:21:33:60:55:2D: 99:FB:CF:EE:44:65:69:64:79:C2:61:04:D1:E4:30:AC: C7:73:4A:13:C5:02:21:00:AC:83:C1:FC:AB:D2:CB:09: E8:3B:57:0B:C4:10:3C:51:28:96:2A:AD:6A:76:88:D3: 6A:BA:99:2E:34:BF:39:86 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77: 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13 Timestamp : Jan 2 20:07:12.157 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:06:67:C4:B5:35:BC:02:1A:34:AD:6C:A4: C6:E0:88:8E:0A:15:4F:7B:AF:4C:84:1D:15:95:9C:34: C6:69:14:75:02:21:00:D6:5B:0E:91:76:65:0A:B8:EF: EA:C9:50:39:9F:B1:18:05:1A:64:EC:3B:EF:73:22:11: ED:D2:3B:B2:A5:63:2B Signature Algorithm: sha256WithRSAEncryption 94:68:ec:5c:d2:7e:2d:82:58:3e:f0:cb:47:6a:10:74:ed:14: 31:55:d2:fc:07:ea:e6:b9:2b:a6:5d:fb:b0:be:2a:39:98:6e: 1b:fd:2d:97:20:dd:74:9f:d7:b0:2d:0e:14:3a:21:fd:55:19: 4d:bc:eb:97:a9:5a:64:1e:5e:ab:09:fd:8c:47:43:b4:97:96: 97:49:ac:a8:a8:ae:80:dc:40:88:24:da:62:81:70:26:c1:be: e3:8b:70:a0:e6:b0:9f:c5:a7:45:00:28:1e:05:50:30:08:27: e0:d5:e0:62:45:15:16:96:8c:13:de:49:ea:61:78:cb:7e:a1: d5:93:da:97:f7:07:f3:be:42:4f:13:74:e1:ff:46:94:80:da: f1:1d:04:f6:72:d0:2d:92:05:be:d4:04:69:d5:82:84:f9:5a: ef:98:c5:5d:b0:27:36:45:cf:eb:71:54:9a:0d:6f:3c:49:23: b6:9b:be:8a:ca:3c:4b:e8:78:6a:03:13:65:55:9c:8c:1b:f0: fe:30:16:e0:6f:32:f7:3f:aa:f2:94:1e:87:e0:1f:d5:4c:32: ca:75:84:5e:e4:d3:9f:f9:2a:a5:85:29:a3:9b:57:5a:6b:b7: d0:02:0c:a9:a2:a4:01:0e:75:01:9b:03:39:3e:0b:d4:cf:11: 0e:ca:93:36
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited Statescloudflare.net
2023-05-12 02:59:57Affiliate - Email AddressNoE-Mail Address Extractor0030Nonemery.robinson@ftb.ca.gov[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=a85668108cb3&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3704:120:WilError_01"\n "SM0:3704:304:WilStaging_02"\n "Local\\SM0:3704:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3704:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.122:443"\n "142.251.2.157:443"\n "151.101.0.176:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "142.251.46.164:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.14325218193887401859"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.5569041425166893211"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\shopping.js]- [targetUID: 00000000-00002332]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir2332_1139505351\\Ruleset Data]- [targetUID: 00000000-00002332]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00002332]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00002332]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2332_751382652\\Filtering Rules]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2332_1705320843\\edge_driver.js]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\edge_driver.js]- [targetUID: 00000000-00002332]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2332_1705320843\\vendor.bundle.js]- [targetUID: 00
2023-05-12 03:03:38Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00x44.github.io
2023-05-12 02:44:38Software UsedYesTool - Wappalyzer0020NoneGoogle Analyticsnuke.battleb0t.xyz
2023-05-12 02:53:52HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["43CE:4ADD:8C38CD:9E6CB7:645D800F"], "Etag": ["W/\"64556a8c-239b\""], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-gig2250056-GIG"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683849232.554003,VS0,VE234"], "Connection": ["keep-alive"], "Via": ["1.1 varnish"], "X_Fastly_Request_Id": ["c52142f897e3b3bde7efbc782ee478e7cae3ad86"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}2606:50c0:8003::153
2023-05-12 03:09:44Affiliate - Internet NameNoDNS Resolver0040None126.97.148.34.bc.googleusercontent.com34.148.97.126
2023-05-12 02:53:03Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://pics.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]pics.battleb0t.xyz
2023-05-12 02:55:46Linked URL - InternalNoHybrid Analysis0030Nonehttp://kekw.battleb0t.xyz/jar64.226.81.43
2023-05-12 02:59:56Affiliate - Email AddressNoE-Mail Address Extractor0030Nonekorea@netflix.com[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kangbinkwon.github.io/kangbinkwon-Netflix_clonecoding/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_6d4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"\n "IsoScope_6d4_IE_EarlyTabStart_0xdf8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6d4_ConnHashTable<1748>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6d4_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"\n "69.16.175.10:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "code.jquery.com"\n "kangbinkwon.github.io"\n "pro.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a class="authLinks lang" href="https://www.netflix.com/kr/login"></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<form class="cta-form" action="https://www.netflix.com/signup/registration?locale=ko-KR">" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<span class="lang"> . PC netflix.com ," (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/node/412" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/login?nextpage=https%3A%2F%2Fwww.netflix.com%2Fyouraccount"" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://media.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://jobs.netflix.com/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://devices.netflix.com/ko/" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/termsofuse" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/privacy" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/corpinfo" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/contactus" class="footer-link"><span class="lang"></span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/notices" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/browse/genre/839338" class="footer-link"><span class="lang">Netflix" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<div class="copy-text-block lang"> : korea@netflix.com</div>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced" and extension "png"\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "card-02-tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001748]\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "kangbinkwon-Netflix_clonecoding_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001748]\n "nficon2016_1_.ico" has type "MS Windows icon resource - 1 icon 64x64 32 bits/pixel"- [targetUID: N/A]\n "~DFF6F278D010A12D33.TMP" has type "data"- Location: [%TEMP%\\~DFF6F278D010A12D33.TMP]- [targetUID: 00000000-00001748]\n "~DF048C015CE4B792F4.TMP" has type "data"- Location: [%TEMP%\\~DF048C015CE4B792F4.TMP]- [targetUID: 00000000-00001748]\n "~DF0EACE11BF
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:24:F1:84:FA)37.7642, -122.3993
2023-05-12 03:33:59Raw File Meta DataNoBinary String Extractor0040NoneIDATx _Z19l ?_ILPJ C $/@ 0\Mjf! /VppGp ChPwap fzcoAC P6s>W 4q:P? _6Wp@ T'V51 >Lv t0 qDXT<?95 @pjrR _ij>g rd-2mp :!xn2@ V4vbR isgWO fROLL 3coz: m"cccM 4Xnju KWnk. 4 x"i W3KJe: 886jm "yuV @B UcsPm C8unz TjZ\\ 7I018 h>4vW iEBYs `jclr B2sj$ \evww-R ' :PGJ h-G>d Nuvra <z6mj3 zK/g_ DL$p' ` 24` lBoyyy ni6N_ j >fw CKMzvy LjsoM /kuuQ? qdjrg7 wwwtx issIG _Mf !z ?wKQ/ R RP" H`4<j /qdP9$ ZN\D@ nsn6L LMihx mIhtb\ <A>Qm 6<7.Hm V3.j$` WC@@\ t:10fW lfLFY >t<F:Si ctr4z 1w5\A Wcll2- SvSif l4es`t$' 6yxj: c\s.O @'-mG .9397 4enn6wj "`Jpi': gcqu3 xjq9f 7`N.8 2HuNNJn kWcU OEj'`r 5<k@Q: _-3"X B'PtqJ l$eUY Sqf_8M v:1?2 emm--A@h"Ew \K0vw f3U4eH IDATX Y>W'P W \@46 nZ3JKhttps://funny.battleb0t.xyz/images/ein_1.png
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneATTFiQVKTA (Net ID: E8:33:81:CE:14:60)37.751, -97.822
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneMoneysavingexpert (Category: finance) https://forums.moneysavingexpert.com/profile/ayhuayhu
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:32:17Open TCP PortNoPulsedive0030None188.114.97.9:8443188.114.97.0/24
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Nonerathook.cc185.199.108.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: strict-origin-when-cross-origin{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"}
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:207887.248.157.102
2023-05-12 02:45:47Physical LocationNoAbstractAPI0020NoneChantilly, Virginia, 20151, United States, North America2606:50c0:8001::153
2023-05-12 03:03:26Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00088.github.io
2023-05-12 03:11:13Vulnerability - CVE MediumYesTool - testssl.sh0230NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.vscode.battleb0t.xyz
2023-05-12 02:54:57Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c443d4879e76326-ORD Content-Encoding: gzip 2a06:98c1:3120::1
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"}
2023-05-12 03:38:37Blacklisted Affiliate IP AddressYesUCEPROTECT0040NoneUCEPROTECT - Level 2 (some false positives) (207.154.228.160)207.154.228.160
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.67): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Noneeliaspinheironeto.github.io185.199.109.153
2023-05-12 03:24:50CountryNoCountry Name Extractor0050NoneFrance Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://porkbun.com Updated Date: 2022-09-07T10:53:59Z Creation Date: 2021-09-13T01:07:39Z Registry Expiry Date: 2024-09-13T01:07:39Z Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: 5038508351 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: CURITIBA.NS.PORKBUN.COM Name Server: FORTALEZA.NS.PORKBUN.COM Name Server: MACEIO.NS.PORKBUN.COM Name Server: SALVADOR.NS.PORKBUN.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign's ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://www.porkbun.com Updated Date: 2022-01-28 17:32:18 Created Date: 2021-09-13 01:07:39 Registrar Registration Expiration Date: 2024-09-13 01:07:39 Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: +1.5038508351 Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Registrant Name: d3f c0n6 Registrant Organization: Boat Rolling Inc Registrant Street: 10 Voie de l&#39;Excelsior Registrant City: Val-de-Reuil Registrant State/Province: Normandy Registrant Postal Code: 27100 Registrant Country: FR Registrant Phone: +33:FR.268605683 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: d3fc0n6@protonmail.com Registry Admin ID: Admin Name: d3f c0n6 Admin Organization: Boat Rolling Inc Admin Street: 10 Voie de l&#39;Excelsior Admin City: Val-de-Reuil Admin State/Province: Normandy Admin Postal Code: 27100 Admin Country: FR Admin Phone: +33:FR.268605683 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: d3fc0n6@protonmail.com Registry Tech ID: Tech Name: d3f c0n6 Tech Organization: Boat Rolling Inc Tech Street: 10 Voie de l&#39;Excelsior Tech City: Val-de-Reuil Tech State/Province: Normandy Tech Postal Code: 27100 Tech Country: FR Tech Phone: +33:FR.268605683 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: d3fc0n6@protonmail.com Name Server: curitiba.ns.porkbun.com Name Server: fortaleza.ns.porkbun.com Name Server: salvador.ns.porkbun.com Name Server: maceio.ns.porkbun.com URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net >>> Last update of WHOIS database: 2022-01-28 17:32:18 <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Porkbun!
2023-05-12 02:55:21Open TCP PortNoCensys0030None207.154.228.169:22207.154.228.169
2023-05-12 03:33:49Raw File Meta DataNoBinary String Extractor0040NoneMiCCPICC Profile U$JLQ clc$1 pHYs iTXtXML:com.adobe.xmp <exif:PixelYDimension>1024</exif:PixelYDimension> <exif:PixelXDimension>1024</exif:PixelXDimension> <tiff:Orientation>1</tiff:Orientation> </rdf:Description> </rdf:RDF> </x:xmpmeta> IDATx :-$oT'/ ykl_\ $GsPUa O3N>RB J"RKn :Y:Dlm2 wLHH2 4<V0q Tbi/O Iy5: @ z0 rSOJ Q8m0Sc BFSvMl :/t@S te's8 'r_$E: t<c:` SxUAn GB:`_3 .?'X$ 0<Zqjyc fTF7g tF`"d uC1o\ uOV`B W9o0/ vXv5q EKjPW \BypB MeTZAtj FdAdi ZVM$\ RK59C WrF.w qadakhZ aWl>E B.G E /2S/yT ?N2If _ZkowDdu ihLaY <q36o \mHTs $Sa!TuVQ `xSkY !FfcGgy Twj c l9nPO O_R@N bW.F`y 9v-lh IDATE SeR'c JS Ik 2.S\D 3@9@h oe1`sf?z 9ud>I mE:Gf7 Tdb0P -uy:Y@BE 3zRHFofBQ g'YtL Lx j8m/J 'A_>dW CJ1eI wIQ!9t d0d'L VLYrd ::vC1 N/38Am 'k!mL zymOhf T'y0l d3o3A1 -IUSN ?rF_3 rvf5EZ Am``"1 fBmM> >f q9c cQ"n!cYQy XBMUx mtc-2 p4va`W Gj6Xz oxCs6 ZSB64https://fluid.battleb0t.xyz/logo.png
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000b000.github.io] https://www.openphish.com/feed.txt000b000.github.io
2023-05-12 02:46:50SSL Certificate - Raw DataNoSSL Certificate Analyzer0030NoneCertificate: Data: Version: 3 (0x2) Serial Number: 02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 Validity Not Before: Dec 21 00:00:00 2022 GMT Not After : Jan 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae: cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d: b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88: 23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86: 5a:94:02:42:28 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A X509v3 Subject Key Identifier: 3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F X509v3 Subject Alternative Name: DNS:*.netlify.app, DNS:netlify.app X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Dec 21 09:03:52.902 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB: C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17: 00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58: FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86: 6C:21:15:5D:B2:9C:A1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Dec 21 09:03:52.857 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B: 44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD: 03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D: D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8: 5D:FA:B6:44:79:49:3C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B: 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17 Timestamp : Dec 21 09:03:52.852 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D: 58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23: F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9: 3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8: 4E:E8:E8:BE:9A:FD:22 Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea: 95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e: 80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02: 31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03: ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6: 8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49 34.74.170.74
2023-05-12 02:44:31IPv6 AddressNoDNS Resolver0030None2606:4700:3030::ac43:a8fcvscode.battleb0t.xyz
2023-05-12 02:55:27BGP AS MembershipNoURLScan.io0010None14061battleb0t.xyz
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None000407.github.io185.199.111.153
2023-05-12 03:11:27Raw Data from RIRsNoAbstractAPI0030None{u'format': {u'international': u'+14806242598', u'local': u'(480) 624-2598'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14806242598', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'}+14806242598
2023-05-12 03:00:54Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.84): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:09:04Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10987.248.157.102
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.213): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneParadiso Films - NL (Net ID: 00:01:21:31:1A:19)52.3759, 4.8975
2023-05-12 03:04:14Malicious AffiliateYesabuse.ch0130Noneabuse.ch URLhaus (Domain) [cdn-185-199-110-153.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-110-153.github.com
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NonePARPUDAR (Net ID: 00:02:CF:AD:76:95)40.2024, 29.0398
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.146): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NonePronouns.Page (Category: social) https://pronouns.page/api/profile/get/Altpapier?version=2Altpapier
2023-05-12 02:46:42Physical LocationNoFraudguard0030NoneUnited States, South Carolina, North Charleston34.74.170.74
2023-05-12 02:44:21Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.108.153
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneZiggo04216 (Net ID: 00:0C:F6:5A:10:78)50.8897, 6.0563
2023-05-12 03:16:19Raw Data from RIRsNoipapi.co0020None{u'region_code': u'ENG', u'country_tld': u'.uk', u'ip': u'2a06:98c1:3121::1', u'currency_name': u'Pound', u'currency': u'GBP', u'country_population': 66488991, u'country_code': u'GB', u'timezone': u'Europe/London', u'city': u'London', u'network': u'2a06:98c1::/32', u'languages': u'en-GB,cy-GB,gd', u'version': u'IPv6', u'latitude': 51.5095, u'in_eu': False, u'utc_offset': u'+0100', u'continent_code': u'EU', u'country_name': u'United Kingdom', u'country_capital': u'London', u'org': u'CLOUDFLARENET', u'postal': u'EC4N', u'asn': u'AS13335', u'country': u'GB', u'region': u'England', u'longitude': -0.0955, u'country_calling_code': u'+44', u'country_area': 244820.0, u'country_code_iso3': u'GBR'}2a06:98c1:3121::1
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.97): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneXFINITY (Net ID: 00:0D:67:8C:21:B1)39.0469, -77.4903
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonekrillnet (Net ID: 00:01:8E:15:D4:A6)37.780462,-122.390564
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys-g (Net ID: 00:06:25:C0:3E:05)33.336199,-111.89446440830702
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.193): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0030Nonehttps://funny.battleb0t.xyz/images/master058_2.PNGhttps://funny.battleb0t.xyz/
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneMyBuilder.com (Category: social) https://www.mybuilder.com/profile/view/ayshooayshoo
2023-05-12 02:45:51Malicious IP AddressYesMetaDefender0120Nonewebroot.com [104.21.6.166]104.21.6.166
2023-05-12 03:00:30Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-512-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:37:F0:E0)39.0469, -77.4903
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080NoneYouTube User2 (Category: video) https://www.youtube.com/@baptistevautheybaptistevauthey
2023-05-12 02:54:16HTTP Status CodeNoWeb Spider0020None200oldfluid.battleb0t.xyz
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2052104.21.71.14
2023-05-12 02:54:18HTTP Status CodeNoWeb Spider0040None200https://pics.battleb0t.xyz/gallery.css
2023-05-12 02:44:18Software UsedYesTool - Wappalyzer0020NoneVarnishwww.battleb0t.xyz
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.197): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:EF:F5:78)41.8781, -87.6298
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.190): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:50Open TCP PortNoSSL Certificate Analyzer0030None34.148.97.127:44334.148.97.127
2023-05-12 02:53:48Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://urldefense.com/v3/__https:/luckycarrotapp.com/organization-b2__;!!FBg0PJ8GdnjP4Q!8c3hK7I-XFYCk7Nsu_a_9ZxOtOzs4BD4Qzz4xaaEEmIdhXPGsEafhFGfqwLPGWafWHCBltJqzsIwT7XW_a2-1-v3BYjmMONK6mxg0p8$', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f94_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f94_IESQMMUTEX_0_519"\n "IsoScope_f94_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3988"\n "IsoScope_f94_IESQMMUTEX_0_331"\n "IsoScope_f94_IE_EarlyTabStart_0xe00_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f94_ConnHashTable<3988>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.80.202.17:443"\n "172.66.43.26:443"\n "20.38.109.4:443"\n "104.16.187.65:443"\n "104.18.230.83:443"\n "185.199.109.153:443"\n "104.18.136.59:443"\n "157.240.22.25:443"\n "104.16.121.190:443"\n "77.88.21.119:443"\n "104.18.25.196:443"\n "104.17.99.172:443"\n "104.16.136.206:443"\n "74.125.137.156:443"\n "104.19.154.83:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.producthunt.com"\n "assets.calendly.com"\n "buttons.github.io"\n "connect.facebook.net"\n "js.hs-analytics.net"\n "js.hs-banner.com"\n "js.hs-scripts.com"\n "js.hsadspixel.net"\n "js.hsforms.net"\n "js.usemessages.com"\n "luckycarrot.blob.core.windows.net"\n "mc.yandex.com"\n "mc.yandex.ru"\n "stats.g.doubleclick.net"\n "track.hubspot.com"\n "urldefense.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta property="twitter:image" content="https://luckycarrotapp.com/images/carrot-logo1111.png">" (Indicator: "twitter")\n "<meta property="twitter:title" content="Peer to peer recognition" />" (Indicator: "twitter")\n "<meta property="twitter:description" content="The best way to recognize and reward employees for their hard work. Boost employee engagement and motivation with Lucky Carrot." />" (Indicator: "twitter")\n "<img height="1" width="1" src="https://www.facebook.com/tr?id=2186666338068573&ev=PageView&noscript=1" alt="facebook" />" (Indicator: "facebook.com")\n "<button class="button btn-fill-orange watch-video-btn video-modal" title="Watch a Video" data-video="https://www.youtube.com/embed/d4_e3pCgUW8?autoplay=1">" (Indicator: "youtube")\n "<a href="https://www.facebook.com/EmployeeEngagementPlatform/" target="_blank">" (Indicator: "facebook.com")\n "<a href="https://am.linkedin.com/company/luckycarrot" target="_blank">" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ" target="_blank">" (Indicator: "youtube")\n "<img src="/images/newLandingPage/icons/social-icons/youtube-icon.svg" />" (Indicator: "youtube")\n "<a href="https://mobile.twitter.com/carrot_lucky" target="_blank">" (Indicator: "twitter")\n "<img src="/images/newLandingPage/icons/social-icons/twitter-icon.svg" />" (Indicator: "twitter")\n ""https://www.facebook.com/rewardsmadefunagain/"," (Indicator: "facebook.com")\n ""https://twitter.com/carrot_lucky"," (Indicator: "twitter")\n ""https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ"," (Indicator: "youtube")\n ""https://www.linkedin.com/company/13047360"" (Indicator: "linkedin.com")\n "<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1512212&fmt=gif" />" (Indicator: "linkedin.com")\n "{state:0,transportUrl:b,context:c,parent:Wk()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1,context:c,parent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Yr={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Zr={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Lg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "b,"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0),nv("sdl","pending",!0),I(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),yy=["www.youtube.com","www.youtube-nocookie.com"],zy,Ay=!1;" (Indicator: "youtube")\n "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d,Eg:e,Fg:f,lh:g,mh:h,Wd:m,ib:b},p=z.YT,q=function(){Gy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"golden-kitty-badge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "lucky%20carrot%20logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "bring-visibility_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-teams-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "message-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "build-a-recognition-culture_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "promote-core-values_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mail_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-slack-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "instagram-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-jira-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "rewards-as-experiences_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-zoom-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "video-play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Icon-feather-check-orange_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39'185.199.109.153
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050Noneimgur (Category: images) https://imgur.com/user/Altpapier/aboutAltpapier
2023-05-12 02:44:27Internet NameNoDNS Resolver0020Nonenwapi2.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: May 4 19:22:49 2023 GMT Not After : Aug 2 19:22:48 2023 GMT Subject: CN=nwapi2.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0: a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3: 66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53: 8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52: d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0: 68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55: f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77: 4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b: b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d: b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6: 78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e: de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49: aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7: d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8: 97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04: ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff: 7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93: 18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f: 07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34: 4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16: 68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57: bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d: 47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9: 14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c: 29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47: 5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd: 5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b: 78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa: 0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf: 9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5: e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83: d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff: a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f: e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0: 69:a0:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi2.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : May 4 20:22:49.987 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:49:5B:22:9A:37:74:EC:B5:6B:BF:74:25: 03:BF:46:DC:18:51:D6:44:11:7B:BF:B6:5B:50:DD:1C: 8F:80:EF:3B:02:20:47:2A:69:10:84:9E:DC:B5:E3:E3: 85:D7:64:E9:81:E6:34:A8:3A:EE:7B:C1:B6:5E:40:1F: 80:29:DA:11:05:13 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : May 4 20:22:50.005 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:35:7C:BF:0E:AA:9D:74:86:07:D7:D4:AB: F5:E1:40:37:B8:BB:7E:DB:39:8A:BE:E2:5C:03:30:30: 87:33:6B:95:02:20:09:90:FF:C6:9A:73:8C:96:C5:27: 7D:6B:43:B6:38:71:2C:A6:63:43:70:C3:FA:5D:5B:71: 98:69:EE:13:00:4E Signature Algorithm: sha256WithRSAEncryption 85:ff:2d:f7:ea:a0:91:b7:ce:aa:d9:bb:80:7c:e2:3c:82:5e: aa:e4:8e:68:39:36:38:9c:77:b6:ea:24:b5:71:a4:68:73:d2: cb:e4:b6:6e:87:92:cd:60:f0:4b:fa:16:3c:67:67:24:50:45: a7:67:96:84:cc:d3:58:c6:5e:dc:44:85:ed:d6:81:ec:7f:49: 41:4d:c5:ca:ca:aa:32:ad:d7:11:f7:39:7b:b0:7b:77:74:44: f7:cb:92:93:e4:45:e9:c1:4b:22:0e:6a:87:26:da:2f:86:c9: 2f:7d:8a:b8:0e:fa:c8:7d:05:d7:2e:5e:0f:61:c0:b7:f9:d9: 51:31:63:4f:68:5d:de:cc:22:12:04:48:9b:ee:41:d8:a5:b1: 3c:80:9c:7b:d1:ae:a7:5b:ac:bf:bc:03:e4:36:bf:0d:18:f2: 3c:c8:4d:81:d8:71:4f:93:f8:89:4f:b8:cc:c6:d5:23:b9:6b: 01:1a:ea:aa:63:1c:40:bd:2f:59:0a:34:b7:be:8a:f1:7e:27: 85:d0:0e:96:7f:f0:0b:eb:18:35:77:95:6b:27:bf:9c:18:72: 58:89:63:0e:ed:84:1b:cb:e1:47:d4:7e:b0:01:ca:b1:c2:f0: 7c:b9:e4:20:fc:db:bd:c2:a6:6c:47:1a:fc:14:e6:86:84:df: 57:0b:c2:0b
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None01010101lzy.github.io185.199.111.153
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.123): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:36:51Physical LocationNoMetaDefender0020NoneMedellin, Colombia188.114.97.1
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None6566 1651 (Net ID: 00:00:C5:D7:63:6C)34.0544, -118.244
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneWaveLAN Network VHome2B (Net ID: 00:02:2D:03:03:11)37.7813933,-122.3918002
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneMDD (Net ID: 00:02:2D:21:9D:34)37.7642, -122.3993
2023-05-12 03:11:21Physical CoordinatesNoAbstractAPI0030None50.1188, 8.684346.101.229.70
2023-05-12 02:44:22Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:05:11 2023 GMT Not After : May 25 03:05:10 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9: ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69: 7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2: 36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91: 79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82: ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50: 74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b: 60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89: 0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee: c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e: 24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b: 96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4: 80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45: 12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93: 2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb: f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1: ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68: ca:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 24 04:05:12.050 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:25:A0:69:FB:7F:3E:63:7D:A0:82:F0:BD: 99:FA:FF:84:20:AF:C5:86:81:24:4B:F7:CB:AB:FB:5E: BD:6B:87:56:02:21:00:8A:56:44:28:2B:0B:E5:D6:3A: F4:15:7E:0A:3C:BA:80:47:38:D3:13:65:D6:8E:A8:E5: 01:04:D3:ED:D7:28:24 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 24 04:05:12.068 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:48:50:77:27:A7:8D:E9:4E:44:5B:E4:B4: 56:50:FB:20:FC:C8:FD:0F:4B:DC:68:08:A4:56:A5:4B: F5:A5:47:B3:02:20:41:B4:A0:0F:22:1C:69:E8:F3:FB: 60:B2:81:61:62:E0:DD:28:37:13:7E:74:2B:26:74:E1: FD:E5:4D:29:61:E7 Signature Algorithm: sha256WithRSAEncryption 61:b4:ef:73:fc:3c:d6:36:f5:75:80:0c:33:8b:9a:05:0b:c4: ef:72:1d:69:74:95:fd:0a:84:bd:b8:b9:3c:12:87:d3:eb:2d: b5:d2:63:2a:29:60:59:c4:11:1c:0f:c3:fb:79:2f:8a:43:57: 38:62:d8:2e:68:34:bb:6c:0e:7a:e3:f8:3d:f5:c1:05:a5:6d: 93:b9:b3:48:22:8e:a3:39:66:e6:a5:9e:dc:e2:98:35:7e:b3: e1:c7:b2:16:b7:b0:2e:70:50:4e:ea:93:d0:f8:5c:69:6c:1b: d2:3e:ee:da:64:1f:ad:97:c8:be:17:38:a6:ed:92:9e:3b:db: 67:c8:b0:5f:e6:af:fd:f7:57:92:7b:87:3d:bf:c4:c1:21:13: ba:c4:d8:85:a3:63:dc:90:ee:df:3d:2a:bc:03:4e:ba:1b:8c: 0c:16:7e:58:e3:ac:7f:dc:3b:40:18:1f:74:98:d5:c4:fa:32: 99:95:a0:64:1e:5b:4d:a8:f5:79:33:2e:3f:43:dc:8d:0e:7d: 28:25:74:7a:93:27:53:2e:6b:ae:4d:81:c1:3c:e0:cd:42:02: 6d:fc:da:f3:52:57:d5:b1:70:8e:1a:91:15:c8:1b:93:cd:40: b8:ff:29:e7:c6:05:ad:63:8c:c8:ec:d7:e9:88:33:a3:5d:43: a1:d5:b9:20
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneAUMWLAN (Net ID: 00:02:2D:1F:4C:85)50.1188, 8.6843
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None3126416304 (Net ID: 00:01:03:7B:F5:4B)41.8781, -87.6298
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneCracked (Category: social) https://www.cracked.com/members/loginlogin
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:208287.248.157.102
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.253): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:58:32Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://planningpokeronline.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xd2c_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab475D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab46BF.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "6AFCP6RJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6AFCP6RJ.txt]- [targetUID: 00000000-00000484]\n Dropped file: "KYOQ4GIQ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KYOQ4GIQ.txt]- [targetUID: 00000000-00003456]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsplanningpokeronline.com" has type "HTML document UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "~DF57DB14006E50F0E5.TMP" has type "data"- Location: [%TEMP%\\~DF57DB14006E50F0E5.TMP]- [targetUID: 00000000-00000484]\n "Cab475D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab475D.tmp]- [targetUID: 00000000-00003456]\n "RecoveryStore._DE97F9DD-7012-11ED-8A21-080027C90619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003456]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFC805A7001878EE75.TMP" has type "data"- Location: [%TEMP%\\~DFC805A7001878EE75.TMP]- [targetUID: 00000000-00000484]\n "~DF74F4EB885327EEE5.TMP" has type "data"- Location: [%TEMP%\\~DF74F4EB885327EEE5.TMP]- [targetUID: 00000000-00000484]\n "6AFCP6RJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6AFCP6RJ.txt]- [targetUID: 00000000-00000484]\n "_DE97F9DF-7012-11ED-8A21-080027C90619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "Tar475E.tmp" has type "data"- Location: [%TEMP%\\Tar475E.tmp]- [targetUID: 00000000-00003456]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "Cab46BF.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab46BF.tmp]- [targetUID: 00000000-00003456]\n "~DFA5F0ABB14A6E6D02.TMP" has type "data"- Location: [%TEMP%\\~DFA5F0ABB14A6E6D02.TMP]- [targetUID: 00000000-00000484]\n "_E9B6B1A0-7012-11ED-8A21-080027C90619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003456]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://planningpokeronline.com/"\n Pattern match: "https://planningpokeronline.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63865b7cd5844423476081fd', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'ee2b3005a67dc45a60a0bc2947c2bfd8584632d9366ff2363f99250eefc18ee6', u'sha512': u'30cd14ddec6b724ae48ed2a119893fc317f3712fbf68421011c0f821b530e5f010a45a9278791619284396b908268be95648fb2255dd7077f478e9c1512bb886', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://planningpokeronline.com/', u'submission_id': u'63865b7cd5844423476081fe', u'created_at': u'2022-11-29T19:20:28+00:00', u'filename': None}], u'analysis_start_time': u'2022-11-29T19:20:28+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'28f8b4c39853b6bc34686712011e8493', u'network_mode': u'default', u'processes': [], u'sha1': u'f1fdac605e322d6ca2a758956f47506607dad35c', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]34.74.170.74
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000000014286.github.io] https://www.openphish.com/feed.txt000000014286.github.io
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonevillagio (Net ID: 00:01:24:F0:87:66)33.617190550339146,-111.90827887019054
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0020NoneCloudflare Inc: https://www.cloudflare.com/188.114.97.1
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5c5df87c1e1957-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.135.9
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:C6:10:31)39.0469, -77.4903
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneZiggo07501 (Net ID: 00:0C:F6:5C:1D:4D)50.8897, 6.0563
2023-05-12 03:03:29Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io003marek.github.io
2023-05-12 02:44:05SSL Certificate ExpiringYesCertSpotter0010None2023-05-25 03:02:52battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneNaver (Category: social) https://blog.naver.com/loginlogin
2023-05-12 02:46:02Physical LocationNoAbstractAPI0030NoneNorth Charleston, South Carolina, 29415, United States, North America35.229.48.116
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/random_2.jpeghttps://pics.battleb0t.xyz/
2023-05-12 03:36:07Open UDP Port InformationNoTool - nbtscan0040NoneNetBIOS Name Table for Host 45.131.109.53: Incomplete packet, 155 bytes long. Name Service Type ---------------------------------------- 70724-04381 <20> UNIQUE 70724-04381 <00> UNIQUE WORKGROUP <00> GROUP Adapter address: c4:37:72:0f:5e:ba 45.131.109.53:137
2023-05-12 02:46:48Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://github.com/facebook/regenerator/blob/main/license', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 29, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6876:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6876:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6876:120:WilError_01"\n "SM0:5744:120:WilError_01"\n "Local\\SM0:5744:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:5744:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:6876:304:WilStaging_02"\n "SM0:6876:120:WilError_01"\n "SM0:6876:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6876:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.43.150:443"\n "172.67.212.13:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "142.251.46.228:443"\n "172.67.71.45:443"\n "142.250.189.227:443"\n "172.217.164.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "dev.protektnet.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping6876_869169848\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00006876]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping6876_869169848\\json\\i18n-shared-components\\ja\\strings.json]- [targetUID: 00000000-00006876]\n "a8ce5196df51c32c_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\a8ce5196df51c32c_0]- [targetUID: 00000000-00006876]\n "Session_13323203029743627" has type "data"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006876]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00007564]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006876]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\manifest.fingerprint]- [targetUID: 00000000-00006876]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007564]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Part-IT" has type "data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping6876_1661340083\\Part-IT]- [targetUID: 00000000-00006876]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006876]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00006876]\n "2aab480a-d616-460d-a587-6a093b98b3e9.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\2aab480a-d616-460d-a587-6a093b98b3e9.tmp]- [targetUID: 00000000-00006876]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com"\n Pattern match: "https://github.com/facebook/regenerator/blob/main/LICENSE"\n Heuristic match: "1000logos.net"\n Pattern match: "https://track.salesflare.com/flare.js"\n Heuristic match: "api.salesflare.com"\n Heuristic match: "dev.protektnet.com"\n Pattern match: "https://dev.protektnet.com/MNU/site.php"\n Pattern match: "https://llink.to"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "track.salesflare.com"\n Pattern match: "https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/css/main.64d85253.css,static_js_url:https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/js/main.f389f055.js,static_version:53},edge_reward"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 172.67.212.13"\n "UDP connection to 142.251.46.228"\n "UDP connection to 142.250.189.227"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.43" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.43"\n Potential IP "10.34.0.43" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.43\\LICENSE"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"'}], u'threat_level': 0, u'size': None, u'job_id': u'640f5f84dbc6ba518703abfa', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', 185.199.111.153
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner2020Noneebrahemsamir.github.io185.199.111.153
2023-05-12 02:53:44Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 29, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7008:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7008:120:WilError_01"\n "SM0:6264:120:WilError_01"\n "Local\\SM0:6264:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:6264:120:WilError_01"\n "Local\\SM0:7008:120:WilError_01"\n "SM0:7008:304:WilStaging_02"\n "Local\\SM0:7008:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7008:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7008:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"\n "102.37.125.193:443"\n "35.186.254.174:443"\n "142.250.191.68:443"\n "104.18.11.207:443"\n "104.26.9.175:443"\n "142.250.189.195:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "fonts.gstatic.com"\n "llink.to"\n "stackpath.bootstrapcdn.com"\n "tamannigeria.org"\n "track.salesflare.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\MICROSOFT EDGE.LNK"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007008]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_2]- [targetUID: 00000000-00007008]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir7008_561964248\\Ruleset Data]- [targetUID: 00000000-00007008]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007008]\n "Filtering Rules" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\Filtering Rules]- [targetUID: 00000000-00007008]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00007008]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007008]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\product_page.js]- [targetUID: 00000000-00007008]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007008]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\auto_open_controller.js]- [targetUID: 00000000-00007008]\n "000009.log" has type "data"- [targetUID: N/A]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7008_877128101\\Filtering Rules-AA]- [targetUID: 00000000-00007008]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\shoppingfre.js]- [targetUID: 00000000-00007008]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007008]\n "327850598c96cdd5_0" has type "data"- [targetUID: N/A]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-253', u'name': u'Contains ability to detect presence of virtual environment (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1497', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1497', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "SetupDiGetClassDevsW" (Indicator: "SetupDiGetClassDevs"; Source: "00000000-00007008-00000C1E-47697825")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com"\n Pattern match: "https://llink.to"\n Heuristic match: "1000logos.net"\n Heuristic match: "api.salesflare.com"\n Heuristic match: "fonts.gstatic.com"\n Heuristic match: "llink.to"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "tamannigeria.org"\n Heuristic match: "track.salesflare.com"\n Pattern match: "www.gstatic.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "Math.PI/180"\n Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "https://github.com/microsoft/fast/issues/5848\\n"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "https://tamannigeria.org/NUNEZ/site.php"\n Heuristic match: "tamanrigeria.org"\n Heuristic match: "u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com"\n Pattern match: "llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com"\n Heuristic match: "a.com"\n Heuristic match: "link.to"\n Heuristic match: "m%2Ffelicia.xu%40ascensia.com"\n Heuristic match: "0ascensia.com"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'typ185.199.109.153
2023-05-12 03:13:02Malicious Affiliate IP AddressYesThreat Jammer0130NoneThreat Jammer - Risk score: 40 (MEDIUM) https://threatjammer.com/info/87.248.157.9387.248.157.93
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.29): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:27:33Open TCP PortNoPulsedive0030None188.114.96.128:80188.114.96.0/24
2023-05-12 02:53:35HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["22DC:47A8:9574C0:E80210:645D792E"], "Content_Type": ["text/html; charset=utf-8"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache": ["MISS"], "X_Timer": ["S1683847470.229374,VS0,VE28"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["ae50aba31a182a84ec5561a841cace6a8bdb972f"], "X_Cache_Hits": ["0"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100109-CHI"], "Accept_Ranges": ["bytes"]}185.199.110.153
2023-05-12 02:53:49Netblock IPv6 MembershipNoCensys0020None2606:50c0:8000::/482606:50c0:8000::153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonela_vieve (Net ID: 00:06:25:7B:45:13)33.336199,-111.89446440830702
2023-05-12 03:24:21HTTP Status CodeNoWeb Spider0040None403https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA
2023-05-12 03:09:28Co-Hosted Site - Domain NameNoSSL Certificate Analyzer2020Noneacilacikveteriner.com87.248.157.102
2023-05-12 03:35:25Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0040NoneVOIPBL Publicly Accessible PBX List [45.131.109.0/24] http://www.voipbl.org/update45.131.109.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan39 (Net ID: 00:02:6F:08:21:FC)37.7642, -122.3993
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020Nonegiters (Category: coding) https://giters.com/patrickpogodapatrickpogoda
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-0582 (Net ID: 00:1D:D4:13:05:80)32.8608, -79.9746
2023-05-12 03:17:38Similar Domain - WhoisNoWhois2020NoneDomain Name: AYHA.XYZ Registry Domain ID: D293590239-CNIC Registrar WHOIS Server: whois.discount-domain.com Registrar URL: http://www.onamae.com Updated Date: 2022-04-30T16:37:38.0Z Creation Date: 2022-04-25T16:34:12.0Z Registry Expiry Date: 2024-04-25T23:59:59.0Z Registrar: GMO Internet Group, Inc. d/b/a Onamae.com Registrar IANA ID: 49 Domain Status: ok https://icann.org/epp#ok Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Registrant Organization: Whois Privacy Protection Service by onamae.com Registrant State/Province: Tokyo Registrant Country: JP Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.GM111.PARKLOGIC.COM Name Server: NS2.GM111.PARKLOGIC.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@gmo.jp Registrar Abuse Contact Phone: +81.337709199 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayha.xyz Registry Domain ID: D293590239-CNIC Registrar WHOIS Server: whois.discount-domain.com Registrar URL: http://www.onamae.com Updated Date: 2023-04-26T06:12:30Z Creation Date: 2022-04-25T16:34:14Z Registrar Registration Expiration Date: 2023-04-25T23:59:59Z Registrar: GMO INTERNET, INC. Registrar IANA ID: 49 Registrar Abuse Contact Email: abuse@gmo.jp Registrar Abuse Contact Phone: +81.337709199 Domain Status: ok https://icann.org/epp#ok Registry Registrant ID: E4D57C1767DC8C Registrant Name: Whois Privacy Protection Service by onamae.com Registrant Organization: Whois Privacy Protection Service by onamae.com Registrant Street: 26-1 Sakuragaoka-cho Registrant Street: Cerulean Tower 11F Registrant City: Shibuya-ku Registrant State/Province: Tokyo Registrant Postal Code: 150-8512 Registrant Country: JP Registrant Phone: +81.354562560 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: proxy@whoisprotectservice.com Registry Admin ID: E4D57C3C00BE9C Admin Name: Whois Privacy Protection Service by onamae.com Admin Organization: Whois Privacy Protection Service by onamae.com Admin Street: 26-1 Sakuragaoka-cho Admin Street: Cerulean Tower 11F Admin City: Shibuya-ku Admin State/Province: Tokyo Admin Postal Code: 150-8512 Admin Country: JP Admin Phone: +81.354562560 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: proxy@whoisprotectservice.com Registry Tech ID: E4D27D6C252D99 Tech Name: Whois Privacy Protection Service by onamae.com Tech Organization: Whois Privacy Protection Service by onamae.com Tech Street: 26-1 Sakuragaoka-cho Tech Street: Cerulean Tower 11F Tech City: Shibuya-ku Tech State/Province: Tokyo Tech Postal Code: 150-8512 Tech Country: JP Tech Phone: +81.354562560 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: proxy@whoisprotectservice.com Name Server: ns1.gm111.parklogic.com Name Server: ns2.gm111.parklogic.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-04-26T06:12:30Z <<< For more information on Whois status codes, please visit https://icann.org/eppayha.xyz
2023-05-12 02:55:18Physical LocationNoCensys0030NoneFrankfurt am Main, Hesse, 60306, Germany, Europe46.101.229.70
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None008security.github.io185.199.111.153
2023-05-12 02:46:50SSL Certificate - Issued byNoSSL Certificate Analyzer0030NoneC=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA134.74.170.74
2023-05-12 02:53:08SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:02 2022 GMT Not After : Feb 15 09:44:01 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1: a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99: 22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a: be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6: 21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f: cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4: d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e: c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e: cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2: 17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62: e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64: f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b: 5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc: 63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e: df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3: 58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb: f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa: 05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91: f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe: b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b: 03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40: 44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74: 54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27: 4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28: 32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97: 57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6: 26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8: 43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d: f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9: b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c: 1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9: ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39: 9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76: 9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10: eb:dc:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 29:76:7a:56:81:b0:95:01:3f:0a:9d:7d:c4:e5:17:5f:14:64: 31:1f:ff:e8:89:b7:73:d0:e5:48:95:94:90:79:71:5f:5e:bd: 11:57:2e:35:46:0a:d0:46:0d:68:f1:c5:7a:ea:d2:5c:76:4c: 32:7a:df:e5:15:1f:4c:85:80:9e:03:4d:56:80:ad:4b:2c:6b: b1:00:96:20:ff:02:5c:fe:b3:6b:a4:df:10:d7:1a:34:e6:05: 8a:93:ce:43:93:43:f0:21:83:34:dd:3b:5d:cd:02:a2:f7:69: 01:e6:a2:9d:c4:0a:00:06:c9:25:8d:66:34:7e:e7:56:fc:96: 0c:11:f2:15:8e:1b:ee:a8:bc:70:25:91:eb:fa:be:46:78:f9: 43:e5:48:f9:88:3a:38:53:b4:c2:e1:83:7c:30:6a:d7:b6:1a: 08:51:7a:03:5c:ed:3d:25:45:1e:03:b4:ab:40:92:83:1a:fd: 41:7d:5f:d2:40:54:63:0d:0f:36:db:fd:2f:13:eb:5b:2e:6b: 08:c3:7d:13:ce:a1:6a:1d:ba:e8:54:c7:19:87:ff:c8:d8:2e: 77:d7:9f:17:34:29:b1:63:1a:a3:70:9f:2d:0d:32:ff:45:66: 9c:81:e8:0c:a2:cc:74:6a:75:0f:61:f4:74:74:89:88:86:e3: ba:d0:68:2d battleb0t.xyz
2023-05-12 03:23:31Open TCP PortNoPulsedive0030None188.114.96.11:8080188.114.96.0/24
2023-05-12 03:00:50Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.72): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11535.229.48.116
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.175): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060None3dtoday (Category: hobby) https://3dtoday.ru/blogs/loginlogin
2023-05-12 02:55:18Software UsedYesCensys0030Nonelinux46.101.229.70
2023-05-12 03:03:16IP AddressNoDNS Resolver0020None172.67.168.252panel.battleb0t.xyz
2023-05-12 03:31:58Open TCP PortNoPulsedive0030None188.114.97.0:80188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneNewgrounds (Category: gaming) https://login.newgrounds.com/login
2023-05-12 03:12:58Malicious AffiliateYesOpenPhish0030NoneOpenPhish [frabjous-lebkuchen-324004.netlify.app] https://www.openphish.com/feed.txtfrabjous-lebkuchen-324004.netlify.app
2023-05-12 02:46:42Physical LocationNoFraudguard0030NoneUnited States, South Carolina, North Charleston35.229.48.116
2023-05-12 02:44:49Company NameNoCompany Name Extractor0030NoneGitHub\, Inc.C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io
2023-05-12 03:09:26Co-Hosted Site - Domain WhoisNoWhois1040None% Hello, this is the DOMREG whois service. % % By submitting a query you agree not to use the information made % available to: % - allow, enable or otherwise support the transmission of unsolicited, % commercial advertising or other solicitations whether via email or % otherwise; % - target advertising in any possible way; % - to cause nuisance in any possible way to the registrants by sending % (whether by automated, electronic processes capable of enabling % high volumes or other possible means) messages to them. % % Version 0.4 % % For more information please visit https://whois.lt % Domain: 000.lt Status: registered Registered: 2022-10-11 Expires: 2023-10-12 % Registrar: Telia Lietuva, AB Registrar website: http://www.hostex.lt Registrar email: domains@hostex.lt % Contact organization: Telia Lietuva, AB Contact email: domains@hostex.lt % Nameserver: ns3.hostex.lt Nameserver: ns4.hostex.lt Nameserver: ns1.hostex.lt Nameserver: ns2.hostex.lt 000.lt
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneau.ru (Category: misc) https://au.ru/user/login/login
2023-05-12 02:56:38Raw Data from RIRsNoHybrid Analysis1030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'172.67.128.152'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00002536-00000BCA-24571201\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00002536-00000BCA-24572342'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"e1.o.lencr.org"\n "facesupdates.com"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003436) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF57.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9e8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_9e8_IESQMMUTEX_0_303"\n "IsoScope_9e8_IESQMMUTEX_0_519"\n "IsoScope_9e8_IE_EarlyTabStart_0xd54_Mutex"\n "IsoScope_9e8_IESQMMUTEX_0_331"\n "IsoScope_9e8_ConnHashTable<2536>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2536"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "172.67.128.152:443"\n "23.32.45.191:80"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "CLXG2BM2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CLXG2BM2.txt]- [targetUID: 00000000-00002536]\n "CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabFF56.tmp]- [targetUID: 00000000-00000812]\n "BBB0B9C986171FE6F65C60CFDD8B124F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BBB0B9C986171FE6F65C60CFDD8B124F]- [targetUID: 00000000-00000812]\n "~DF71962694B43492EC.TMP" has type "data"- Location: [%TEMP%\\~DF71962694B43492EC.TMP]- [targetUID: 00000000-00002536]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002536]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "BE2B512E0EA306BAD5DC86CC33D62C85" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BE2B512E0EA306BAD5DC86CC33D62C85]- [targetUID: 00000000-00000812]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00000812]\n "93BCFOQ7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\93BCFOQ7.txt]- [targetUID: 00000000-00002536]\n "90MZUOV9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90MZUOV9.txt]- [targetUID: 00000000-00002536]\n "1B1495DD322A24490E2BF2FAABAE1C61" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\1B1495DD322A24490E2BF2FAABAE1C61]- [targetUID: 00000000-00000812]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002536]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002536]\n "9MS61IBX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9MS61IBX.txt]- [targetUID: 00000000-00002536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00000812]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e"- [Source: Input]\n Pattern match: "https://regclickonetwoget.com"- [Source: Input]\n Heuristic match: "e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgQibVTQK8A8W0dT8xq4Fb0ooQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "facesupdates.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /Tracede/animate.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:1104.196.30.220
2023-05-12 03:43:29CountryNoCountry Name Extractor0060NoneUnited Statesinflany.com
2023-05-12 03:24:29Company NameNoCompany Name Extractor0030NoneCloudflare\, Inc.C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com
2023-05-12 03:22:54Open TCP PortNoPulsedive0020None188.114.97.1:8443188.114.97.1
2023-05-12 02:55:11Physical LocationNoCensys1020NoneBursa, Bursa Province, 16250, Turkey, Asia87.248.157.102
2023-05-12 02:46:36Physical LocationNoMetaDefender0030NoneNorth Charleston, United States34.148.97.127
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneHNG (Net ID: 00:01:E3:0D:91:90)52.3759, 4.8975
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneHackerRank (Category: tech) https://www.hackerrank.com/profile/loginlogin
2023-05-12 03:41:52Software UsedYesCensys0030NoneMicrosoft Windows45.131.109.53
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneRIA-FRANKFURT (Net ID: 00:01:E3:5C:A6:A3)50.1188, 8.6843
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"}
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5b18b39c858117-ORD Content-Encoding: gzip 104.21.71.14
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.50): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:16:B6:2D:FB:6B)32.8608, -79.9746
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00x44.github.io] https://www.openphish.com/feed.txt00x44.github.io
2023-05-12 02:46:54Affiliate - Domain NameNoDNS Resolver0020Nonecloudflare.combrett.ns.cloudflare.com
2023-05-12 02:57:24Internet NameNoCertificate Transparency0010Nonefluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5454e7fad90297-ORD 188.114.96.1
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:02:CF:4A:E5:0D)40.2024, 29.0398
2023-05-12 02:44:42Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 13:22:33 2023 GMT Not After : Jun 25 13:22:32 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad: 5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc: c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08: 31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f: 84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21: 8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e: 21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93: 90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad: 4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19: 7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0: a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5: 3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9: 5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97: a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98: 3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36: a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1: bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43: d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0: bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb: b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6: 8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5: ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57: a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f: 9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20: 00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5: d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62: 96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3: 1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d: 32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e: 25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2: 4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec: 53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2: 37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df: 2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57: 1c:e4:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a3:1a:73:71:ae:ed:9f:b5:9b:61:66:0e:f9:3c:05:e5:98:b9: 71:fe:3a:01:23:3c:a5:ed:da:b4:47:c0:62:3d:82:74:46:2d: f3:bc:7d:58:f7:9d:a3:63:b0:c8:15:ad:b0:58:bc:d6:75:4d: 8b:28:94:cb:bc:69:7c:80:f8:cd:78:76:8f:73:94:76:90:7d: 80:5c:21:83:4e:e4:26:a7:06:a5:e9:38:47:ff:a7:5f:42:bd: c4:d9:74:6a:33:69:46:51:e5:bd:52:74:21:07:0b:2d:14:31: 45:31:91:5d:2e:25:25:a0:10:c9:3a:3e:d7:38:78:9b:b2:aa: 22:af:71:e4:8a:d0:ec:e4:7c:b6:88:11:5f:5d:42:ee:2b:78: b2:c8:8f:62:9a:3e:c3:a6:06:7e:f7:0b:b9:99:fa:b8:e0:42: 79:cd:64:e7:19:13:71:ab:ad:f1:90:66:20:91:56:0f:0c:e3: 48:ed:63:55:89:67:59:f7:08:9e:72:d6:2b:54:e9:5e:60:6b: af:15:40:e4:e3:93:64:05:b5:87:bf:b5:3b:e3:0a:3e:94:9e: a2:8e:f7:62:b7:7a:47:d1:97:14:d5:e3:c4:7b:f6:89:76:12: 8c:29:e2:6a:8d:3f:22:f5:b7:f7:82:ac:c9:19:ac:5c:cb:6e: d1:2d:07:ab
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11735.229.48.116
2023-05-12 03:08:51Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12434.148.97.127
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneNesrin (Net ID: 00:02:61:71:AB:40)40.2024, 29.0398
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneELSA1 (Net ID: 00:02:2D:29:60:79)50.1188, 8.6843
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneUnited Statestelleria.com
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.239): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:10Open TCP Port BannerNoCensys0020NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 2606:4700:3031::6815:6a6
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonekwejk.pl (Category: images) https://kwejk.pl/uzytkownik/login#/tablica/login
2023-05-12 02:55:15Software UsedYesCensys0030Nonelinux165.232.113.85
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:20 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:20 GMT", "cf-ray": "7c5f605fb97f4259-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 03:09:34Affiliate - Domain NameNoDNS Resolver2050None01def.io01def.io
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneChess.com (Category: gaming) https://www.chess.com/member/AltpapierAltpapier
2023-05-12 03:21:08Account on External SiteNoAccount Finder0020Nonewattpad (Category: social) https://www.wattpad.com/user/dawidsulejdawidsulej
2023-05-12 02:57:09SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:22 2022 GMT Not After : Feb 15 17:26:21 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a: f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8: c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b: dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6: 12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19: e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4: d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49: 42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48: 5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51: 8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60: e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8: ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a: 91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8: c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9: 81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f: e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2: 8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d: 0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7: 36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8: 19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3: 12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a: ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f: 97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f: dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1: 9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd: f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88: be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36: 8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad: df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80: 9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf: c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2: 59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0: 88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc: d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0: b4:f9:c1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 12:c3:23:0c:67:c6:85:51:aa:d3:80:18:b2:65:bd:31:94:8a: e8:5c:6a:01:d8:5d:c1:9e:5e:a1:8a:00:bf:31:a6:2d:2b:2a: d3:2e:c1:cb:48:32:97:61:63:f9:88:e4:9c:86:57:55:70:0b: 32:91:1a:0d:37:95:fb:a7:7b:4a:02:c1:4f:b7:cf:20:cf:d1: 69:54:62:41:0e:be:38:0e:7b:77:6c:7e:42:cd:d3:80:5f:ab: 19:e5:8c:24:db:b5:99:d7:5b:1e:e0:f9:51:35:ee:2e:e0:f2: 3b:0e:28:4f:52:fb:a4:cb:e5:d4:44:71:e2:b7:97:1e:35:f2: db:f3:26:a9:1f:bb:8d:8d:14:2e:84:1c:98:58:cd:d8:11:56: db:34:47:2c:b7:4d:26:01:fe:51:2b:7a:54:d2:4b:ab:c8:ee: ec:9f:45:39:6f:fe:90:a4:3d:93:8b:30:b0:a3:b3:2d:bc:f4: ee:4f:24:be:81:68:9c:c9:32:9e:f9:8d:83:ca:11:33:39:6f: 6f:95:05:65:ef:78:3c:14:e2:53:b2:de:b5:09:28:66:eb:7a: 0b:3e:3f:89:c9:6f:58:91:18:c2:4c:16:9c:f4:c2:32:78:48: 59:ef:54:a6:fe:8f:f7:3b:d0:54:03:d1:5b:32:86:ec:46:0e: b4:71:65:41 battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-A822 (Net ID: 00:1D:D4:64:A8:20)32.8608, -79.9746
2023-05-12 02:46:04Physical CoordinatesNoAbstractAPI0030None32.8608, -79.974634.74.170.74
2023-05-12 02:59:58Affiliate - Email AddressNoE-Mail Address Extractor0030Nonename@example.com[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://hassan-gamall.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6760:304:WilStaging_02"\n "SM0:6760:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6760:304:WilStaging_02"\n "Local\\SM0:6760:120:WilError_01"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httpshassan-gamall.github.ionetflix")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006768]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006768]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006768]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006768]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006768]\n "Tabs_13327998438932197" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13327998438932197]- [targetUID: 00000000-00006768]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006768]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5d847ab1-2881-4324-a2c6-29fe1a950926.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\5d847ab1-2881-4324-a2c6-29fe1a950926.tmp]- [targetUID: 00000000-00006768]\n "88a6edb1-7ca5-423a-948d-baf040324d05.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\88a6edb1-7ca5-423a-948d-baf040324d05.tmp]- [targetUID: 00000000-00006768]\n "a969316a-dad8-4b0d-bf02-210809eb9653.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\a969316a-dad8-4b0d-bf02-210809eb9653.tmp]- [targetUID: 00000000-00006768]\n "6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp]- [targetUID: 00000000-00006768]\n "be503e2a-334b-416d-8133-7309c5f020e8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\be503e2a-334b-416d-8133-7309c5f020e8.tmp]- [targetUID: 00000000-00006768]\n "3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp]- [targetUID: 00000000-00006768]\n "ba18673a-06ca-42f2-836f-2b95dafc094e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ba18673a-06ca-42f2-836f-2b95dafc094e.tmp]- [targetUID: 00000000-00006768]\n "8a917af9-8d36-4842-b176-78503ca8e5cb.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8a917af9-8d36-4842-b176-78503ca8e5cb.tmp]- [targetUID: 00000000-00006768]\n "Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor]- [targetUID: 00000000-00006768]\n "Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies]- [targetUID: 00000000-00005860]\n "Network Action Predictor-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor-journal]- [targetUID: 00000000-00006768]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\000003.log]- [targetUID: 00000000-00006768]\n "222527e1-3f73-4acc-a332-f69002db3178.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\222527e1-3f73-4acc-a332-f69002db3178.tmp]- [targetUID: 00000000-00006768]\n "f838898f-efdb-43ba-a200-ee2debfcb004.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\f838898f-efdb-43ba-a200-ee2debfcb004.tmp]- [targetUID: 00000000-00006768]\n "9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp]- [targetUID: 00000000-00006768]\n "7f4cd2f4-322e-419e-b872-153c4df2b660.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7f4cd2f4-322e-419e-b872-153c4df2b660.tmp]- [targetUID: 00000000-00006768]\n "4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp]- [targetUID: 00000000-00006768]\n "Cookies-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies-journal]- [targetUID: 00000000-00005860]\n "History-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00006768]\n "urlref_httpshassan-gamall.github.ionetflix" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00006768]\n "000004.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Session Storage\\000004.log]- [targetUID: 00000000-00006768]\n "0a0f3415-fbdd-4dcb-895f-bbcb036930f4.tmp" has type "ASCII text with very long lines with no line terminators"- L
2023-05-12 03:09:45Affiliate - Internet NameNoDNS Resolver0040None135.97.148.34.bc.googleusercontent.com34.148.97.135
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonearpej (Net ID: 00:1A:2A:02:1A:E6)40.2024, 29.0398
2023-05-12 02:56:56Internet NameNoDNS Resolver0050Nonewww.ayhu.xyz<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '15631', cRay: '7c5f6071cb5443bc', cHash: '381065269fdd378', cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv', t: 'MTY4Mzg2MDA2My4wMDEwMDA=', m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=', i1: 'MsbaNnnSVdv9s0jxu/qFPg==', i2: 'D5L567ziFL3S1185dlxV3g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.214): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:80188.114.97.1
2023-05-12 03:32:02Open TCP PortNoPulsedive0030None188.114.97.2:8080188.114.97.0/24
2023-05-12 03:36:42Physical LocationNoMetaDefender0020NoneMedellin, Colombia188.114.96.1
2023-05-12 02:44:24Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.109.153
2023-05-12 03:24:21HTTP HeadersNoWeb Spider10040None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2087172.67.135.9
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneTF2 Backpack Examiner (Category: gaming) http://www.tf2items.com/id/Battleb0t/Battleb0t
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010Nonevsco (Category: social) https://vsco.co/ayshoo/galleryayshoo
2023-05-12 02:54:07Open TCP PortNoCensys0020None2606:4700:3031::ac43:8709:802606:4700:3031::ac43:8709
2023-05-12 02:55:22Raw Data from RIRsNoGoogle0010None{'webSearchUrl': u'https://www.google.com/search?q=site:battleb0t.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://battleb0t.xyz/']}battleb0t.xyz
2023-05-12 03:32:19Open TCP PortNoPulsedive0030None188.114.97.10:443188.114.97.0/24
2023-05-12 02:49:17Raw Data from RIRsNoHybrid Analysis2020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://generalatlantic.com/astehnkuhl@generalatlantic.com%20https://site.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fastehnkuhl%40generalatlantic.com%20https%3A%2F%2Fllink.to%2F%3Fu%3Dhttps%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fjdenig%40generalatlantic.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3f4_IE_EarlyTabStart_0xe18_Mutex"\n "IsoScope_3f4_IESQMMUTEX_0_331"\n "IsoScope_3f4_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3f4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "IsoScope_3f4_ConnHashTable<1012>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.43.150:443"\n "104.21.16.120:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://plus.google.com/107971784894043504000/" onclick="window.open(this.href);return false;"><i class="fa fa-google-plus"></i></a>" (Indicator: "plus.google.com")\n "<a href="https://twitter.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-twitter"></i></a>" (Indicator: "twitter")\n "<a href="https://www.facebook.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a href="https://www.linkedin.com/company/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-linkedin"></i></a>" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/user/nexcessnet" onclick="window.open(this.href);return false;"><i class="fa fa-youtube"></i></a>" (Indicator: "youtube")\n "<p>Congrats on launching your new Website! Spread the good news: <a href="https://twitter.com/share" class="twitter-share-button" data-text="Just launched my new website with @Nexcess!" data-count="none">Tweet</a></p>" (Indicator: "twitter")\n "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar102F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1041.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab102E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1040.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "GJU2ZIBE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GJU2ZIBE.txt]- [targetUID: 00000000-00001012]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002472]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF50FE3D0FF9FC6B92.TMP" has type "data"- Location: [%TEMP%\\~DF50FE3D0FF9FC6B92.TMP]- [targetUID: 00000000-00001012]\n "_5CF2F181-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._52546023-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "site_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "FTU5WTPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FTU5WTPF.txt]- [targetUID: 00000000-00001012]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "llink_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_A79A7ACA-C1A9-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "5EL6UQQZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5EL6UQQZ.txt]- [targetUID: 00000000-00002472]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"!1,w)})},u).prototype.cr=function(){},u.prototype.xy=function(){this.mx.g().focus()},u.prototype.tt=function(w,z,u,r,e,z,y){return(r=((z=new a_((e=["api","payload",(u=void 0===u?"":u,y=["p",0,37],2)],f)[29](y[2],e[y[1]],e[1])+u),z.u).set(y[0],w),wx.y()).get(),z.u.set("k",v[7](16,e[2],r)),z&&z.u.set("id",z),z).tostring()},u).prototype.h1=function(){},u.prototype.ia=function(w,z){(((this.su[(z=["qu",30,"sq"],z)[0]](w),this).mx[z[0]](w),this).rr[z[0]](w),this)[z[2]][z[0]](w),this.bi[z[0]](w),v[z[1]](9," [Source: recaptcha__en_1_.js]\n Observed email domain:"z,u){(this[(((((td.prototype.sw[z=["undo-button-holder","image-button-holder","verify-button-holder"],u=["call",1,"sq"],u[0]](this,w),this.su).render(c[41](68,this,"reload-button-holder")),this.mx.render(c[41](52,this,"audio-button-holder")),this.rr).render(c[41](53,this,z[u[1]])),this.bi).render(c[41](84,this,"help-button-holder")),this.xv).render(c[41](68,this,z[0])),f[13](8,!1,this.xv.g()),u)[2]].render(c[41](68,this,z[2])),this).ee?f[13](22,!1,this.mx.g()):f[13](20,!1,this.rr.g())},u).prototype.nu=" [S185.199.110.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneDaltonInt (Net ID: 00:0A:04:99:14:E2)33.617190550339146,-111.90827887019054
2023-05-12 02:54:21Linked URL - InternalNoWeb Spider0030Nonehttp://vscode.battleb0t.xyzvscode.battleb0t.xyz
2023-05-12 03:09:45Affiliate - Internet NameNoDNS Resolver0040None133.97.148.34.bc.googleusercontent.com34.148.97.133
2023-05-12 02:54:20Web Content TypeNoWeb Spider0040Nonetext/css;charset=utf-8https://funny.battleb0t.xyz/gallery.css
2023-05-12 02:46:50Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app34.148.97.127
2023-05-12 03:36:17Blacklisted IP on Same SubnetYesDroneBL0040Nonedronebl.org - Brute force attackers (45.131.109.177)45.131.109.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonetom1 (Net ID: 00:06:25:9C:ED:D2)33.6170672,-111.90564645297056
2023-05-12 03:12:11Co-Hosted Site - Domain WhoisNoWhois2030None Domain Name: ACILACIKVETERINER.COM Registry Domain ID: 2652209212_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2023-04-01T13:07:55Z Creation Date: 2021-11-02T23:11:03Z Registry Expiry Date: 2023-11-02T23:11:03Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: ok https://icann.org/epp#ok Name Server: NSC1.KEYUBU.NET Name Server: NSC2.KEYUBU.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:11:50Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ACILACIKVETERINER.COM Registry Domain ID : 2652209212_DOMAIN_COM-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2023-04-01T12:50:32Z Creation Date: 2021-11-02T23:11:03Z Registrar Registration Expiration Date: 2023-11-02T23:11:03Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: ok http://www.icann.org/epp#OK Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: Elazig Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=ACILACIKVETERINER.COM Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: NSC1.KEYUBU.NET Name Server: NSC2.KEYUBU.NET DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:12:00Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2 acilacikveteriner.com
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:02:CF:DB:DC:87)40.2024, 29.0398
2023-05-12 03:31:30Affiliate - Email AddressNoE-Mail Address Extractor0070Noneabuse@godaddy.comDomain Name: AMCODEV.ME Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2023-01-03T11:02:11Z Creation Date: 2018-01-02T22:12:38Z Registry Expiry Date: 2024-01-02T22:12:38Z Registrar Registration Expiration Date: Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Reseller: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Domain Name: amcodev.me Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2023-01-03T11:02:09Z Creation Date: 2018-01-02T22:12:38Z Registrar Registration Expiration Date: 2024-01-02T22:12:38Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR434510046 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Admin ID: CR434510262 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Tech ID: CR434510194 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:14:48Vulnerability - CVE LowYesTool - testssl.sh0220NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.www.ayhu.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWSTOCK (Net ID: 00:1C:DF:E5:DC:4B)32.8608, -79.9746
2023-05-12 02:56:05Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'rfc822-email_part_001.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "152.199.4.44:443"\n "69.16.175.42:443"\n "142.251.33.106:443"\n "52.85.247.99:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aadcdn.msftauth.net"\n "code.jquery.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e20_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e20_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e20_ConnHashTable<3616>_HashTable_Mutex"\n "IsoScope_e20_IESQMMUTEX_0_303"\n "IsoScope_e20_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e20_IE_EarlyTabStart_0xc4c_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3616"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3616"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "P79XNZ7Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P79XNZ7Z.txt]- [targetUID: 00000000-00002500]\n Dropped file: "Y54NJROK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y54NJROK.txt]- [targetUID: 00000000-00003616]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab11C5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1263.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00003616]\n "urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003616]\n "arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00003616]\n "jquery-3.1.1.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003616]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002500]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003616]\n "Cab11C5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab11C5.tmp]- [targetUID: 00000000-00002500]\n "Tar11C6.tmp" has type "data"- Location: [%TEMP%\\Tar11C6.tmp]- [targetUID: 00000000-00002500]\n "ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00003616]\n "1366x768_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Adobe Photoshop CC 2015 (Windows) datetime=2020:08:31 21:49:19] progressive precision 8 1366x768 components 3"- [targetUID: 00000000-00003616]\n "~DF261B847065F69F2A.TMP" has type "data"- Location: [%TEMP%\\~DF261B847065F69F2A.TMP]- [targetUID: 00000000-00003616]\n "~DF24279E1E17C14A0C.TMP" has type "data"- Location: [%TEMP%\\~DF24279E1E17C14A0C.TMP]- [targetUID: 00000000-00003616]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: 00000000-00003616]\n "~DFE39359F0B84D8997.TMP" has type "data"- Location: [%TEMP%\\~DFE39359F0B84D8997.TMP]- [targetUID: 00000000-00003616]\n "_ECCEEC9E-703B-11ED-B14B-080027175B4B_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: 00000000-00003616]\n "P79XNZ7Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P79XNZ7Z.txt]- [targetUID: 00000000-00002500]\n "~DF07DA6377032F108B.TMP" has type "data"- Location: [%TEMP%\\~DF07DA6377032F108B.TMP]- [targetUID: 00000000-00003616]\n "Cab1263.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1263.tmp]- [targetUID: 00000000-00002500]\n "RecoveryStore._F85F23EB-7026-11ED-B14B-080027175B4B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003616]\n "Y54NJROK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y54NJROK.txt]- [targetUID: 00000000-00003616]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "aadcdn.msftauth.net"\n Heuristic match: "code.jquery.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 104.196.30.220 on port 443"\n "HTTPS traffic to 152.199.4.44 on port 443"\n "HTTPS traffic to 69.16.175.42 on port 443"\n "HTTPS traffic to 142.251.33.106 on port 443"\n "HTTPS traffic to 52.85.247.99 on port 443"'}], u'threat_level': 0, u'size': 413, u'job_id': u'63867bb52e687907d6210c8b', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220', u'152.199.4.44', u'69.16.175.42', u'142.251.33.106', u'52.85.247.99'], u'sha256': u'5991841f0d0b33c05baeab2c866b87b0423a247614eafdffda112de9069a5548', u'sha512': u'73c918827db67a1242b4e24aacbf266560b271eadbf13e6dff0e804c9333cd250d04a691aaf1dc1ed61fb982c698ed098d511a9462a537a9d792cb71690243d8', u'image_file_characteristics': [], u'submissions': [{u'url': No104.196.30.220
2023-05-12 02:45:04CountryNoCountry Name Extractor0030NoneUnited Statescloudwaysapps.com
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneSR.Mandant (Net ID: 00:01:21:30:6F:28)50.1188, 8.6843
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/favicon.pnghttps://pics.battleb0t.xyz/
2023-05-12 03:10:12Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0040NoneVOIPBL Publicly Accessible PBX List [64.226.80.0/20] http://www.voipbl.org/update64.226.80.0/20
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.206): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:53Affiliate - Domain NameNoDNS Resolver0020Nonecloudflare.netroute3.mx.cloudflare.net
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneReddit (Category: social) https://www.reddit.com/user/ayshooayshoo
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.6): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:25SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:01 2022 GMT Not After : Feb 15 09:44:00 2023 GMT Subject: CN=portainer.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b: ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3: bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20: df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1: 57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59: fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9: be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47: ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f: 9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de: 5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e: 71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5: 8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98: 8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd: 1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90: c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85: 69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14: 0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef: 5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42: eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d: b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69: 74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9: 94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7: 06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c: ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68: 1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20: ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5: 7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3: 23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82: d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0: 9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9: 0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba: 34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af: b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46: 99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82: 5c:f7:3f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:portainer.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:01.511 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:BA:66:A9:AA:5E:0F:A6:67:BA:ED:61: B9:4A:97:4F:0B:86:A7:57:50:55:B9:A5:69:1B:DC:7C: 65:C9:5B:E4:5B:02:20:6A:38:79:69:94:85:41:86:C0: 4E:33:F0:44:69:54:C5:A9:40:ED:85:BC:5D:66:70:B8: 31:1F:C8:D3:58:B2:89 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 10:44:01.990 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D7:1B:E9:32:CF:B7:9A:93:B2:BF:77: 63:D5:5A:7F:F4:A0:6C:77:51:03:FE:F1:5C:A7:51:2C: 16:22:63:24:9A:02:21:00:E1:61:68:D5:A1:EE:9A:2E: 9E:AF:84:50:74:9E:B6:EB:55:A1:CA:4D:CE:91:07:8D: 31:2D:F6:05:41:96:C7:BF Signature Algorithm: sha256WithRSAEncryption a4:99:cc:17:c2:9a:8e:12:57:4b:5f:f3:9f:2c:de:1e:67:a2: 15:f4:c2:a6:9a:37:ce:60:60:9f:eb:7b:4e:d1:f5:56:0a:77: 87:4d:62:42:b9:af:17:7b:da:58:7a:6f:13:64:15:09:4e:90: 23:78:51:46:b5:fd:d4:cc:83:1e:ee:91:6d:c6:56:93:07:ae: 30:b8:d8:e6:ea:e5:86:c8:36:d3:3f:ac:2f:8b:df:14:86:08: eb:08:79:b4:e2:b8:85:a4:15:71:51:85:18:65:cb:a8:ed:92: eb:f7:89:15:96:1f:f7:d9:1c:15:d2:aa:fd:8f:7f:2f:0c:fa: 5e:72:7c:3c:89:e8:0c:5a:70:50:ef:1f:1d:93:9d:0a:a2:65: 6b:bc:f9:07:8e:3b:f7:ed:d5:4c:37:b1:48:2b:7b:c8:b0:02: 1d:3a:a2:c7:65:6c:2d:5a:92:f1:fd:51:00:e1:4b:ac:78:1f: 32:ae:7e:03:f4:0b:1f:cf:e7:b2:0f:1e:53:51:4d:d4:41:52: 82:77:57:35:05:af:16:cf:55:87:95:55:14:cd:4c:80:d7:09: 00:5e:46:ac:87:47:23:25:66:0a:6d:de:61:87:1a:7b:22:b8: 5a:2a:93:d2:ac:83:ea:40:df:11:e8:22:85:ab:f2:84:66:88: cc:de:a7:8a battleb0t.xyz
2023-05-12 03:24:50CountryNoCountry Name Extractor0030NoneUnited StatesLondon, England, W1B, United States, North America
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneFlipboard (Category: tech) https://flipboard.com/@ayshooayshoo
2023-05-12 03:00:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.14): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:17:05UsernameNoAccount Finder17010Nonebattleb0tbattleb0t.xyz
2023-05-12 02:54:01Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://kurt-defreitas.github.io/img/placeholder.sv', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bd8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bd8_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bd8_ConnHashTable<3032>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bd8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3032"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_bd8_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bd8_IE_EarlyTabStart_0xbb8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kurt-defreitas.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "en-US.5" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.5]- [targetUID: 00000000-00003032]\n "~DFA2731819B86592CA.TMP" has type "data"- Location: [%TEMP%\\~DFA2731819B86592CA.TMP]- [targetUID: 00000000-00003032]\n "~DFCCC928221FE4ACD8.TMP" has type "data"- Location: [%TEMP%\\~DFCCC928221FE4ACD8.TMP]- [targetUID: 00000000-00003032]\n "~DF3682FED50B1F86F1.TMP" has type "data"- Location: [%TEMP%\\~DF3682FED50B1F86F1.TMP]- [targetUID: 00000000-00003032]\n "~DF9E4BE3D4F707C6B3.TMP" has type "data"- Location: [%TEMP%\\~DF9E4BE3D4F707C6B3.TMP]- [targetUID: 00000000-00003032]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._4536F183-D3A7-11ED-A4A6-080027748A4E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_4536F185-D3A7-11ED-A4A6-080027748A4E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_4D880574-D3A7-11ED-A4A6-080027748A4E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "2UHLR4HR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2UHLR4HR.txt]- [targetUID: 00000000-00003032]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "TPFMNZ18.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TPFMNZ18.txt]- [targetUID: 00000000-00003032]\n "HPYEEPFO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HPYEEPFO.txt]- [targetUID: 00000000-00003032]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://kurt-defreitas.github.io/img/placeholder.sv"\n Pattern match: "https://kurt-defreitas.github.io"\n Pattern match: "MUID3901E857A0CA662738CBFA56A18667BBmicrosoft.com/1025411295705631056689247978600330978218*SRCHDAF=NOFORMmicrosoft.com/1024194638604831125287247978600330978218*SRCHUIDV=2&GUID=A9F735962E2A42C3AFD3CAEB5B5F826B&dmnchg=1microsoft.com/1024194638604831125287247"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025333882060831061302120807300431025076*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUIDB3901E857A0CA662738CBFA56A18667BBieonline.microsoft.com/9216244540108831103547120572925431025076*"\n Heuristic match: "kurt-defreitas.github.io"\n Pattern match: "kurt-defreitas.github.io/img/placeholder.sv"\n Heuristic match: "urt-defreitas.github.io"\n Heuristic match: "img/placeholder.sv"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\rundll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\IEFRAME.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'642d77c048c27e508a04f41c', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 3, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.109.153'], u'sha256': u'f8888b6fa1427ba3882de44e533fed25e64f7f76af4d032bc1a8856df7bb161b', u'sha512': u'c1ecf0ef0a8cc6465fd767beba9a9de0182633eadebdcd46681d32fcecf6bc9a2d40b17032b512656c173c7bf9bc7fba09331efcb1478464d13e4cd84da89283', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://kurt-defreitas.github.io/img/placeholder.sv', u'submission_id': u'642d77c148c27e508a04f41d', u'created_at': u'2023-04-05T13:29:37+00:00', u'filename': None}], u'analysis_start_time': u'2023-04-05T13:42:20+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c58c917dcf7fa15b312b69ef43d33c3b', u'network_mode': u'default', u'processes': [], u'sha1': u'b112d67b92ef42cae143614cd7ccb3351a327eb8', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'kurt-defreitas.github.io'], u'extracted_files': [], u'type_short': []}]185.199.109.153
2023-05-12 02:54:20BGP AS MembershipNoCensys0040None146182600:1f18:2489:8200::c8
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneAitchBee13 (Net ID: 00:02:2D:68:90:A6)37.7642, -122.3993
2023-05-12 02:44:13Co-Hosted SiteNoSSL Certificate Analyzer0120Nonegithub.iowww.battleb0t.xyz
2023-05-12 02:44:28Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 0d:40:8d:d9:7c:a1:bd:4c:0d:06:c5:3f:c3:e9:2e:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Apr 11 04:54:50 2023 GMT Not After : Jul 10 04:54:49 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a5:65:fa:d8:79:b7:aa:9f:cd:61:b9:6d:61:bb: e3:07:27:16:d3:e1:46:58:db:ea:35:f8:26:d8:c8: 09:7e:b6:39:79:12:45:7f:4a:96:c2:65:47:bc:37: b3:76:46:83:08:24:7b:32:63:f5:07:b6:17:66:20: 18:e4:18:8c:6e:16:7f:bc:81:ec:10:38:cc:20:6d: 2c:d6:29:65:3d:24:15:7a:78:2a:d0:43:3c:46:03: 10:b3:27:47:c6:2c:d9:37:1a:f8:11:aa:82:ad:00: 76:a7:88:0c:2b:f1:1a:b2:9a:95:76:c4:a9:4b:c3: 62:f9:12:87:35:9a:50:60:71:89:06:0b:f5:83:3f: b3:37:8b:3d:cb:f9:c2:99:ee:99:d3:c8:08:07:e1: c6:20:fc:1e:cb:95:74:f5:c1:74:33:8b:1b:39:2e: 63:89:98:62:bd:9a:c6:13:b2:b5:95:ec:cb:ee:ce: 27:e7:da:24:f1:8e:b6:e6:ab:e2:7a:20:63:e1:26: ab:e8:05:03:30:6e:ae:59:d4:02:26:10:36:ee:3d: 2a:f4:c0:78:59:fa:77:cd:2a:88:bd:16:94:1a:e1: c4:ca:d8:5b:b7:12:2e:db:10:0e:ec:94:77:40:49: b3:6f:75:18:22:d3:cb:58:3c:44:d0:05:e2:db:a8: 00:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BA:51:29:0E:2E:1D:B8:E3:1A:BA:7C:11:8D:3C:69:BB:27:B0:51:A7 X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/TQXQbT5nMS4 CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/PX7fR59yV-s.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 35:8a:d2:67:fd:ed:b1:23:72:f0:a2:4c:97:ee:c5:7e:e1:b0: 84:de:17:e3:7f:b0:fd:4c:e4:f5:d9:c1:87:4a:b8:32:d6:97: 13:2d:ab:c3:d8:0c:ce:60:02:7a:3d:d5:8b:4f:9b:89:37:1e: 07:e8:65:4f:13:db:bc:f2:3f:ba:ea:3a:b7:97:d8:a0:c0:4a: 65:8c:35:35:fd:69:77:08:6c:3c:bf:e2:a6:4a:02:ca:fc:ed: e5:52:89:bc:c1:b6:61:98:79:3c:a3:31:8c:d6:1d:49:4c:6e: 4f:51:4b:80:2f:a3:0a:eb:fd:a0:1d:23:01:9e:b7:13:91:2e: ea:39:a6:6a:a5:6e:65:a0:60:47:cf:fa:44:01:e4:af:f2:74: c6:c0:9c:28:45:d7:eb:58:39:c7:39:24:41:f2:f3:e3:a3:aa: 8b:59:5c:05:a1:91:0e:a2:f0:b0:ab:cb:39:e8:59:97:1b:9f: 8d:d8:c2:47:ab:c2:d9:46:03:7a:5d:eb:fd:3e:65:0d:f9:fe: dc:1b:a2:95:80:34:f0:64:f6:d6:5a:43:e4:2b:5f:53:8b:84: 65:53:97:2f:8f:bb:f4:1d:f8:10:82:18:da:d2:33:31:94:ea: 59:b0:de:49:31:a7:28:65:0c:5e:e7:fb:cf:58:f0:de:70:9b: 5c:67:53:d1
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/random_6.PNGhttps://pics.battleb0t.xyz/
2023-05-12 02:55:18Open TCP PortNoCensys0030None46.101.229.70:2246.101.229.70
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:DD:2B:69)39.0469, -77.4903
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePornhub Users (Category: XXXPORNXXX) https://www.pornhub.com/users/loginlogin
2023-05-12 02:45:16Physical LocationNoipapi.co0040NoneToronto, Ontario, ON, Canada, CA2606:4700:3030::ac43:a8fc
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonenocwap (Net ID: 00:04:5A:CC:3F:27)33.617190550339146,-111.90827887019054
2023-05-12 02:44:27IP AddressNoDNS Resolver51020None172.67.168.252nwapi2.battleb0t.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneMIP (Net ID: 00:01:29:EE:B3:03)37.7813933,-122.3918002
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneDD-WRT (Net ID: 00:14:BF:30:AA:54)32.8608, -79.9746
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None20:35:09 (Net ID: 00:02:2D:05:BE:2A)37.780462,-122.390564
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneRyanLG (Net ID: 00:01:36:4F:9A:F0)37.7813933,-122.3918002
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.6934.74.170.74
2023-05-12 03:00:10Internet Name - UnresolvedNoCertificate Transparency0010Nonecpanel.ayhu.xyzayhu.xyz
2023-05-12 03:08:59Affiliate - IP AddressNoDNS Look-aside3020None87.248.157.9387.248.157.102
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.251): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:58Physical CoordinatesNoAbstractAPI93030None50.1188, 8.684364.226.81.43
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 09:cc:cb:40:35:8f:10:16:7b:c7:37:cb:94:7e:31:1a Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 Validity Not Before: Mar 23 00:00:00 2023 GMT Not After : Mar 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:c7:e0:ee:e2:73:a9:c6:66:6e:30:ed:fc:ae:52: d4:ca:18:2f:13:3b:72:ab:38:92:54:46:c1:4d:8e: 47:44:3c:fd:42:6f:de:16:4a:26:42:38:ad:e6:91: f4:0b:0b:51:3f:e6:50:3a:4c:ca:ea:9e:3d:ae:a2: 1a:21:17:88:b9 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F X509v3 Subject Key Identifier: ED:98:C9:DB:21:9F:40:A3:B3:0F:A1:47:F2:8D:C0:DD:DA:EB:C7:D1 X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz, DNS:sni.cloudflaressl.com X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl Full Name: URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt X509v3 Basic Constraints: critical CA:FALSE CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA256 30:46:02:21:00:f0:9f:8d:f6:d4:d5:c9:85:3d:e1:3b:e8:89: 39:bb:cd:62:6f:8c:ee:3f:e9:ac:78:6c:9b:85:17:ee:a9:64: 05:02:21:00:e4:53:28:da:31:66:f2:dc:34:6e:1b:42:2d:d7: 79:d3:ee:4b:3d:8a:1c:37:ce:37:5d:dc:4f:bf:b9:94:32:b3 battleb0t.xyz
2023-05-12 02:55:11Open TCP Port BannerNoCensys0120None220-cp.keyubu.net ESMTP Exim 4.95 #2 Wed, 10 May 2023 17:29:11 +0300 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. 87.248.157.102
2023-05-12 03:32:13Open TCP PortNoPulsedive0030None188.114.97.7:443188.114.97.0/24
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13234.148.97.127
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneFizzyPop (Net ID: 00:02:2D:0F:C8:E1)34.0544, -118.244
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None07:55:46 (Net ID: 00:02:2D:05:BB:87)37.780462,-122.390564
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 02:44:09Software UsedYesTool - Wappalyzer0010NoneHTTP/3ayhu.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX55154D2E3 (Net ID: 00:01:E3:54:D2:E3)52.3759, 4.8975
2023-05-12 03:41:56Affiliate - Domain NameNoDNS Resolver2050Nonetjdev.demn2.tjdev.de
2023-05-12 02:44:10Co-Hosted SiteNoSSL Certificate Analyzer0110Nonegithubusercontent.combattleb0t.xyz
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider0020Nonehttp://funny.battleb0t.xyzfunny.battleb0t.xyz
2023-05-12 03:18:50Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18}https://funny.battleb0t.xyz/images/withat_3.jpg
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None#LG@Vo1P*Service& (Net ID: 00:01:36:57:A4:17)37.780462,-122.390564
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneGZN00674 (Net ID: 00:00:00:00:00:F0)52.3759, 4.8975
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F1:C3:85)37.7813933,-122.3918002
2023-05-12 02:54:13HTTP HeadersNoWeb Spider9030None{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}https://battleb0t.xyz/./src/style.css?4
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneAUMWLAN (Net ID: 00:02:2D:0A:E6:C5)50.1188, 8.6843
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None2WIRE271 (Net ID: 00:02:2D:8F:2B:40)37.7642, -122.3993
2023-05-12 03:03:32Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007ayong.github.io
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None000panther.github.io185.199.111.153
2023-05-12 03:03:22Co-Hosted Site - Domain NameNoDNS Resolver2030Nonedontkillmyapp.com0.dontkillmyapp.com
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonejbnowires (Net ID: 00:06:25:F6:CF:DC)39.0469, -77.4903
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}104.21.71.14
2023-05-12 02:55:15Open TCP PortNoCensys0030None165.232.113.85:443165.232.113.85
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.69): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NonePMV (Net ID: 00:05:5D:FA:C1:BE)33.336199,-111.89446440830702
2023-05-12 02:44:09Software UsedYesTool - Wappalyzer0010NoneCloudflare Turnstileayhu.xyz
2023-05-12 03:22:52Open TCP PortNoPulsedive0020None188.114.96.1:8443188.114.96.1
2023-05-12 03:00:51Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.78): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None141205 (Net ID: 00:0B:85:50:7F:90)39.0469, -77.4903
2023-05-12 03:03:21Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-to-1.github.io
2023-05-12 02:55:07Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://ojack.xyz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:6852:120:WilError_01"\n "Local\\SM0:740:304:WilStaging_02"\n "SM0:740:120:WilError_01"\n "Local\\SM0:740:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6852:304:WilStaging_02"\n "SM0:6852:304:WilStaging_02"\n "Local\\SM0:6852:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6852:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6852:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6852:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ojack.xyz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"in.getclicky.com"\n "ojack.xyz"\n "static.getclicky.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.250.191.42:443"\n "142.250.189.227:443"\n "104.16.160.16:443"\n "198.145.13.13:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "NTMARTA.DLL" at base a32e0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base a5b50000\n "msedge.exe" loaded module "COMBASE.DLL" at base a5580000\n "msedge.exe" loaded module "OLE32.DLL" at base a5eb0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base a27b0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 8ae60000\n "msedge.exe" loaded module "NTDLL.DLL" at base a7e20000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base a5c60000\n "msedge.exe" loaded module "SHELL32.DLL" at base a61a0000\n "msedge.exe" loaded module "USER32.DLL" at base a7c40000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base a4d80000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base a4d80000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base a5990000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base a4d80000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006852]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006852]\n "f_00023e" has type "PNG image data 300 x 196 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00003396]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.fingerprint]- [targetUID: 00000000-00006852]\n "f_000243" has type "PNG image data 289 x 180 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 300 x 198 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00003396]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6852_563561959\\Ruleset Data]- [targetUID: 00000000-00006852]\n "443bec75-e48d-4dfb-a27d-6c7bdb483d29.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\443bec75-e48d-4dfb-a27d-6c7bdb483d29.tmp]- [targetUID: 00000000-00006852]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6852_754789510\\product_page.js]- [targetUID: 00000000-00006852]\n "b336ebd0-d4a4-47df-b4d1-6b4d3bb59bf0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b336ebd0-d4a4-47df-b4d1-6b4d3bb59bf0.tmp]- [targetUID: 00000000-00006852]\n "c2875db4-cba6-4d84-a77a-6de6d5492f57.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006852]\n "08f946f8-b564-437d-821b-598e5badcc01.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\08f946f8-b564-437d-821b-598e5badcc01.tmp]- [targetUID: 00000000-00006852]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006852]\n "7d70116931cea979_0" has type "data"- [targetUID: N/A]\n "2aee7d6bbf2b31a5_0" has type "data"- [targetUID: N/A]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00006852]\n "98e55e92-e324-45be-9e61-0387e96294ef.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"ojack.xyz" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://ojack.xyz/"\n Pattern match: "http://ojack.xyz"\n Heuristic match: "in.getclicky.com"\n Heuristic match: "static.getclicky.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}], u'threat_level': 0, u'size': None, u'job_id': u'63f91081ab1fec1267059632', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'suspicious_ide185.199.109.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-timer: S1683860056.740489,VS0,VE2{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneReddit (Category: social) https://www.reddit.com/user/loginlogin
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:03:21Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-range.github.io
2023-05-12 03:08:49Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.11035.229.48.116
2023-05-12 02:46:53Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyz[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kekw.battleb0t.xyz/jar', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:348:120:WilError_01"\n "SM0:348:120:WilError_01"\n "SM0:348:304:WilStaging_02"\n "Local\\SM0:348:304:WilStaging_02"\n "SM0:7052:120:WilError_01"\n "SM0:7052:304:WilStaging_02"\n "Local\\SM0:7052:120:WilError_01"\n "Local\\SM0:7052:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:120:WilError_01"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-220', u'name': u'Executes batch file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1059', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1059', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Process "msedge.exe" with commandline "--single-argument http://kekw.battleb0t.xyz/jar" (UID: 00000000-00007052)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"64.226.81.43:49750"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kekw.battleb0t.xyz"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007052]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00007052]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007052]\n "Session_13324411891984663" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\manifest.fingerprint]- [targetUID: 00000000-00007052]\n "c920e640-3cd4-4291-b5a7-5ed9af660f2d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp]- [targetUID: 00000000-00007052]\n "8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp]- [targetUID: 00000000-00007052]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007052]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007052]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7052_1944693387\\manifest.json]- [targetUID: 00000000-00007052]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp]- [targetUID: 00000000-00007052]\n "Tabs_13324411893998198" has type "data"- [targetUID: N/A]\n "643a517a-ab51-4a47-a7fa-e8480b929b43.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\643a517a-ab51-4a47-a7fa-e8480b929b43.tmp]- [targetUID: 00000000-00007052]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokenAndKey\\LOG]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://kekw.battleb0t.xyz/jar"\n Pattern match: "Math.PI/180"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://kekw.battleb0t.xyz"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "kekw.battleb0t.xyz/jar"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\shoppingfre.js]- [targetUID: 00000000-00007052]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007052]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007052]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7052_16790919\\adblock_snippet.js]- [targetUID: 00000000-00007052]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\auto_open_controller.js]- [targetUID: 00000000-00007052]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping.js" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007052]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\shopping_iframe_driver.js]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.0
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Noneprettyflyforawifi 5 (Net ID: 00:01:9F:34:7C:4C)34.0544, -118.244
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonekathyncrew (Net ID: 00:05:3C:08:76:43)33.336199,-111.89446440830702
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.214): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:35Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00indahouse.github.io
2023-05-12 03:24:48CountryNoCountry Name Extractor0030NoneUnited States+14806242598
2023-05-12 03:00:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.18): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:53:17Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://dweb.link/ipfs/qmerdaetkpyon7z2jmmdsyxapkznfhrbf42ztgnxgcjtbq', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://portaili.github.io/micrcosoft.github.io', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2744"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_IE_EarlyTabStart_0xc64_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_ConnHashTable<2744>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ab8_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_ab8_IE_EarlyTabStart_0xc64_Mutex"\n "IsoScope_ab8_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "185.199.109.153:443"\n "192.229.173.207:443"\n "104.17.25.14:443"\n "104.18.10.207:443"\n "142.251.46.234:443"\n "104.18.11.207:443"\n "151.101.1.229:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"portaili.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "maxcdn.bootstrapcdn.com"\n "portaili.github.io"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "teredo.ipv6.microsoft.com"\n "www.w3schools.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9_1_.png" has type "PNG image data 108 x 24 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{36b53e8b-eba4-11ed-a4f7-08002766a00c}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df3c90c2a7f75f2b91.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df44c8c92dba11d115.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{36b53e89-eba4-11ed-a4f7-08002766a00c}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df3c90c2a7f75f2b91.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{36b53e8b-eba4-11ed-a4f7-08002766a00c}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df44c8c92dba11d115.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{36b53e89-eba4-11ed-a4f7-08002766a00c}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh Copyright (c) Font AwesomeVersion 769.01171875 (Font Awesome version: 6.1.1)FontAwesome6Free-So"- [targetUID: N/A]\n "micrcosoft.github_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "w3_1_.css" has type "UTF-8 Unicode (with BOM) text"- [targetUID: N/A]\n "popper.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002744]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF2E35B1698EDE394.TMP" has type "data"- Location: [%TEMP%\\~DFF2E35B1698EDE394.TMP]- [targetUID: 00000000-00002744]\n "~DF3C90C2A7F75F2B91.TMP" has type "data"- Location: [%TEMP%\\~DF3C90C2A7F75F2B91.TMP]- [targetUID: 00000000-00002744]\n "~DF44C8C92DBA11D115.TMP" has type "data"- Location: [%TEMP%\\~DF44C8C92DBA11D115.TMP]- [targetUID: 00000000-00002744]\n "~DF4FE4EBD509D90D4A.TMP" has type "data"- Location: [%TEMP%\\~DF4FE4EBD509D90D4A.TMP]- [targetUID: 00000000-00002744]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002744]\n "_36B53E8B-EBA4-11ED-A4F7-08002766A00C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._36B53E89-EBA4-11ED-A4F7-08002766A00C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_3FDD343E-EBA4-11ED-A4F7-08002766A00C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.session.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9_1_.png" has type "PNG image data 108 x 24 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "1ZCAIK0V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1ZCAIK0V.txt]- [targetUID: 00000000-00002744]\n "7X6VIL59.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7X6VIL59.txt]- [targetUID: 00000000-00002744]\n "4QSK8L0L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4QSK8L0L.txt]- [targetUID: 00000000-00002744]\n "W2EMEB4O.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W2EMEB4O.txt]- [targetUID: 00000000-00002744]\n "XSDFEMWJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XSDFEMWJ.txt]- [targetUID: 00000000-00002744]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "micrcosoft.github_2_.htm" has type "HTML document ASCII text with CRLF line 185.199.109.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNet55FA (Net ID: 00:01:36:59:55:F8)37.780462,-122.390564
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneENHLG (Net ID: 00:01:36:5B:37:00)37.780462,-122.390564
2023-05-12 03:08:54Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7034.74.170.74
2023-05-12 02:47:10Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://thewiki.moe/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "185.199.109.133:443"\n "162.159.133.233:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF16C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF19D.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_970_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_970_IESQMMUTEX_0_303"\n "IsoScope_970_ConnHashTable<2416>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_970_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_970_IE_EarlyTabStart_0xde4_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2416"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_970_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2416"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabF18D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF15C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003360]\n "DREGU5ZL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DREGU5ZL.txt]- [targetUID: 00000000-00002416]\n "CST1DE17.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CST1DE17.txt]- [targetUID: 00000000-00002416]\n "_289FBDBF-BAAA-11ED-BDE7-080027EC9596_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "214677895-b5497a9f-b78c-4c26-8ef3-880594c67e7a_1_.png" has type "PNG image data 950 x 530 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "VQLDZC3M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VQLDZC3M.txt]- [targetUID: 00000000-00002416]\n "RLS6I7B1.htm" has type "HTML document ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\RLS6I7B1.htm]- [targetUID: 00000000-00003360]\n "670S4DMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\670S4DMD.txt]- [targetUID: 00000000-00002416]\n "~DF481D1D446E1EA5B6.TMP" has type "data"- Location: [%TEMP%\\~DF481D1D446E1EA5B6.TMP]- [targetUID: 00000000-00002416]\n "_DAE5D358-BAAA-11ED-BDE7-080027EC9596_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "QQF9N5N7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QQF9N5N7.txt]- [targetUID: 00000000-00003360]\n "CabF18D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabF18D.tmp]- [targetUID: 00000000-00003360]\n "widget_1_.png" has type "PNG image data 320 x 76 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "VBEQR8NB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VBEQR8NB.txt]- [targetUID: 00000000-00003360]\n "RecoveryStore._289FBDBD-BAAA-11ED-BDE7-080027EC9596_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "lunr_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "retype_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://thewiki.moe/"\n Pattern match: "https://thewiki.moe"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/js/lunr.js?v=2.4.0.730670946851 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET /resources/js/config.js?v=2.4.0.730670946851 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET /resources/css/retype.css?v=2.4.0.730670946851 HTTP/1.1\nAccept: text/css, */*\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET /resources/js/retype.js?v=2.4.0 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "}vG\nCWirDKlm-Re-@(\n\\y/Xr}\\nkddddDdd?z%{_\n<r=f0[]}_||,zpQ*2AO?COL2-d/IY~>),rI_g_=W%6a`s1{2R"ky2-t0J#"}M_s)=R:U(t`&Y2q|rF0zt]<iY&Vz,?XNS#]pEczz5TM9I$W)@(Ia<`ge(n/\'|nVXnwT)yvKeO\'d)g2+9]e.?eQOT2>WuA=9\nj)\'BDZtm9)cqg&\\2fe"e?}\nPkxdd2$mNz\\w.Ke(P^<KKe\n=KEeV>@<J")m\nkSQxMD/\\NJt.aH"d3NV+rsn.s\nMP<FbQN>2[.NY>2ILK\n*5|ay0m<%JY(A9dfK\\DV\nQXXw|>zz/|)zXvw?\\sAL\'RsEP.FCcU&%=OR2D,}P\'yy\nt@lb`@2}9h/`kNOLq\nXN~o\n 7UEnVf`XYf0@Vdsga$-yG#Ny~X^\n$,gI19&\n<{N3*i\\)-@1P%fn/nA\\bZ2MjABLK#8\\L3\'>p9*fF4f"[Ss[1\n*IQ\n675"#H1AK1M<{]d %DQdM4tg1)*INpD8&2+y\\nS8qlk!0dixv|RKI*\n]}H@oZRE"/U#Bb(FH(_2n:2[\nySOt}(Ke9[$4/r\n]`]$vA\nKpBH\nE.Z?_Qyr0t\n%\'<P3F:lHl9JsRO4$MHA\n@"\nUB`m!}#l!SHYv4"hkI\n2)3w+AM/9c.3`2\nys84bV5H`{ -ezV.3gt{KdPxXORQdt0\n\\(Ci`] l7wE6_T%9]c%v6j<+eQv cVsR\\)A~p_43M0r{W@;WfbN#AAKa>@IAIej-XaT5Lbap6Hv%a9*%Q*f\nc2cVjO@4\nJzT$OP`_|skYMC5JTXB4<L6s=A3A@v\n+g\n4c@=av464PmpV#V@;a"9t/7|<#(0Jj/}L4F\n,_{Qq>1Ybo\'\\bck<\\`yMjV!Hqss5__Q_l52V?|9L\n$q0rV+i"5Md/bv9A"KTkEWJ}H%EWQdOeF&Ac]7bjn\nOHq*(H.0e18mP||*fN)K$.^SviQ\\mc0{Q\'j?\\dR|^O9fXi\'8uq&hQD"#^s_`|+vo&u:d"=a.az_ReXVm4R#RI4rTSueK\\N\neKqH>>G;.Di8,mDQ29EiHA:"5{9HVDDqK6xm*hI\n#I&B_#t_1Ss)h{Z{xRQDaPk^2`7O/vy%VnoHg1~5+mxG\nU]uGLa`XdYD{PydV$eL2[G"|E]DvQ7y.fPp:\ne\nhlNqQEVp=GgQ%~;sR4&Ev$uWm+W&F%6"?`r\n~vwS*F^0owy&v9snM\n4T\n!)uV]"/WeP9vl*[D@+6%#\nw*o Vi,>n5[kcuvvr}udQ 2G42!\nXl9bK\'&x`*Pzgi[j3^f\\NP^OP8dzuJZPfTNbl7 TqqI~CRU0$<P\\W\n5US8\nPx?,/:,c=`igo}oCsH.~o>S9kcv*,7^U9Eo;MA\\\n"ToQJRbDQ/|w|\n)^{A.PU.%X#VAe\nT!wwGWS\nC8"#Ksg77,(Rw9J+R|fV+X~v4muQQ[k\n\'j3Tp5>O_R#UfaHt2^Z\'RdoR\n/\nwg=[+KB#<N"McoktG>l`asGNCDjmtA(^:T5-Qj"H!8inMMNP!mP6_5QSqaXcWH9F<F2Z*4NeE19ts<QG%)h7-;zW-}+Ml*rV\\U<A185.199.111.153
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:01:24:F0:65:67)37.780462,-122.390564
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneJIVE5.02025B0 (Net ID: 00:01:9F:20:25:B4)33.617190550339146,-111.90827887019054
2023-05-12 03:03:23Co-Hosted Site - Domain NameNoDNS Resolver0030Nonedontkillmyapp.com000.dontkillmyapp.com
2023-05-12 02:51:18Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://swetapanda25.github.io/netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_55c_IE_EarlyTabStart_0xfc8_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_55c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_55c_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1372"\n "IsoScope_55c_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "IsoScope_55c_ConnHashTable<1372>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_55c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_55c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_55c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "45.57.90.1:443"\n "104.17.24.14:443"\n "52.217.109.118:443"\n "104.18.23.52:443"\n "156.146.53.12:443"\n "142.250.191.42:443"\n "172.64.101.10:443"\n "142.251.32.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "cdnjs.cloudflare.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "maxst.icons8.com"\n "s3.amazonaws.com"\n "swetapanda25.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"RS-en-20191230-popsignuptwoweeks-perspective_alpha_website_large_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "device-pile_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "mobile_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "netflix-logo_1_.png" has type "PNG image data 800 x 454 8-bit/color RGBA non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RS-en-20191230-popsignuptwoweeks-perspective_alpha_website_large_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "la-solid-900_1_.eot" has type "Embedded OpenType (EOT) la-solid-900 family"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "device-pile_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002944]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mobile_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "la-regular-400_1_.eot" has type "Embedded OpenType (EOT) la-regular-400 family"- [targetUID: N/A]\n "netflix-logo_1_.png" has type "PNG image data 800 x 454 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF4D4C34410C8CB14F.TMP" has type "data"- Location: [%TEMP%\\~DF4D4C34410C8CB14F.TMP]- [targetUID: 00000000-00001372]\n "KFOmCnqEu92Fr1Mu4mxM_1_.woff" has type "Web Open Font Format TrueType length 20344 version 1.1"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001372]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFBF16C55F4A9DB7BF.TMP" has type "data"- Location: [%TEMP%\\~DFBF16C55F4A9DB7BF.TMP]- [targetUID: 00000000-00001372]\n "~DFC0EEDE33BE2CC194.TMP" has type "data"- Location: [%TEMP%\\~DFC0EEDE33BE2CC194.TMP]- [targetUID: 00000000-00001372]\n "~DFBD381075CECC3207.TMP" has type "data"- Location: [%TEMP%\\~DFBD381075CECC3207.TMP]- [targetUID: 00000000-00001372]\n "~DF5B418C84D2916DCF.TMP" has type "data"- Location: [%TEMP%\\~DF5B418C84D2916DCF.TMP]- [targetUID: 00000000-00001372]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "normalize_1_.css" has type "ASCII text"- [targetUID: N/A]\n "urlref_httpsswetapanda25.github.ionetflix" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._F06AC279-EEB8-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_FAB59712-EEB8-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_783E07C8-EEB9-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F06AC27B-EEB8-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "free-v4-font-face.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QATBOYWK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QATBOYWK.txt]- [targetUID: 00000000-00002944]\n "1FJ2HCAV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1FJ2HCAV.txt]- [targetUID: 00000000-00001372]\n "A30Y0SY7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A30Y0SY7.txt]- [targetUID: 00000000-00001372]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002944]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "css_4_.css" has type "ASCII text"- [targetUID: N/A]\n "css_3_.css" has type "ASCII text"- [targetUID: N/A]\n "css_2_.css" has type "ASCII text"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "L1BWWITO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L1BWWITO.txt]- [targetUID: 00000000-00002944]\n "FC0DBXJC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FC0DBXJC.txt]- [targetUID: 00000000-00001372]\n "IPZFT29F.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IPZFT29F.txt]- [targetUID: 00000000-00001372]\n "TMY19XG9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TMY19XG9.txt]- [targetUID: 00000000-00001372]\n "CabCED0.tmp" has type "data"- Location: [%TEMP%\\CabCED0.tmp]- [targetUID: 00000000-00002944]\n "CabCF10.tmp" has type "data"- Location: [%TEMP%\\CabCF10.tmp]- [targetUID: 00000000-00002944]\n "netflix_2_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u185.199.108.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneE3 (Net ID: 00:00:72:20:5B:C1)37.7813933,-122.3918002
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneguventip (Net ID: 00:15:56:68:31:96)40.2024, 29.0398
2023-05-12 03:08:51Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12334.148.97.127
2023-05-12 02:55:11Open TCP PortNoCensys0120None87.248.157.102:330687.248.157.102
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<hidden ssid> (Net ID: 00:01:E3:55:27:34)52.3759, 4.8975
2023-05-12 02:45:53Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 27, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://rufus.ie/es', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:6172:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6172:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:6300:304:WilStaging_02"\n "SM0:6300:120:WilError_01"\n "Local\\SM0:6300:120:WilError_01"\n "HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "SM0:6172:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:6172:120:WilError_01"\n "Local\\SM0:6172:304:WilStaging_02"\n "HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "Local\\SM0:6172:120:WilError_01"\n "HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6172:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6172:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "104.16.87.20:443"\n "142.250.191.66:443"\n "172.217.164.98:443"\n "142.250.189.226:443"\n "142.250.191.65:443"\n "172.217.164.97:443"\n "142.251.46.170:443"\n "172.217.12.99:443"\n "142.250.189.164:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rufus.ie"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ampproject.org"\n "cdn.jsdelivr.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "googleads.g.doubleclick.net"\n "pagead2.googlesyndication.com"\n "pages.github.com"\n "partner.googleadservices.com"\n "rufus.ie"\n "tpc.googlesyndication.com"\n "www.googletagservices.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""paypal.com"," (Indicator: "paypal")\n ""baysidebuddy.com"," (Indicator: "ebuddy.com")\n ""comeherebuddy.com"," (Indicator: "ebuddy.com")\n ""www.facebook.com"," (Indicator: "facebook.com")\n ""linkedin.com"," (Indicator: "linkedin.com")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006172]\n "wallet-pre-stable.json" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15166.0.0\\json\\wallet\\wallet-pre-stable.json]- [targetUID: 00000000-00006172]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6172_291333511\\edge_driver.js]- [targetUID: 00000000-00006172]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6172_1489855770\\Filtering Rules]- [targetUID: 00000000-00006172]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15166.0.0\\wallet.bundle.js]- [targetUID: 00000000-00006172]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006172]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006172]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6172_291333511\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00006172]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6172_291333511\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00006172]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6172_291333511\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00006172]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15166.0.0\\Notification\\notification.bundle.js]- [targetUID: 00000000-00006172]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006172]\n "401133ff-05ec-43b1-ab6f-629b883c0cff.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 10409"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6172_1489855770\\Filtering Rules-AA]- [targetUID: 00000000-00006172]\n "f82bf96b-55aa-4803-b143-b4981d8f9ae9.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 17314"- [targetUID: N/A]'}, {u'category': u'Installatio185.199.111.153
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.172): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.149): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan7_1 (Net ID: 00:02:6F:04:08:D7)37.7642, -122.3993
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c52e4b1988e1e3e-FRA Content-Encoding: gzip 172.67.135.9
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider4020Nonehttps://battleb0t.xyz/main.built.jshttps://battleb0t.xyz/
2023-05-12 02:54:18HTTP HeadersNoWeb Spider6020None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}nwapi.battleb0t.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneCATYLN (Net ID: 00:01:38:86:06:1F)37.7813933,-122.3918002
2023-05-12 02:46:03Physical CoordinatesNoAbstractAPI0030None32.8608, -79.974634.148.97.127
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.234): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:41:28CountryNoCountry Name Extractor0040NoneNetherlandsEygelshoven, Limburg, LI, Netherlands, NL
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:01:24:F2:17:BC)37.7813933,-122.3918002
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneG5 Base (Net ID: 00:02:2D:1B:5B:C9)37.7642, -122.3993
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneProCare-Guest (Net ID: 00:01:21:1C:31:00)37.7813933,-122.3918002
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f60498977c3f0-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"}
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneImageShack (Category: images) https://imageshack.com/user/ayshooayshoo
2023-05-12 03:00:10SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Dec 14 04:12:32 2022 GMT Not After : Mar 14 04:12:31 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a: e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd: d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d: ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11: f7:82:81:c2:c2 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 14 05:12:32.135 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:3B:59:29:35:BE:AB:71:65:F9:96:06:4F: 5B:59:CE:57:24:54:B9:12:04:B5:DF:8A:07:E6:76:0F: 20:03:70:03:02:21:00:B7:78:F0:A2:3F:27:E7:3B:21: C5:33:D6:55:11:C6:40:C1:C5:5B:26:28:AF:CA:56:1E: 26:52:58:CD:58:16:E5 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 05:12:32.070 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:15:09:02:D4:FF:29:7B:0F:E9:E1:19:A4: 68:CC:B6:9A:5B:B7:91:A8:77:5F:34:7E:C8:58:7A:5D: F7:C7:09:DA:02:20:1E:EF:33:8E:F5:7A:6D:A5:37:EA: 0D:F2:52:F7:31:2F:0F:C3:A2:0E:FC:59:37:68:C1:0E: F3:7B:09:D9:73:6E Signature Algorithm: ecdsa-with-SHA384 30:65:02:31:00:c4:f1:3e:03:59:6c:36:cb:84:da:12:51:f5: 76:a2:e4:bc:23:64:76:f4:b2:f0:4c:8f:9b:8b:90:fb:12:ce: 7b:42:97:0a:3a:61:32:82:0b:b0:21:2a:25:06:6a:5f:a9:02: 30:75:43:e3:50:ce:c6:89:24:bf:1b:e6:c4:50:fc:7d:e6:4e: 0c:28:05:6d:f7:e2:b6:59:55:90:02:80:b6:cc:fc:7e:93:a5: f6:0f:4b:2a:01:37:a1:29:5b:b6:a5:1d:89 ayhu.xyz
2023-05-12 03:12:15Affiliate - Domain WhoisNoWhois5060None Domain Name: NETCRAFT.COM Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-12-07T10:43:50Z Creation Date: 1994-10-18T04:00:00Z Registry Expiry Date: 2026-10-17T04:00:00Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: AUTHNS1.NETCRAFT.COM Name Server: AUTHNS2.NETCRAFT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: netcraft.com Registry Domain ID: 509179_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2020-09-21T12:40:37.88Z Creation Date: 1994-10-18T04:00:00.00Z Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com Name Server: authns1.netcraft.com Name Server: authns2.netcraft.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<< For more information on Whois status codes, please visit https://icann.org/eppnetcraft.com
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None55 2nd PMO (Net ID: 00:01:21:10:85:60)37.780462,-122.390564
2023-05-12 03:09:24Vulnerability - CVE MediumYesTool - testssl.sh0130NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.64.226.81.43
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS (Net ID: 00:00:C5:D7:5E:40)41.8781, -87.6298
2023-05-12 03:11:42Vulnerability - CVE LowYesTool - testssl.sh0130NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.panel.battleb0t.xyz
2023-05-12 02:44:20Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.110.153
2023-05-12 03:13:10Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [eliaspinheironeto.github.io] https://www.openphish.com/feed.txteliaspinheironeto.github.io
2023-05-12 03:01:28Web ServerNoTool - WhatWeb0020Nonecloudflarenwapi.battleb0t.xyz
2023-05-12 03:00:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.16): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:00Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.102): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneSteam (Category: gaming) https://steamcommunity.com/id/AltpapierAltpapier
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneTOMTSSID (Net ID: 00:02:2D:76:6D:DF)50.1188, 8.6843
2023-05-12 03:32:13Open TCP PortNoPulsedive0030None188.114.97.7:8080188.114.97.0/24
2023-05-12 02:44:06Domain RegistrarNoWhois0010NoneRegistrar of domain names REG.RU LLCbattleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneWLAN (Net ID: 00:01:24:F1:42:27)52.3759, 4.8975
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneZyXEL (Net ID: 00:02:CF:59:0A:CB)40.2024, 29.0398
2023-05-12 02:54:22Linked URL - InternalNoWeb Spider0030Nonehttp://panel.battleb0t.xyzpanel.battleb0t.xyz
2023-05-12 02:55:15BGP AS MembershipNoCensys0030None14061165.232.113.85
2023-05-12 03:09:32Affiliate - Internet NameNoDNS Resolver2030Nonecdn-185-199-109-154.github.com185.199.109.154
2023-05-12 02:56:13Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://taisukemino.com/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f9c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_f9c_IE_EarlyTabStart_0x8a4_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f9c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f9c_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f9c_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3996"\n "IsoScope_f9c_ConnHashTable<3996>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3996"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "MG8E4216.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MG8E4216.txt]- [targetUID: 00000000-00003996]\n Dropped file: "VJJ3PF5T.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VJJ3PF5T.txt]- [targetUID: 00000000-00003996]\n Dropped file: "QASBMQRN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QASBMQRN.txt]- [targetUID: 00000000-00003996]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab5EAE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab5E5E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_9134BD1A-54BA-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF7760DEF9A5B2935.TMP" has type "data"- Location: [%TEMP%\\~DFF7760DEF9A5B2935.TMP]- [targetUID: 00000000-00003996]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003760]\n "Tar5E5F.tmp" has type "data"- Location: [%TEMP%\\Tar5E5F.tmp]- [targetUID: 00000000-00003760]\n "MG8E4216.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MG8E4216.txt]- [targetUID: 00000000-00003996]\n "VJJ3PF5T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VJJ3PF5T.txt]- [targetUID: 00000000-00003996]\n "Cab5EAE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5EAE.tmp]- [targetUID: 00000000-00003760]\n "_52E741B2-54C5-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFEEA8B6A1075BCD1A.TMP" has type "data"- Location: [%TEMP%\\~DFEEA8B6A1075BCD1A.TMP]- [targetUID: 00000000-00003996]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003996]\n "~DF96245F23D5A1C3EC.TMP" has type "data"- Location: [%TEMP%\\~DF96245F23D5A1C3EC.TMP]- [targetUID: 00000000-00003996]\n "Cab5E5E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5E5E.tmp]- [targetUID: 00000000-00003760]\n "QASBMQRN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QASBMQRN.txt]- [targetUID: 00000000-00003996]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003760]\n "_C5C133BB-54B7-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C5C133B9-54B7-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar5EAF.tmp" has type "data"- Location: [%TEMP%\\Tar5EAF.tmp]- [targetUID: 00000000-00003760]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://taisukemino.com/manifest.webmanifest"\n Pattern match: "https://taisukemino.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: taisukemino.com\nDNT: 1\nConnection: Keep-Alive"'}], u'threat_level': 0, u'size': None, u'job_id': u'635882668f9ad024065477d8', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220'], u'sha256': u'0d95c3235f13121a871148a672ac841f489584937622a18f2c4598bf58d8a241', u'sha512': u'7b9e66afaec29089757a6dd30779609d9cb82d3e634cb556234488c1985c5296e2edf8caef06dc9ff1dfb1f5a5b6f7a7778350afe50c428addea9fe830c9c8a8', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://taisukemino.com/manifest.webmanifest', u'submission_id': u'635882668f9ad024065477d9', u'created_at': u'2022-10-26T00:42:14+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-26T00:42:14+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'4bfaf38bf36192f89460ccb16d879958', u'network_mode': u'default', u'processes': [], u'sha1': u'f05d9deedd1cea4b8f2e921cef46764f981dc12a', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]104.196.30.220
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom460A18 (Net ID: 00:0C:F6:46:0A:18)50.8897, 6.0563
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneakniga (Category: hobby) https://akniga.org/profile/loginlogin
2023-05-12 02:47:23Open TCP PortNoPulsedive0020None185.199.110.153:443185.199.110.153
2023-05-12 03:31:29Affiliate - Email AddressNoE-Mail Address Extractor0050Noneabuse@porkbun.com Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://porkbun.com Updated Date: 2022-09-07T10:53:59Z Creation Date: 2021-09-13T01:07:39Z Registry Expiry Date: 2024-09-13T01:07:39Z Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: 5038508351 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: CURITIBA.NS.PORKBUN.COM Name Server: FORTALEZA.NS.PORKBUN.COM Name Server: MACEIO.NS.PORKBUN.COM Name Server: SALVADOR.NS.PORKBUN.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign's ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. Domain Name: RATHOOK.CC Registry Domain ID: 163793658_DOMAIN_CC-VRSN Registrar WHOIS Server: whois.porkbun.com Registrar URL: http://www.porkbun.com Updated Date: 2022-01-28 17:32:18 Created Date: 2021-09-13 01:07:39 Registrar Registration Expiration Date: 2024-09-13 01:07:39 Registrar: Porkbun LLC Registrar IANA ID: 1861 Registrar Abuse Contact Email: abuse@porkbun.com Registrar Abuse Contact Phone: +1.5038508351 Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Registrant Name: d3f c0n6 Registrant Organization: Boat Rolling Inc Registrant Street: 10 Voie de l&#39;Excelsior Registrant City: Val-de-Reuil Registrant State/Province: Normandy Registrant Postal Code: 27100 Registrant Country: FR Registrant Phone: +33:FR.268605683 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: d3fc0n6@protonmail.com Registry Admin ID: Admin Name: d3f c0n6 Admin Organization: Boat Rolling Inc Admin Street: 10 Voie de l&#39;Excelsior Admin City: Val-de-Reuil Admin State/Province: Normandy Admin Postal Code: 27100 Admin Country: FR Admin Phone: +33:FR.268605683 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: d3fc0n6@protonmail.com Registry Tech ID: Tech Name: d3f c0n6 Tech Organization: Boat Rolling Inc Tech Street: 10 Voie de l&#39;Excelsior Tech City: Val-de-Reuil Tech State/Province: Normandy Tech Postal Code: 27100 Tech Country: FR Tech Phone: +33:FR.268605683 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: d3fc0n6@protonmail.com Name Server: curitiba.ns.porkbun.com Name Server: fortaleza.ns.porkbun.com Name Server: salvador.ns.porkbun.com Name Server: maceio.ns.porkbun.com URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net >>> Last update of WHOIS database: 2022-01-28 17:32:18 <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Porkbun!
2023-05-12 02:45:47Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:46'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8001::153', u'continent': u'North America', u'region_iso_code': u'VA'}2606:50c0:8001::153
2023-05-12 03:03:38Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00xkhaled.github.io
2023-05-12 03:00:51Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.74): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWaveLAN Network (Net ID: 00:02:2D:03:8E:D3)37.780462,-122.390564
2023-05-12 03:31:30Affiliate - Email AddressNoE-Mail Address Extractor0070Noneabuse@godaddy.com Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-09-16T17:34:41Z Creation Date: 2014-07-15T10:59:40Z Registry Expiry Date: 2023-07-15T10:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLIENTIFY.NET Registry Domain ID: 1866957767_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-07-16T08:59:21Z Creation Date: 2014-07-15T05:59:40Z Registrar Registration Expiration Date: 2023-07-15T05:59:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET Name Server: JANET.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:53:17IPv6 AddressNoMnemonic PassiveDNS0010None2606:4700:3031::6815:6a6ayhu.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMIFI-LIBERATE-EPQS (Net ID: 00:15:FF:31:01:09)32.8608, -79.9746
2023-05-12 02:45:51Physical LocationNoMetaDefender0020NoneAmsterdam, Netherlands104.21.6.166
2023-05-12 03:00:30Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 02:57:10Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://mitsubachi-rock.jp/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar232D.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar231B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1828"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_IE_EarlyTabStart_0x730_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_ConnHashTable<1828>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_724_IESQMMUTEX_0_331"\n "IsoScope_724_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab232C.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab22FB.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001828]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001852]\n "manifest_1_.webmanifest" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00001828]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00001828]\n "~DF740E7EA0EA911E26.TMP" has type "data"- Location: [%TEMP%\\~DF740E7EA0EA911E26.TMP]- [targetUID: 00000000-00001828]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "Cab232C.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab232C.tmp]- [targetUID: 00000000-00001852]\n "Tar232D.tmp" has type "data"- Location: [%TEMP%\\Tar232D.tmp]- [targetUID: 00000000-00001852]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001828]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001852]\n "_27D3CBB5-3D28-11ED-9C6D-080027EE4932_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001828]\n "~DF98AE628D3F4F6A8F.TMP" has type "data"- Location: [%TEMP%\\~DF98AE628D3F4F6A8F.TMP]- [targetUID: 00000000-00001828]\n "RecoveryStore._27D3CBB3-3D28-11ED-9C6D-080027EE4932_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar231B.tmp" has type "data"- Location: [%TEMP%\\Tar231B.tmp]- [targetUID: 00000000-00001852]\n "Cab22FB.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab22FB.tmp]- [targetUID: 00000000-00001852]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://mitsubachi-rock.jp/manifest.webmanifest"\n Pattern match: "https://mitsubachi-rock.jp"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: mitsubachi-rock.jp\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 839\nContent-Type: application/octet-stream\nDate: Mon, 26 Sep 2022 01:06:39 GMT\nEtag: "c87b94801c6d7a06efef69815bc78efd-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GDVN9WVW2HFGRY4AJ7M5VFAN\n\n{"icons":[{"src":"icons/icon-48x48.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"48x48","type":"image/png"},{"src":"icons/icon-72x72.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"72x72","type":"image/png"},{"src":"icons/icon-96x96.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"96x96","type":"image/png"},{"src":"icons/icon-144x144.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"144x144","type":"image/png"},{"src":"icons/icon-192x192.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"192x192","type":"image/png"},{"src":"icons/icon-256x256.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"256x256","type":"image/png"},{"src":"icons/icon-384x384.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"384x384","type":"image/png"},{"src":"icons/icon-512x512.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"512x512","type":"im"- [Source: SSL_35.229.48.116]\n, "age/png"}]}"- [Source: SSL_35.229.48.116]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: mitsubachi-rock.jp\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 404 Not Found\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Type: text/html; charset=utf-8\nDate: Mon, 26 Sep 2022 01:06:43 GMT\nEtag: 1661701345-ssl-df\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GDVNA0P9KMD0S1Q7EQGMB3QG\nTransfer-Encoding: chunked"- [Source: SSL_35.229.48.116]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: http://www.ootboxnft.com/ (AV positives: 1/88 scanned on 09/26/2022 00:39:30)\n URL: https://zesty-sopapillas-a24dfd.netlify.app/ (AV positives: 9/89 scanned on 09/26/2022 00:28:02)\n URL: http://illustrious35.229.48.116
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:207787.248.157.102
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020NoneTrello (Category: social) https://trello.com/patrickpogodapatrickpogoda
2023-05-12 03:31:30Affiliate - Email AddressNoE-Mail Address Extractor0070Nonea922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.comDomain Name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2022-06-08T05:38:27Z Creation Date: 2022-06-03T05:37:56Z Registry Expiry Date: 2026-06-03T05:37:56Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-06-03T05:37:56.70Z Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:09:18Vulnerability - GeneralYesTool - Retire.js0040NoneBootstrap before 4.0.0 is end-of-life and no longer maintained. Severity: low Info: https://github.com/twbs/bootstrap/issues/20631https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.8034.74.170.74
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonezoom (Net ID: 00:01:38:44:83:6D)34.0544, -118.244
2023-05-12 02:54:07Open TCP PortNoCensys0020None2606:4700:3031::ac43:8709:4432606:4700:3031::ac43:8709
2023-05-12 02:45:44Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:43'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8002::153', u'continent': u'North America', u'region_iso_code': u'VA'}2606:50c0:8002::153
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneRevolut (Category: finance) https://revolut.me/ayhuayhu
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:06:1C:1A)52.3759, 4.8975
2023-05-12 03:00:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.58): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonespeedrun (Category: gaming) https://www.speedrun.com/user/login/login
2023-05-12 03:03:41Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io010pixel.github.io
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Nonescoop.sh185.199.109.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneElijah Sadee (Net ID: 00:1D:D3:6D:1D:D0)32.8608, -79.9746
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneZiggo1 (Net ID: 00:02:6F:D8:57:09)50.8897, 6.0563
2023-05-12 03:33:38Raw File Meta DataNoBinary String Extractor0040None cHRM IDATx 9RD@R 6_:f Q3ot<@ :_w$`i 8vw8uLk iZpj bI@kd IDAT> !H?RZ Rz`8< e RmZ !heNN ZZ@"U P>HZD xq5E H!wqlM qkR` Z9wq-'C ghdf9egC O' :F` Q16Oh. i$sb$ iJpj0 Ir``: @OIFR "U04wI0 >/w`E jp8YJ jvvm:Z1 !lwc4i https://pics.battleb0t.xyz/images/favicon.png
2023-05-12 02:54:13HTTP Status CodeNoWeb Spider0030None200https://battleb0t.xyz/main.built.js
2023-05-12 02:45:58Raw Data from RIRsNoAbstractAPI0030None{u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean', u'organization_name': u'DigitalOcean, LLC', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'04:45:57'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'64.226.81.43', u'continent': u'Europe', u'region_iso_code': u'HE'}64.226.81.43
2023-05-12 02:46:49SSL Certificate - Issued byNoSSL Certificate Analyzer0030NoneC=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1104.196.30.220
2023-05-12 02:44:20Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.110.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None1620 Guest (Net ID: 00:01:21:30:37:50)52.3759, 4.8975
2023-05-12 03:41:52Physical LocationNoCensys0030NoneFrankfurt am Main, Hesse, 60306, Germany, Europe45.131.109.53
2023-05-12 03:00:55Co-Hosted SiteNoHackerTarget3020None00ffcc.cn185.199.111.153
2023-05-12 02:44:28Affiliate - Domain NameNoDNS Resolver0030Nonenetlify.appfrabjous-lebkuchen-324004.netlify.app
2023-05-12 02:54:44BGP AS MembershipNoCensys0030None39698235.229.48.116
2023-05-12 02:55:34Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://bouncefitness.precisiongroup.com.au/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_344_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_344_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_344_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_344_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_344_IE_EarlyTabStart_0xbac_Mutex"\n "IsoScope_344_ConnHashTable<836>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.166:80"\n "104.21.6.166:443"\n "142.250.189.202:443"\n "172.217.12.104:443"\n "172.217.164.99:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2016 Twitter, Inc." (Indicator: "twitter")\n "<a class="elementor-icon elementor-social-icon elementor-social-icon-twitter elementor-repeater-item-37c2364" target="_blank">" (Indicator: "twitter")\n "<i class="fab fa-twitter"></i></a>" (Indicator: "twitter")\n "<noscript><style id="rocket-lazyload-nojs-css">.rll-youtube-player, [data-lazy-src]{display:none !important;}</style></noscript>" (Indicator: "youtube")\n "<span class="elementor-screen-only">Twitter</span>" (Indicator: "twitter")\n "function Ey(a,b){var c=this;return b}Ey.O="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Fy=["www.youtube.com","www.youtube-nocookie.com"],Gy,Hy=!1;" (Indicator: "youtube")\n "function Ry(a,b){var c=this;return b}Ry.O="internal.enableAutoEventOnYouTubeActivity";var Sy;function Ty(a){var b=!1;return b}Ty.O="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},Q(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Qh.ka+"&cx=c";cs()&&(f+="&sign="+Qh.ue);var g=fi||hi?bs(b,f):void 0;g||(g=Po("https://","http://",Qh.Jd+f));Rl().destination[a]={state:1,context:c};mc(g)}};function ds(){if(vl()){return!0}return!1};var gs=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),hs={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},is={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20544 version 1.1"- [targetUID: N/A]\n "~DFAE12B4DD5D9EF57E.TMP" has type "data"- Location: [%TEMP%\\~DFAE12B4DD5D9EF57E.TMP]- [targetUID: 00000000-00000836]\n "lazyload.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "548YBEKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\548YBEKT.txt]- [targetUID: 00000000-00002848]\n "solid.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "P8ST09HS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P8ST09HS.txt]- [targetUID: 00000000-00000836]\n "style.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "preloaded-elements-handlers.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "webpack.runtime.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "frontend-modules.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_17DA973C-BEDC-11ED-8783-080027090D53_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "animations.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "waypoints.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "post-1477_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "wp-polyfill.min_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "bounce_logo_2_.png" has type "PNG image data 264 x 130 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "swiper.min_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "flexslider_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\ufffd\ufffd3>q\ufffd\ufffd[>\ufffd\ufffdd\ufffd*CgY\ufffdI\u043b\ufffd\xb9*\ufffdS\ufffdS\ufffd=\ufffd:\ufffdw\ufffdb/~\ufffd\ufffd\ufffd\ufffd?<<\ufffd{\ufffdT \ufffd\ufffdM\ufffdZ0\ufffd\ufffd\ufffdF\ufffd,\ufffdU\ufffd]\ufffd\ufffdtll\ufffdM\ufffd\ufffd[\ufffd\ufffd\u06be\ufffd\ufffd\ufffddz\ufffd\ufffd;\ufffd7\ufffd\ufffdN\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffdn#\ufffd\ufffdN>@)mN\ufffd?>\ufffd\ufffd\ufffd\u0785R\ufffd\ufffd`\uac7e\ufffdQ\ufffd$z/\ufffd2\ufffd\ufffdx\ufffdM\ufffdG\ufffdk\ufffdf6Ip\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdg\ufffd\ufffdnX4d\ufffd\ufffd\ufffde.0.\ufffd\ufffd\ufffd!/\ufffd\ufffd\ufffd\ufffd^\ufffd=z\ufffd5\ufffd\ufffd\ufffd\ufffd\'\ufffdhCh\ufffd7\ufffd\u0290\ufffd\ufffd\ufffd\ufffdj\ufffd:\u0760\ufffd\u059eUP?\ufffd\ufffdU\ufffdH+h\ueb420\ufffd\ufffd\ufffd\ufffd\ufffd[\ufffdh\ufffd3D\ufffd\ufffd*\ufffdS\ufffdzWAD7!\ufffd>\ufffdd\ufffdBhm\ufffd{fK\ufffdz\ufffd\ufffd"\n Pattern match: "T.HZ/1\ufffd\ufffd\ufffd\ufffd\ufffdb\u02ca\ufffd1"\n Pattern match: "https://twitter.com/intent/tweet?text={text"\n Pattern match: "https://+a+.google-analytics.com/g/collect},IA=function(){var"\n Pattern match: "http://www.w3.org/2000/svg,svg"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://getbootstrap.com"\n Pattern match: "https://fontawesome.com"\n Pattern match: "http://api.jqueryui.com/position/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://jqueryui.com"\n Pattern match: "http://swiperjs.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://jqueryui.com*"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css"\n Pattern match: "https://wp-rocket.me"\n Pattern match: "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%20Slab%3A100%2C100italic%2C200%2C200it"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/my-account/"\n Pattern match: "http://www.w3.org/2000/svg\'%20view104.21.6.166
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None089070 (Net ID: 00:02:2D:08:90:70)37.780462,-122.390564
2023-05-12 03:33:40Raw File Meta DataNoBinary String Extractor0040NoneIDATx _Z19l ?_ILPJ C $/@ 0\Mjf! /VppGp ChPwap fzcoAC P6s>W 4q:P? _6Wp@ T'V51 >Lv t0 qDXT<?95 @pjrR _ij>g rd-2mp :!xn2@ V4vbR isgWO fROLL 3coz: m"cccM 4Xnju KWnk. 4 x"i W3KJe: 886jm "yuV @B UcsPm C8unz TjZ\\ 7I018 h>4vW iEBYs `jclr B2sj$ \evww-R ' :PGJ h-G>d Nuvra <z6mj3 zK/g_ DL$p' ` 24` lBoyyy ni6N_ j >fw CKMzvy LjsoM /kuuQ? qdjrg7 wwwtx issIG _Mf !z ?wKQ/ R RP" H`4<j /qdP9$ ZN\D@ nsn6L LMihx mIhtb\ <A>Qm 6<7.Hm V3.j$` WC@@\ t:10fW lfLFY >t<F:Si ctr4z 1w5\A Wcll2- SvSif l4es`t$' 6yxj: c\s.O @'-mG .9397 4enn6wj "`Jpi': gcqu3 xjq9f 7`N.8 2HuNNJn kWcU OEj'`r 5<k@Q: _-3"X B'PtqJ l$eUY Sqf_8M v:1?2 emm--A@h"Ew \K0vw f3U4eH IDATX Y>W'P W \@46 nZ3JKhttps://pics.battleb0t.xyz/images/ein_1.png
2023-05-12 02:53:15IPv6 AddressNoMnemonic PassiveDNS0010None2606:4700:3037::6815:470ebattleb0t.xyz
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor5020None+14806242505Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX5515724F5 (Net ID: 00:01:E3:57:24:F5)52.3759, 4.8975
2023-05-12 02:46:25SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:04 2022 GMT Not After : Feb 15 09:44:03 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77: 53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b: 73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62: 24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2: 03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36: 58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85: 49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48: 2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84: 3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52: e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6: 40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33: d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc: e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc: 3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4: 81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39: 5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43: e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa: 77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b: 0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb: ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf: a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f: 41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b: 1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9: 9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd: d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac: 58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32: bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8: 3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48: 40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28: 19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e: a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3: 69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af: f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65: 82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16: 21:a3:69 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:05.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:6A:5D:4C:DD:33:BA:F4:6D:06:CD:62:8E: 62:A6:29:12:73:7E:C4:39:CD:7D:CB:4D:69:0D:6B:E6: 45:D1:49:BA:02:20:62:DC:B1:D6:60:8B:66:25:C3:6B: 92:41:2D:6B:D9:09:69:75:B3:D8:0A:B3:0D:7C:54:94: 66:20:F5:CC:6B:CE Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 10:44:05.107 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:83:1E:C1:82:64:68:53:D0:B4:02:DB: 57:9B:B5:22:1E:9E:35:DC:46:F1:4F:28:01:0D:8C:E2: 45:59:C5:A9:E3:02:21:00:96:C6:99:D6:12:DF:9E:19: D7:CD:44:66:3D:89:58:9B:65:51:7C:84:99:4A:C9:3C: 8B:FE:37:A8:47:DE:C3:56 Signature Algorithm: sha256WithRSAEncryption 41:96:b5:7d:95:d4:ae:2d:a9:b4:a2:a9:03:e1:6c:2c:ea:0b: 12:67:47:89:ea:84:af:bc:58:df:6e:9e:7a:17:58:2c:fc:ee: 11:c4:75:03:fe:d2:23:80:47:ef:3d:f5:e5:85:f3:73:e7:e9: a1:39:06:c3:b0:7b:8d:b5:5d:d0:86:03:d3:f0:e2:af:ce:56: 94:97:70:df:5f:13:c2:f2:0c:0e:3f:44:5f:9e:08:77:8b:e6: 63:50:70:6c:63:3d:92:b8:47:22:c8:bb:cb:d9:49:34:87:f7: e2:00:f1:f4:7c:31:9b:cf:cf:90:32:54:5b:7a:ef:36:94:28: 65:2b:6e:da:99:67:84:fc:a6:85:ec:a5:21:86:4c:1e:b9:bf: c1:78:0c:7d:6f:7b:a9:50:f0:ef:72:58:32:06:0c:16:de:59: 67:a5:1c:78:dd:a6:2d:3d:28:7f:42:c7:3b:53:0e:90:8f:81: 59:03:3d:d2:aa:47:fb:09:53:87:e3:c8:82:e2:86:64:89:77: d1:60:50:5c:4a:fa:5f:c3:d3:98:9d:1d:83:27:60:ff:97:a3: 81:ce:78:29:a2:b7:68:63:8d:a5:42:50:56:9e:a6:9b:1c:0b: e6:30:3b:4d:cb:fe:88:86:0f:0c:9c:8b:ca:5a:30:20:2e:22: ad:5a:67:9d battleb0t.xyz
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None000000jihyun.github.io185.199.111.153
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneFRBEACH (Net ID: 00:02:2D:8A:07:06)34.0544, -118.244
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNetCBD2 (Net ID: 00:01:36:59:CB:D0)37.7813933,-122.3918002
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonechampionat (Category: news) https://www.championat.com/user/login/login
2023-05-12 02:45:11Physical LocationNoipapi.co0020NoneToronto, Ontario, ON, Canada, CA172.67.135.9
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider4030Nonehttps://pics.battleb0t.xyz/gallery.csshttps://pics.battleb0t.xyz/
2023-05-12 02:55:28Linked URL - InternalNoURLScan.io0020Nonehttps://kekw.battleb0t.xyz/jarkekw.battleb0t.xyz
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneayha.xyzayhu.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneEWireless (Net ID: 00:06:25:B0:C4:C9)39.0469, -77.4903
2023-05-12 02:54:54Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'ransomware'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 15, u'threat_score': 97, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-806670.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1572:120:WilError_01"\n "Local\\SM0:1572:120:WilError_01"\n "Local\\SM0:1572:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:1572:304:WilStaging_02"\n "SM0:1572:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1572:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1572:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1572:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:49742"\n "104.17.25.14:49744"\n "185.199.109.153:49746"\n "13.227.74.44:49747"\n "149.154.167.220:49748"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "cdnjs.cloudflare.com"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "aggiedashhelp@ucdavis.edu"\n Pattern match: "rrf@0.53"\n Pattern match: "rf@0.53"\n Pattern match: "rrf@0.11"\n Pattern match: "rf@0.11"\n Pattern match: "rrf@0.99"\n Pattern match: "rf@0.99"\n Pattern match: "rrf@0.78"\n Pattern match: "rf@0.78"\n Pattern match: "rrf@0.26"\n Pattern match: "rf@0.26"\n Pattern match: "rrf@0.25"\n Pattern match: "rf@0.25"\n Pattern match: "rrf@0.13"\n Pattern match: "rf@0.13"\n Pattern match: "rrf@0.17"\n Pattern match: "rf@0.17"\n Pattern match: "rrf@0.66"\n Pattern match: "rf@0.66"\n Pattern match: "rrf@0.36"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"facebook.com" (Indicator: "facebook.com")\n "netflix.com" (Indicator: "netflix.com")\n "youtube.com" (Indicator: "youtube")\n "twitter.com" (Indicator: "twitter")\n "www.netflix.com" (Indicator: "netflix.com")\n "www.facebook.com" (Indicator: "facebook.com")\n "You can add Flipgrid and YouTube videos to PDFs as comments.We would love to hear any enhancements you would like to see in this feature. Please use the send feedback option or tweet with #EdgeEdu #EdgeCamera)PresentComment SavedComment DeletedThis file is password protected. Please enter a password to open the file.Enter a passwordCheck your passwordWe can\'t open this fileSign in to open this fileThis is a protected file. Sign in with your work or school account to open it.Need permissionsContact the owner of the file to give you permissions.Switch to a work or school accountThis file is protected. To open it, go to Settings and more" (Indicator: "youtube")\n "px.ads.linkedin.com" (Indicator: "linkedin.com")\n "ds.linkedin.com" (Indicator: "linkedin.com")\n "https://px.ads.linkedin.com:443,*" (Indicator: "linkedin.com")\n "settings.force_youtube_restrict" (Indicator: "youtube")\n "YouTube-Restrict" (Indicator: "youtube")\n "https://*.facebook.com/*" (Indicator: "facebook.com")\n "(.*\\/\\/.*linkedin.com\\/jobs\\/view\\/.*|.*\\/\\/.*linkedin.com\\/jobs\\/collections\\/.*currentjobid=.*|.*\\/\\/.*snagajob.com\\/jobs.*|.*\\/\\/.*careerbuilder.com\\/job\\/.*|.*\\/\\/.*monster.com\\/job-openings\\/*.*|.*\\/\\/.*ziprecruiter.com\\/c\\/.+?\\/Job\\/.*)" (Indicator: "linkedin.com")\n ".youtube.com" (Indicator: "youtube")\n "=facebook.com" (Indicator: "facebook.com")\n "ads-twitter.com/" (Indicator: "twitter")\n "twittercounter.com/" (Indicator: "twitter")\n "youtube.com/" (Indicator: "youtube")\n "twitter.jp/" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-146', u'name': u'Found named pipe like strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1570', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1570', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string - CHROME_CRASHPAD_PIPE_NAME=\\\\.\\pipe\\LOCAL\\crashpad_1572_AZVWUJPMBOHDUOUN\n Found string - \\\\.\\pipe\\LOCAL\\crashpad_1572_AZVWUJPMBOHDUOUN\n Found string - \\\\.\\pipe\\%ls\\%ls\n Found string - \\\\.\\pipe\\LOCAL\\crashpad_%lu_\n Found string - \\Dev\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Applicati\\\\.\\pipe\\LOCAL\\chrome.sync.\n Found string - \\\\.\\pipe\\LOCAL\\edge.sync.\n Found string - \\\\.\\pipe\\LOCAL\\chrome.sync.\n Found string - \\\\\\\\.\\pipe\\LOCAL\\edge.sync.\n Found string - \\\\.\\pipe\\\\??\\pipe\\chrome.\n Found string - \\\\.\\pipe\\LOCA\\??\\pipe\\edge.\n Found string - \\\\\\\\.\\pipe\\\\??\\pipe\\chrome.\n Found string - \\Dev\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\\\.\\pipe\\LOCAL\\edge.sync.\n Found string - \\Dev\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\\\.\\pipe\\\\??\\pipe\\chrome.'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-154', u'name': u'Found suspicious keywords in script (string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed keyword:"WinHTTP" [Source: 00000000-00001572.00000000.75966.ADE46000.00000002.mdmp\n 00000000-00001572.00000001.77885.ADE46000.00000002.mdmp\n 00000000-00001572.00000002.79803.ADE46000.00000002.mdmp]'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"kyc.icicibank.com" (Source: 00000000-00001572.00000000.75966.0031C000.00000004.mdmp, 00000000-00001572.00000001.77885.01194000.00000004.mdmp, 00000000-00001572.00000001.77885.01270000.00000004.mdmp, 00000000-00001572.00000002.79803.01194000.00000004.mdmp, 00000000-00001572.00000002.79803.01270000.00000004.mdmp, Indicator: "icicibank.com")\n "buy.icicibank.com" (Source: 00000000-00001572.00000000.75966.0031C000.00000004.mdmp, 00000000-00001572.00000001.77885.01194000.00000004.mdmp, 00000000-00001572.00000001.77885.01270000.00000004.mdmp, 00000000-00001572.00000002.79803.01194000.00000004.mdmp, 00000000-00001572.00000002.79803.01270000.00000004.mdmp, Indicator: "icicibank.com")\n "bmo.com" (Source: 00000000-00001572.00000000.75966.0031C000.00000004.mdmp, 00000000-00001572.00000001.77885.01194000.00000004.mdmp, 00000000-00001572.00000001.77885.01270000.00000004.mdmp, 00000000-00001572.00000002.79803.01194000.00000004.mdmp, 00000000-00001572.00000002.79803.01270000.00000004.mdmp, Indicator: "bmo.com")\n "genesishealthclubs.com/" (Source: 00000000-00001572.00000001.77885.0031C000.00000004.mdmp, 00000000-00001572.00000002.79803.0031C000.00000004.mdmp, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00001572]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1572_1550619549\\product_page.js]- [targetUID: 00000000-00001572]\n "2280391a-a00b-4307-9daf-4a0cf2eff0a0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00001572]\n "edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\\1572_918905705\\edge_autofill_global_block_list.json]- [targetUID: 00000000-00001572]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00001572]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\1572_677600543\\_metadata\\verified_contents.json]- [targetUID: 00000000-00001572]\n "75f02fdd-22ef-4746-8063-dfec8b5ab9ea.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\75f02fdd-22ef-4746-8063-dfec8b5ab9ea.tmp]- [targetUID: 00000000-00001572]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID185.199.109.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonecf-ray: 7c5f60363a5a178c-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:09:41Affiliate - Internet NameNoDNS Resolver0040None122.48.229.35.bc.googleusercontent.com35.229.48.122
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.167): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:16HTTP HeadersNoWeb Spider6040None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"}https://oldfluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 03:32:21Open TCP PortNoPulsedive0030None188.114.97.11:80188.114.97.0/24
2023-05-12 02:58:08Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.148.97.127'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.rstudio.com/products/rstudio/download', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC7EB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC84B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "8.253.153.249:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_330_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_330_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_330_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_330_IE_EarlyTabStart_0xd98_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabC84A.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "CabC7DB.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002536]\n "ELPH40UT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ELPH40UT.txt]- [targetUID: 00000000-00002536]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "RecoveryStore._AEA96325-292B-11ED-8B93-0800279B5FAD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "3P2LE1FN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3P2LE1FN.txt]- [targetUID: 00000000-00000816]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000816]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002536]\n "E6734D742F7EACE89FEB45D5D714A843" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E6734D742F7EACE89FEB45D5D714A843]- [targetUID: 00000000-00002536]\n "CabC84A.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\CabC84A.tmp]- [targetUID: 00000000-00002536]\n "TarC7EB.tmp" has type "data"- Location: [%TEMP%\\TarC7EB.tmp]- [targetUID: 00000000-00002536]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00000816]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00000816]\n "~DF67AFBECAEE98A9BA.TMP" has type "data"- Location: [%TEMP%\\~DF67AFBECAEE98A9BA.TMP]- [targetUID: 00000000-00000816]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /products/rstudio/download HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.rstudio.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_34.148.97.127]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.rstudio.com/products/rstudio/download"- [Source: Input]\n Pattern match: "https://www.rstudio.com"- [Source: Input]\n Pattern match: "www.rstudio.com"- [Source: SSL_34.148.97.127]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: http://www.wargaming-event-system.com/ (AV positives: 1/88 scanned on 08/31/2022 14:16:32)\n URL: https://fluffy-peony-156fca.netlify.app/ (AV positives: 13/88 scanned on 08/31/2022 13:50:42)\n URL: http://zingy-moonbeam-281a55.netlify.app/ (AV positives: 11/88 scanned on 08/31/2022 13:38:03)\n URL: https://www.toprankedtechgadgetsnow.com/p/fl?affid=8929&provider=Affiliati&click_id=1912bde62d05461889c7b8d0d3a539da&c1=&c2=509263335&c3=Tacticallife081622&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/31/2022 13:27:46)\n URL: https://www.toprankedtechgadgetsnow.com/p/fl?affid=8929&provider=Affiliati&click_id=eac1dfb1dfac4350bf36d716be9b3df5&c1=&c2=509246856&c3=083122pwcnoncertified1am&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/31/2022 12:28:15)\n File SHA256: 0ed0e7d46b909b95a698b16cb862be6bea2beba587651f89726e8560f6a9f118 (AV positives: 12/75 scanned on 08/24/2022 23:22:15)\n File SHA256: 1ccdbc5ab117d40f615d00693ee5ef1e7e7c29183c0fea04434bef5bfa80ca14 (AV positives: 7/75 scanned on 08/24/2022 22:55:22)\n File SHA256: 84a36305469deac7a84dd3b013c26cba43e01ea2ada5687ffc9ee5382ff3ddb6 (AV positives: 21/74 scanned on 08/22/2022 16:02:09)\n File SHA256: ed519561b155ef7b685ef981c466638407317d9d8eb0f5236a3a48f0575f6545 (AV positives: 27/75 scanned on 08/16/2022 18:17:19)\n File SHA256: 524180810d0b9764e5ef3923a8eb34b2ed8ca1923244be37e94ca57d889ede9b (AV positives: 56/75 scanned on 08/12/2022 02:05:05)'}], u'threat_level': 0, u'size': None, u'job_id': u'630f750e6c7fb81d162985b2', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.148.97.127', u'8.253.134.148.97.127
2023-05-12 03:17:37Similar Domain - WhoisNoWhois2020NoneDomain Name: ASHU.XYZ Registry Domain ID: D279374777-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2023-03-28T08:17:54.0Z Creation Date: 2022-03-03T09:34:10.0Z Registry Expiry Date: 2024-03-03T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant State/Province: Capital Region Registrant Country: IS Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: GRACE.NS.CLOUDFLARE.COM Name Server: LOGAN.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: ashu.xyz Registry Domain ID: D279374777-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-02-22T23:31:01.00Z Creation Date: 2022-03-03T09:34:10.00Z Registrar Registration Expiration Date: 2024-03-03T23:59:59.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Name Server: grace.ns.cloudflare.com Name Server: logan.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:17:37.40Z <<< For more information on Whois status codes, please visit https://icann.org/eppashu.xyz
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:00:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.60): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:32:23Open TCP PortNoPulsedive0030None188.114.97.12:8080188.114.97.0/24
2023-05-12 03:32:29Open TCP PortNoPulsedive0030None188.114.97.15:8080188.114.97.0/24
2023-05-12 02:54:54Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c552e7289ff8729-ORD Content-Encoding: gzip 2a06:98c1:3121::1
2023-05-12 03:21:08Account on External SiteNoAccount Finder0020NoneInstagram (Category: social) https://instagram.com/dawidsulejdawidsulej
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00ty.github.io] https://www.openphish.com/feed.txt00ty.github.io
2023-05-12 02:44:13Co-Hosted SiteNoSSL Certificate Analyzer0120Nonegithub.comwww.battleb0t.xyz
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None4170004919 (Net ID: 00:0B:6B:20:D9:EC)39.0469, -77.4903
2023-05-12 03:09:51Affiliate - Internet NameNoDNS Resolver1030Nonedgn.keyubu.com87.248.157.92
2023-05-12 02:54:15HTTP HeadersNoWeb Spider8020None{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}www.battleb0t.xyz
2023-05-12 02:44:15Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.111.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None2WIRE070 (Net ID: 98:2C:BE:4F:F5:49)37.751, -97.822
2023-05-12 03:09:36Affiliate - Internet NameNoDNS Resolver0040None218.30.196.104.bc.googleusercontent.com104.196.30.218
2023-05-12 03:09:43Affiliate - Internet NameNoDNS Resolver0040None124.97.148.34.bc.googleusercontent.com34.148.97.124
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.134): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneDisqus (Category: social) https://disqus.com/by/login/login
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-F8E2 (Net ID: 00:1D:D6:B4:F8:E0)32.8608, -79.9746
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:EB:09:56)41.8781, -87.6298
2023-05-12 02:54:13HTTP Status CodeNoWeb Spider0040None403https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs
2023-05-12 02:54:23Netblock IPv6 MembershipNoCensys0040None2600:1f18:2000::/352600:1f18:2489:8201::c8
2023-05-12 02:54:25Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 28, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://lu.ma/y9yw6eqo', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:120:WilError_01"\n "Local\\SM0:8012:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:8012:120:WilError_01"\n "SM0:8012:120:WilError_01"\n "SM0:7888:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.66.43.101:443"\n "104.16.56.101:443"\n "142.250.188.8:443"\n "34.120.195.249:443"\n "54.203.115.111:443"\n "142.250.191.74:443"\n "151.101.0.176:443"\n "142.250.191.78:443"\n "172.217.164.99:443"\n "142.250.101.156:443"\n "108.139.1.127:443"\n "108.139.1.104:443"\n "52.23.144.23:443"\n "35.174.127.31:443"\n "34.209.51.54:443"\n "44.228.114.110:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.lu.ma"\n "cdn.lu.ma"\n "lu.ma"\n "nexus-websocket-a.intercom.io"\n "o370968.ingest.sentry.io"\n "static.cloudflareinsights.com"\n "vitals.vercel-insights.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- [targetUID: N/A]\n "f_00024d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 6400x3200 components 3"- [targetUID: N/A]\n "5f16b7f9d1607ad6_0" has type "data"- [targetUID: N/A]\n "989898b72cc58f9e_0" has type "data"- [targetUID: N/A]\n "23a55676-8174-4a5e-89fc-143bd604c96f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00007888]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5e9a6eefc2fa1f8f_0" has type "data"- [targetUID: N/A]\n "f_00023e" has type "data"- [targetUID: N/A]\n "cc4ad257c5413c5b_0" has type "data"- [targetUID: N/A]\n "c4595e73-7693-4c82-9c12-a950739b1d75.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "83213497a6b2b947_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\83213497a6b2b947_0]- [targetUID: 00000000-00007888]\n "d646c3a66fcaef39_0" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "d96dbad775832460_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "data"- [targetUID: N/A]\n "9d4d031f25631c01_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007580]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir7888_284643122\\Ruleset Data]- [targetUID: 00000000-00007888]\n "4a0cb44c6cfe27cf_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4a0cb44c6cfe27cf_0]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://lu.ma/y9yw6eqo"\n Heuristic match: "api.lu.ma"\n Heuristic match: "cdn.lu.ma"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://lu.ma"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "lu.ma"\n Heuristic match: "nexus-websocket-a.intercom.io"\n Heuristic match: "o370968.ingest.sentry.io"\n Heuristic match: "static.cloudflareinsights.com"\n Heuristic match: "vitals.vercel-insights.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "lu.ma/y9yw6eqo"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.188.8"\n "UDP connection to 142.250.191.78"\n "UDP connection to 108.139.1.104"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7888_266005712\\adblock_snippet.js]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.44"\n Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.44\\LICENSE"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.241.73"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="&#x2a;",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/86 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'641c61a4603a681d33001968', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspiciou185.199.109.153
2023-05-12 03:03:40Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01010101coder.github.io
2023-05-12 02:53:56Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T02:29:53.974Z", "ip": "2606:50c0:8001::153", "location_updated_at": "2023-05-09T09:29:28.098368Z", "autonomous_system_updated_at": "2023-05-09T09:29:28.098483Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"sweden.trans.healthcare": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:44:54.814877641Z"}, "www.sankalpsociety.in": {"record_type": "CNAME", "resolved_at": "2023-03-30T03:30:37.790561757Z"}, "alexsong.group": {"record_type": "AAAA", "resolved_at": "2023-04-07T17:20:01.599322255Z"}, "www.honestfarmer.in": {"record_type": "CNAME", "resolved_at": "2023-03-18T23:46:54.581846631Z"}, "caya-gutenberg.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-14T00:28:27.380989688Z"}, "fe.youyu.im": {"record_type": "CNAME", "resolved_at": "2023-03-05T16:23:47.675585567Z"}, "navi-baum-demo.giang-nguyen.com": {"record_type": "CNAME", "resolved_at": "2023-05-11T14:50:15.129872931Z"}, "www.consciouscamping.ie": {"record_type": "CNAME", "resolved_at": "2023-02-11T15:09:56.324722295Z"}, "danzetsu.biscuitt.in": {"record_type": "CNAME", "resolved_at": "2023-02-25T16:55:06.993306904Z"}, "blog.belsky.in": {"record_type": "CNAME", "resolved_at": "2023-03-30T03:27:06.776036239Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "www.aidbots.in": {"record_type": "CNAME", "resolved_at": "2023-04-11T18:20:04.915692018Z"}, "git.fred.im": {"record_type": "CNAME", "resolved_at": "2023-05-03T00:50:36.751035867Z"}, "www.arvindmehra.in": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:49:19.612171098Z"}, "www.chidkenuprarthanamandhira.in": {"record_type": "CNAME", "resolved_at": "2023-03-21T18:25:37.270541573Z"}, "sh11thead.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-08T13:53:23.227857044Z"}, "mint.gaiaprotocol.com": {"record_type": "CNAME", "resolved_at": "2023-05-07T14:38:55.332333650Z"}, "shashank.im": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:49:01.992957477Z"}, "www.labyr.in": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:43:44.082390542Z"}, "blog.xcatliu.com": {"record_type": "CNAME", "resolved_at": "2023-04-20T19:54:04.742624347Z"}, "guaifish.com": {"record_type": "CNAME", "resolved_at": "2023-02-24T13:51:15.431279411Z"}, "trantuanminh.com": {"record_type": "AAAA", "resolved_at": "2023-04-26T16:50:40.377931396Z"}, "tgd.telecomnancy.net": {"record_type": "CNAME", "resolved_at": "2023-04-23T20:23:42.968388426Z"}, "student.mathsoc.ie": {"record_type": "CNAME", "resolved_at": "2023-03-04T16:27:35.884914874Z"}, "championash5357.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-22T17:12:10.247998776Z"}, "chaos-cl.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-17T16:27:07.483105509Z"}, "www.iapt2.ru": {"record_type": "CNAME", "resolved_at": "2023-04-18T21:11:09.936338632Z"}, "xiongwen7.cn": {"record_type": "CNAME", "resolved_at": "2023-02-26T12:45:30.176581622Z"}, "space.dejvoss.cz": {"record_type": "CNAME", "resolved_at": "2022-09-24T15:17:43.470867813Z"}, "www.eofis.ie": {"record_type": "CNAME", "resolved_at": "2023-04-16T05:04:10.745054368Z"}, "www.effirod.in": {"record_type": "CNAME", "resolved_at": "2023-04-20T21:10:19.519636869Z"}, "blog.zheng.im": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:44:46.778861543Z"}, "www.yeezhang.im": {"record_type": "CNAME", "resolved_at": "2023-03-05T16:24:05.360687550Z"}, "www.croissantdao.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T14:18:31.428677841Z"}, "domlet.richplastow.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:55:59.508294762Z"}, "www.servermaya.web.id": {"record_type": "CNAME", "resolved_at": "2023-04-01T19:01:32.988717568Z"}, "decarola.lifesheets.app": {"record_type": "CNAME", "resolved_at": "2023-03-19T21:38:09.336334894Z"}, "www.get1mil.com": {"record_type": "CNAME", "resolved_at": "2023-03-07T13:53:16.151398146Z"}, "www.megalomania.icu": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:50:15.076942224Z"}, "montecarlo.mardh.eu": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:12:54.462076635Z"}, "polothil.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:13:36.027155340Z"}, "blog2.foxcii.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:20:31.600174494Z"}, "www.fx-businessintelligence.com": {"record_type": "CNAME", "resolved_at": "2022-11-03T13:15:19.928479843Z"}, "https://jaxyouthsurvey.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-18T16:09:45.376363389Z"}, "q42.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T21:14:14.876154310Z"}, "www.corefindings.com": {"record_type": "CNAME", "resolved_at": "2023-04-25T14:30:24.633859334Z"}, "blog.s-schoener.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T16:33:37.322972528Z"}, "www.gilsoffer.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:22:12.068548907Z"}, "www.frontendtesting.com": {"record_type": "CNAME", "resolved_at": "2023-03-04T14:07:21.806350891Z"}, "www.forexforyou.co.in": {"record_type": "CNAME", "resolved_at": "2022-12-18T14:45:47.847480431Z"}, "www.parmosense.jp": {"record_type": "CNAME", "resolved_at": "2023-05-01T17:45:06.831576093Z"}, "www.openpoint.ie": {"record_type": "CNAME", "resolved_at": "2023-04-26T18:20:10.169998436Z"}, "docs.cashwarden.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T00:14:00.447731445Z"}, "www.kattamzero.in": {"record_type": "CNAME", "resolved_at": "2022-12-22T14:48:29.799597358Z"}, "cbrcrtx.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-27T16:15:18.542745453Z"}, "youge.icu": {"record_type": "CNAME", "resolved_at": "2023-03-22T11:26:45.995844714Z"}, "blog.ciberviler.top": {"record_type": "CNAME", "resolved_at": "2023-05-03T22:00:04.200012079Z"}, "selfcare.reemglasco.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:53:55.389091114Z"}, "www.aksharaa-stories.in": {"record_type": "CNAME", "resolved_at": "2023-04-14T22:01:24.104478961Z"}, "politicadedatos.cdmx.gob.mx": {"record_type": "CNAME", "resolved_at": "2023-04-20T22:14:34.638861478Z"}, "blog.669.icu": {"record_type": "CNAME", "resolved_at": "2023-04-30T23:01:16.804648755Z"}, "www.nino.ie": {"record_type": "CNAME", "resolved_at": "2022-11-15T14:39:48.329300690Z"}, "gtmo.verifyip.dev": {"record_type": "CNAME", "resolved_at": "2023-03-18T04:57:31.930831771Z"}, "dilipmishra.in": {"record_type": "AAAA", "resolved_at": "2023-04-20T09:39:39.449912783Z"}, "www.icrat.org": {"record_type": "CNAME", "resolved_at": "2023-02-24T18:57:48.570890826Z"}, "v2.ook.web.id": {"record_type": "CNAME", "resolved_at": "2023-03-22T18:06:45.316235566Z"}, "webscience.aareet.com": {"record_type": "CNAME", "resolved_at": "2023-04-15T13:10:37.642950908Z"}, "bsrcode.in": {"record_type": "AAAA", "resolved_at": "2023-03-10T15:26:40.826334961Z"}, "chaobai-li.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-21T01:31:06.446449174Z"}, "gennymcdonagh.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-20T01:52:08.452932867Z"}, "apidocs.skycore.com": {"record_type": "CNAME", "resolved_at": "2023-02-24T14:41:26.009078406Z"}, "spirit.javve.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T02:19:30.097488621Z"}, "www.harmlessmachines.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T15:30:55.779483006Z"}, "inwave.ee.iith.ac.in": {"record_type": "CNAME", "resolved_at": "2023-04-30T23:00:58.357496950Z"}, "atf.accmp.co.in": {"record_type": "CNAME", "resolved_at": "2022-10-12T15:02:53.176642383Z"}, "www.cybercell.in": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:50:33.435276887Z"}, "haz.gyb.hu": {"record_type": "CNAME", "resolved_at": "2023-04-03T17:32:33.353464423Z"}, "www.albrt.in": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:50:47.473965264Z"}, "volnt.github.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T12:15:25.538707631Z"}, "www.undef.im": {"record_type": "CNAME", "resolved_at": "2023-03-16T15:22:57.341657363Z"}, "www.jesl.in": {"record_type": "CNAME", "resolved_at": "2023-03-18T23:46:46.131431289Z"}, "www.utopianhealing.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T22:37:02.294230539Z"}, "hstory.cn": {"record_type": "CNAME", "resolved_at": "2023-03-23T13:22:41.980546226Z"}, "pansypotter.gq": {"record_type": "AAAA", "resolved_at": "2023-01-05T15:01:42.622173547Z"}, "www.wsbrunson.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T15:38:39.587595975Z"}, "www.divisionthegame.com": {"record_type": "CNAME", "resolved_at": "2022-11-24T13:19:50.972528321Z"}, "proofcafe.github.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T14:18:15.798052993Z"}, "weather.boff.in": {"record_type": "CNAME", "resolved_at": "2023-04-18T17:20:47.664757665Z"}, "cocoyunxyz.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-18T23:52:21.760457760Z"}, "www.x3pi.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:23:11.859917505Z"}, "cassiehlinka.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-24T16:10:58.121319192Z"}, "chinese.yijun.hu": {"record_type": "CNAME", "resolved_at": "2023-03-07T16:05:40.493292434Z"}, "corporateaward.skoch.in": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:24:29.350893299Z"}, "www.trich.im": {"record_type": "CNAME", "resolved_at": "2023-04-14T22:00:26.714697755Z"}, "go.openset.wang": {"record_type": "CNAME", "resolved_at": "2023-04-13T07:10:38.860870061Z"}, "www.lokjivan.in": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:23:15.353939327Z"}, "fosterinfotech.com": {"record_type": "AAAA", "resolved_at": "2023-04-15T14:30:18.377726429Z"}, "dmitryz.com": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:34:37.477220368Z"}, "www.devondcl.com": {"record_type": "CNAME", "resolved_at": "2023-04-15T14:20:27.865441511Z"}, "www.howtocanada.ru": {"record_type": "CNAME", "resolved_at": "2023-04-19T23:22:52.845993267Z"}}, "names": ["polothil.github.com", "docs.cashwarden.com", "v2.ook.web.id", "alexsong.group", "webscience.aareet.com"2606:50c0:8001::153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonedefault (Net ID: 00:11:95:71:3F:FA)32.8608, -79.9746
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None55 2nd PMO (Net ID: 00:01:21:10:85:60)37.7813933,-122.3918002
2023-05-12 02:44:40Software UsedYesTool - Wappalyzer0020NoneGoogle Analyticsfunny.battleb0t.xyz
2023-05-12 02:56:57Internet NameNoDNS Resolver0020Nonefunny.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:48:35 2023 GMT Not After : Apr 14 17:48:34 2023 GMT Subject: CN=funny-face-pictures.nom-nom.link Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4: 8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62: 35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7: d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d: 46:7d:03:91:0a ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a9:fd:fd:93:70:29:b0:48:11:c8:ce:bf:67:f2:09:f0:18:36: 72:e2:d5:45:1a:22:98:73:7b:fc:63:f5:37:b4:8e:20:c8:45: e4:ce:e2:9e:72:73:e8:ad:47:bf:c0:35:30:a0:a9:68:42:7b: af:a0:57:45:fd:5a:91:a4:2e:d5:a2:69:b2:ca:b8:65:ec:5c: 97:2b:5a:c2:47:61:9f:c4:81:87:89:15:e0:4d:14:10:00:57: de:30:17:e4:75:38:ea:ab:0b:a9:2e:0e:a3:de:bf:1e:49:35: 76:16:95:0e:f2:76:59:a6:60:31:e4:31:da:5e:f7:3d:1a:b6: 45:fb:43:8b:75:fa:55:4a:bf:3c:53:c5:63:68:3b:09:79:60: 3e:59:90:9c:6f:29:ba:5e:2e:69:99:fe:bf:eb:b8:a8:a2:e5: 6a:e1:ab:7d:7b:0c:fc:a2:d8:0c:8f:d2:5f:a3:53:b9:f8:44: 96:05:f5:bc:85:79:5a:77:18:35:7d:ad:c6:2f:17:ce:cc:e8: 15:70:ec:81:d3:7e:77:0e:2a:9b:e5:1b:d9:8c:57:bd:a3:bc: 0a:e0:67:62:79:dd:4b:90:cc:e8:41:75:b0:89:34:3b:68:0e: 36:40:32:41:3e:6c:17:bc:5d:a4:cc:91:d3:38:4a:ce:c8:1b: ab:60:7c:08
2023-05-12 03:09:18Vulnerability - GeneralYesTool - Retire.js0040NoneCVE-2018-20677 Score: Unknown Description: Unknownhttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:00:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.48): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneKongregate (Category: gaming) https://www.kongregate.com/accounts/battleb0tbattleb0t
2023-05-12 02:45:34Affiliate - Internet NameNoDNS Raw Records6010Noneskip.ns.cloudflare.combattleb0t.xyz
2023-05-12 03:10:37Open TCP PortNoPulsedive0030None185.199.108.154:80185.199.108.0/24
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7934.74.170.74
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000000jihyun.github.io] https://www.openphish.com/feed.txt000000jihyun.github.io
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.194): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonephi (Net ID: 00:06:B1:2D:D2:D1)33.6170672,-111.90564645297056
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonecurealty (Net ID: 00:0C:41:49:32:21)33.6170672,-111.90564645297056
2023-05-12 03:05:41Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.nuke.battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None42 (Net ID: 00:01:03:7C:0D:EE)52.3759, 4.8975
2023-05-12 02:59:56Affiliate - Email AddressNoE-Mail Address Extractor0030Nonebenjamin.mckenzie@atimetals.com[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c04_IE_EarlyTabStart_0x8b0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"\n "IsoScope_c04_IESQMMUTEX_0_303"\n "IsoScope_c04_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c04_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_c04_ConnHashTable<3076>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.66.40.106:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "191.101.3.40:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "llink.to"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "CabB51E.tmp" has type "data"- Location: [%TEMP%\\CabB51E.tmp]- [targetUID: 00000000-00002300]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003076]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFEEE2751A29384183.TMP" has type "data"- Location: [%TEMP%\\~DFEEE2751A29384183.TMP]- [targetUID: 00000000-00003076]\n "~DFFC90A9F2586EA360.TMP" has type "data"- Location: [%TEMP%\\~DFFC90A9F2586EA360.TMP]- [targetUID: 00000000-00003076]\n "~DFEF4FBE98200F22B4.TMP" has type "data"- Location: [%TEMP%\\~DFEF4FBE98200F22B4.TMP]- [targetUID: 00000000-00003076]\n "~DFE92125FE943442B9.TMP" has type "data"- Location: [%TEMP%\\~DFE92125FE943442B9.TMP]- [targetUID: 00000000-00003076]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "_BCFD0E53-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._BCFD0E51-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C766E17C-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002300]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "PZ85YNQQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PZ85YNQQ.txt]- [targetUID: 00000000-00003076]\n "P9VT4ER8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P9VT4ER8.txt]- [targetUID: 00000000-00003076]\n "QUTHNHLH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QUTHNHLH.txt]- [targetUID: 00000000-00003076]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "EAMNLP61.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EAMNLP61.txt]- [targetUID: 00000000-00003076]\n "benjamin.mckenzie@atimetals_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "II6KA114.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\II6KA114.txt]- [targetUID: 00000000-00003076]\n "B2FNP7N6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B2FNP7N6.txt]- [targetUID: 00000000-00003076]\n "QO8K1B53.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QO8K1B53.txt]- [targetUID: 00000000-00003076]\n "CabB51F.tmp" has type "data"- Location: [%TEMP%\\CabB51F.tmp]- [targetUID: 00000000-00002300]\n "CabC118.tmp" has type "data"- Location: [%TEMP%\\CabC118.tmp]- [targetUID: 00000000-00002300]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "CabC13A.tmp" has type "data"- Location: [%TEMP%\\CabC13A.tmp]- [targetUID: 00000000-00002300]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "6O2TX2Q0.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\6O2TX2Q0.htm]- [targetUID: 00000000-00002300]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.guelphcrc.ca" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com"\n Pattern match: "https://llink.to"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115_EDGE_Vmicrosoft.com/921614563724831110587320756521031032115SRCHDAF=NOFORMmicrosoft.com/10243323789440310856102"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131micr"\n Pattern match: "921614563724831110587321084646031032115MUID1C22022E23466767041B1123220A6603msn.com/102514563724831110587321084646031032115"\n Pattern match: "https://west.exchserverdata.one/?email=YmVuamFtaW4ubWNrZW56aWVAYXRpbWV0YWxzLmNvbQ=="\n Pattern match: "MUIDB31E817B6939460D9349A04BB92D861F2ieonline.microsoft.com/921614563724831110587320756521031032115"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025103905676831068342321084646031032115"\n Pattern match:
2023-05-12 02:44:15SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.appfunny.battleb0t.xyz
2023-05-12 03:04:14Malicious AffiliateYesabuse.ch0130Noneabuse.ch URLhaus (Domain) [cdn-185-199-108-153.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-108-153.github.com
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}104.21.71.14
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None104.21.71.14nuke.battleb0t.xyz
2023-05-12 03:09:08Affiliate - IP AddressNoDNS Look-aside1030None165.232.113.94165.232.113.85
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.121): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01-edu.github.io] https://www.openphish.com/feed.txt01-edu.github.io
2023-05-12 02:53:06Web TechnologyNoTool - WAFW00F0020NoneNone Nonenuke.battleb0t.xyz
2023-05-12 03:09:35Affiliate - Internet NameNoDNS Resolver0040None215.30.196.104.bc.googleusercontent.com104.196.30.215
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f8c5a3bb81a1b-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:27SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Jan 23 21:31:46 2023 GMT Not After : Apr 23 21:31:45 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85: 67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9: c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8: 12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6: c7:25:79:67:99 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 23 22:31:46.387 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:E4:5D:77:E7:B9:FC:9E:AD:1C:B5:62: 14:DD:D8:A1:B9:93:A7:95:80:D0:27:BE:9B:FC:96:DD: 90:D7:C4:30:AA:02:20:05:D4:DE:FE:C2:15:EF:1B:42: 74:2D:E4:3F:4F:CB:73:3D:EC:7B:44:18:37:71:14:A8: 00:F1:6C:6D:6B:77:67 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Jan 23 22:31:46.397 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:BD:22:C5:30:9F:6F:36:15:B7:D1:CA: AD:CF:EB:D0:94:75:7F:1F:5A:28:FD:93:B5:75:02:8F: D1:C6:87:41:2E:02:20:7C:52:E6:58:A4:8D:55:6A:69: 9C:2C:54:4C:7F:AC:22:28:8D:2B:54:D7:47:45:0A:C9: 6B:D8:24:59:2E:89:1F Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:90:aa:85:4e:91:c5:53:b9:d9:ce:56:8c:48: a4:84:84:df:15:f2:f7:bf:4b:d6:de:72:8d:e4:36:65:23:71: d4:4d:c8:2a:c7:b7:82:2b:69:73:9f:f4:f6:c1:7d:a3:6f:02: 31:00:97:48:3c:2f:eb:bf:19:54:bc:8e:14:95:49:a7:05:bf: e6:fa:13:41:2f:ff:2a:2b:4a:df:86:c2:17:9a:7a:15:fb:b9: 93:c8:cf:89:19:ce:5b:35:b7:4b:d3:57:36:16 battleb0t.xyz
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneReddit (Category: social) https://www.reddit.com/user/AltpapierAltpapier
2023-05-12 03:31:32Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@dynadot.comDomain Name: AYIU.XYZ Registry Domain ID: D304640320-CNIC Registrar WHOIS Server: whois.dynadot.com Registrar URL: http://www.dynadot.com Updated Date: 2022-06-28T04:15:13.0Z Creation Date: 2022-06-23T04:11:38.0Z Registry Expiry Date: 2023-06-23T23:59:59.0Z Registrar: Dynadot LLC Registrar IANA ID: 472 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Registrant State/Province: California Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: 170.NS1.ABOVE.COM Name Server: 170.NS2.ABOVE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@dynadot.com Registrar Abuse Contact Phone: +1.6502620100 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:33.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: AYIU.XYZ Registry Domain ID: D304640320-CNIC Registrar WHOIS Server: whois.dynadot.com Registrar URL: http://www.dynadot.com Updated Date: 2022-06-23T05:10:07.0Z Creation Date: 2022-06-23T04:11:38.0Z Registrar Registration Expiration Date: 2023-06-23T23:59:59.0Z Registrar: DYNADOT LLC Registrar IANA ID: 472 Registrar Abuse Contact Email: abuse@dynadot.com Registrar Abuse Contact Phone: +1.6502620100 Registry Registrant ID: CPF-291635 Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Dynadot Privacy Service Registrant Street: PO Box 701 Registrant Street: Registrant City: San Mateo Registrant State/Province: California Registrant Postal Code: 94401 Registrant Country: US Registrant Phone: +1.6505854708 Registrant Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz Registry Admin ID: CPF-291635 Admin Name: REDACTED FOR PRIVACY Admin Organization: Dynadot Privacy Service Admin Street: PO Box 701 Admin Street: Admin City: San Mateo Admin State/Province: California Admin Postal Code: 94401 Admin Country: US Admin Phone: +1.6505854708 Admin Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz Registry Tech ID: CPF-291635 Tech Name: REDACTED FOR PRIVACY Tech Organization: Dynadot Privacy Service Tech Street: PO Box 701 Tech Street: Tech City: San Mateo Tech State/Province: California Tech Postal Code: 94401 Tech Country: US Tech Phone: +1.6505854708 Tech Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz Name Server: 170.ns1.above.com Name Server: 170.ns2.above.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2022-06-22 22:10:07 -0700 <<<
2023-05-12 02:54:41HTTP HeadersNoCensys0030None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H04595A0C45NR8DMSR5TCKG9"], "Date": ["<REDACTED>"], "Server": ["Netlify"]}104.196.30.220
2023-05-12 03:09:28Co-Hosted SiteNoSSL Certificate Analyzer0020Noneacilacikveteriner.com87.248.157.102
2023-05-12 03:33:34Raw File Meta DataNoBinary String Extractor0040None!22222222222222222222222222222222222222222222222222 3 zVm Y7a5mH LyBu5 @rO$T gt@G<U rCrV8 e$?>z DvgsWuM_ w"$RO WW uvW_c KT`\d Vb /'T T\"zw :W4cn Ga96A$ S$jFv cBK8< bp1MDND .rzQ`l kRgKHB'/ DajA 8 hZk68 59L'` sM!2C Khv3$\ zqLtj :GRx4 $L705 IogY$c qOD t e:otz$ gk>Ci"dm j@@EDjf hprOSM 1ZiZC aQ0 EXaQ0 5VFE$ xX<nU w2mJd JxZ9229 U>Ys. 5DOzij Nk6R$ O5hDf$ 5aNES oQE/j gOIcq 8?e.xl q5 <` v3Lbs psF 4 1E/QE https://pics.battleb0t.xyz/images/random_1.jpeg
2023-05-12 02:51:33Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://89667lpjzo.thebassbite.com/fr-revenue-eservices-cra/index.php?=112726&redrisky%40icloud.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6732:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:6732:304:WilStaging_02"\n "SM0:6732:120:WilError_01"\n "Local\\SM0:6732:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.60.54:443"\n "138.91.254.96:443"\n "172.67.191.22:443"\n "142.251.46.195:443"\n "23.54.48.253:443"\n "198.103.206.14:443"\n "54.188.197.7:443"\n "142.251.46.163:443"\n "44.228.117.199:443"\n "44.233.87.152:443"\n "142.251.46.202:443"\n "152.199.4.33:443"\n "185.199.108.153:443"\n "23.39.0.132:443"\n "54.187.210.201:443"\n "63.140.36.119:443"\n "20.50.73.11:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"89667lpjzo.thebassbite.com"\n "ajax.googleapis.com"\n "api.edgeoffer.microsoft.com"\n "assets.adobedtm.com"\n "c.go-mpulse.net"\n "canada.demdex.net"\n "canada.sc.omtrdc.net"\n "canada.tt.omtrdc.net"\n "cdn.botframework.com"\n "cm.everesttech.net"\n "cra-arc.gc.ca"\n "cra-taxation-benefits-revenue-e1service-645a781e0a6ac.wefishmedia.com"\n "design.canada.ca"\n "dpm.demdex.net"\n "fonts.gstatic.com"\n "self.events.data.microsoft.com"\n "wet-boew.github.io"\n "www.google.az"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-49', u'name': u'Drops ASP/PHP html files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"urlref_https89667lpjzo.thebassbite.comfr-revenue-eservices-craindex.php_112726_redrisky%40icloud.com" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_https89667lpjzo.thebassbite.comfr-revenue-eservices-craindex.php_112726_redrisky%40icloud.com" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\shopping.js]- [targetUID: 00000000-00002300]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00003868]\n "Ruleset Data" has type "data"- [targetUID: 00000000-00002300]\n "wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\\2300_581733700\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00002300]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2300_581733700\\wallet.bundle.js]- [targetUID: 00000000-00002300]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2300_917696848\\Filtering Rules]- [targetUID: 00000000-00002300]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2300_581733700\\edge_driver.js]- [targetUID: 00000000-00002300]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\edge_driver.js]- [targetUID: 00000000-00002300]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2300_581733700\\vendor.bundle.js]- [targetUID: 00000000-00002300]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00003868]\n "4265444a-c4d4-4b4c-bbe4-9cd8a74a3d12.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 148518"- Location: [%TEMP%\\4265444a-c4d4-4b4c-bbe4-9cd8a74a3d12.tmp]- [targetUID: 00000000-00002300]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2300_581733700\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00002300]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\auto_open_controller.js]- [targetUID: 00000000-00002300]\n "f_0004d2" has type "gzip compressed data was "webchat-es5.js" last modified: Tue Jun 9 20:56:21 2020 max compression from Unix original size modulo 2^32 3055929"- [targetUID: N/A]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00002300]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00002300]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2300_581733700\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00002300]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002300]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2300_581733700\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00002300]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002300]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002300]\n "product_page.js" has type "UTF-8 Unicode text with very l185.199.108.153
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneMCName (Minecraft) (Category: gaming) https://mcname.info/en/search?q=AltpapierAltpapier
2023-05-12 03:27:00Linked URL - ExternalNoWeb Server Identifier0040Nonehttp://127.0.0.1:*{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 02:54:13Open TCP PortNoCensys0040None2606:4700:3030::ac43:a8fc:4432606:4700:3030::ac43:a8fc
2023-05-12 03:00:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.6): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:09:41Affiliate - Internet NameNoDNS Resolver0040None126.48.229.35.bc.googleusercontent.com35.229.48.126
2023-05-12 03:03:17Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: ff:0e:1e:a4:6f:55:f0:74:0e:b3:83:e1:07:c9:ea:93 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Dec 14 04:12:07 2022 GMT Not After : Mar 14 04:12:06 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c0:3f:15:01:81:40:92:70:87:14:2c:25:01:e5: a7:7f:11:ff:2d:2c:1c:6c:21:42:67:4e:30:48:bf: c1:33:05:3f:32:e6:9d:27:08:a8:f7:db:7e:1a:19: 1c:aa:99:e8:d8:96:24:37:12:c6:a7:26:93:c0:67: f6:d7:bf:fc:b8:23:1f:07:9c:8a:3a:8e:50:72:7a: 0b:43:ee:28:4c:e1:d7:7b:d8:4b:14:51:0a:cf:12: 03:a0:03:83:38:8b:68:c0:ba:0b:40:43:da:e2:c7: fd:15:ad:f1:8a:ab:ad:d4:e1:28:d8:1f:91:4f:47: 05:38:6f:51:ba:b9:1e:e4:8f:9a:e9:d0:3a:3f:ae: 54:23:1b:cb:47:92:67:43:7b:78:2f:12:0d:48:e5: 86:54:03:05:53:71:94:6f:99:ca:50:b2:16:e3:59: 28:bd:e6:69:65:a7:0a:f0:76:9d:7c:ae:23:47:a4: a0:54:01:4b:e1:a1:6c:56:66:e9:5f:20:b4:97:88: 6b:ae:96:63:a2:7f:14:d1:e7:4b:38:62:1b:57:9e: 5f:19:6f:4a:f8:f3:3f:ef:b1:e8:e9:b2:bb:cb:cb: 97:cd:3c:47:76:5d:e9:c6:1b:37:bc:84:42:29:b5: 65:be:97:34:7e:ff:74:79:85:f4:78:a1:2a:b1:60: 7b:21 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FA:7E:08:50:07:6C:FD:DC:A8:68:45:A3:97:1C:E4:28:15:A8:2F:9D X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/Yj_rNAxE9pQ CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/ihFiAY-64YY.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 45:c0:ed:fe:c5:44:0c:96:51:92:15:dc:2f:1d:e5:5e:4c:7f: 89:4a:3f:3d:94:64:76:5e:6b:ff:8c:03:7f:eb:ae:61:c0:89: 16:34:3c:a1:d5:87:98:35:53:48:52:1e:b4:61:d3:7d:9f:96: bd:0f:71:c5:cf:b6:14:12:8a:01:59:97:dc:9b:84:b8:dd:00: 79:7f:7b:33:b7:24:69:1f:af:bd:66:ab:a1:a1:aa:55:6d:07: 62:b3:82:ac:fd:d6:53:44:01:3b:7c:3d:b9:8c:0c:8a:49:6d: d5:e2:69:ce:ba:89:85:d0:a0:a7:81:a9:33:e3:76:b1:ed:fb: 71:7d:21:ea:82:98:93:f2:93:44:03:80:07:95:04:86:b6:71: 7f:1b:b4:73:ab:10:06:9e:6f:7b:f8:37:23:5b:20:c2:b0:1b: 8c:a9:f0:bb:c8:15:54:65:03:66:2b:65:2b:dd:c8:82:36:7d: 72:f9:d2:d6:5a:4a:b5:ef:a1:6b:50:f2:a1:c4:4a:6e:36:35: c1:77:e5:2a:d0:28:89:59:f4:ec:d9:e0:96:66:a5:63:34:40: 69:7a:2a:6c:50:eb:81:e2:8a:ed:dd:bc:84:68:33:dd:56:7f: 0b:5f:af:bd:a2:2e:a4:1d:b3:12:b6:18:66:80:38:3d:ab:75: 96:5c:c6:6f
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneS-lan (Net ID: 00:01:24:F1:91:41)37.780462,-122.390564
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan50 (Net ID: 00:02:6F:32:A9:45)37.7642, -122.3993
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneYouTube User (Category: video) https://www.youtube.com/user/ayshoo/aboutayshoo
2023-05-12 02:56:54Affiliate - Internet NameNoDNS Resolver1020Nonecp.keyubu.net87.248.157.102
2023-05-12 03:09:40Affiliate - Internet NameNoDNS Resolver0040None117.48.229.35.bc.googleusercontent.com35.229.48.117
2023-05-12 03:24:50CountryNoCountry Name Extractor0050NoneUnited States Domain Name: 00RZ.COM Registry Domain ID: 1545841665_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-12-26T09:10:34Z Creation Date: 2009-03-07T02:16:40Z Registry Expiry Date: 2024-03-07T02:16:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS17.DOMAINCONTROL.COM Name Server: NS18.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:19Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: 00RZ.COM Registry Domain ID: 1545841665_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-26T04:10:32Z Creation Date: 2009-03-06T21:16:40Z Registrar Registration Expiration Date: 2024-03-06T21:16:40Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM Name Server: NS17.DOMAINCONTROL.COM Name Server: NS18.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:27Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F6:C3:DF)41.8781, -87.6298
2023-05-12 02:56:45SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:02:53 2023 GMT Not After : May 25 03:02:52 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2: 4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da: 27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc: 93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57: 82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a: 64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39: b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1: 1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e: 27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a: df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2: 6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86: a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d: 21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d: fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07: 24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34: 0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73: 29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b: 6b:f7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a3:c5:54:80:ec:15:48:8e:60:57:c2:56:21:02:dc:33:b2:67: 3c:b1:4d:e5:1f:de:da:ed:a7:e3:8d:b7:03:a3:f4:cc:b6:e1: 1e:b1:21:17:9e:36:0c:2a:fd:f3:0a:f5:98:b6:cc:3c:01:67: f2:0d:fc:88:12:e2:d6:83:96:22:f2:3a:bb:54:5e:67:b9:fa: 0b:ad:7a:8d:5d:db:b1:9d:a3:cb:38:99:91:47:54:50:04:49: 4c:4b:88:c5:e7:74:21:f3:ca:60:d8:72:6d:c3:a3:f9:c2:7e: 0b:52:23:2d:ac:85:06:0b:ad:5c:f7:db:13:07:0b:7b:6d:f5: 2f:d3:bc:b1:6b:2a:74:2f:9e:80:c3:aa:10:0b:63:bc:43:b6: 74:f7:8c:dd:83:d1:7d:5d:ba:58:70:ca:ea:2d:07:d9:a9:56: 60:b3:6e:29:b1:ee:a9:c9:ca:0f:33:89:8b:44:0b:de:d1:75: 1d:b7:8b:4c:86:7b:5b:32:c0:1e:15:9e:8b:ec:63:cf:99:d1: 62:4e:5a:85:07:ac:08:3d:a0:31:af:ac:50:c9:09:ed:b3:2e: 9f:e5:63:7d:b8:46:50:15:49:e6:16:2e:ad:ae:5c:d1:17:72: 04:af:52:88:b6:66:c9:13:ad:15:0a:c2:ba:2f:69:ae:eb:7a: 39:e4:67:40 battleb0t.xyz
2023-05-12 02:45:24Raw Data from RIRsNoipapi.co0030None{u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'64.226.81.43', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'64.226.80.0/20', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'}64.226.81.43
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneSteve (Net ID: 00:16:E3:41:0D:E8)40.2024, 29.0398
2023-05-12 02:48:19SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: May 4 19:22:49 2023 GMT Not After : Aug 2 19:22:48 2023 GMT Subject: CN=nwapi2.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0: a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3: 66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53: 8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52: d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0: 68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55: f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77: 4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b: b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d: b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6: 78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e: de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49: aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7: d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8: 97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04: ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff: 7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93: 18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f: 07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34: 4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16: 68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57: bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d: 47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9: 14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c: 29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47: 5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd: 5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b: 78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa: 0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf: 9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5: e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83: d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff: a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f: e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0: 69:a0:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi2.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 0a:70:c1:db:70:e8:b9:50:30:b7:33:82:8e:fc:63:b0:63:ad: 97:e6:50:23:e8:d8:fd:32:74:4a:a7:58:9f:cf:c8:b6:a2:cd: 7e:28:74:19:38:ee:dc:ac:6a:d0:c4:5a:10:c7:c3:c1:0d:21: b4:ff:86:61:30:4b:7d:10:9a:6d:10:38:4e:dc:1b:20:ad:54: dd:8b:f9:7d:21:27:78:df:f9:73:ac:1b:f2:16:30:85:73:06: 19:38:d2:0d:2a:2f:fc:b8:ba:a6:8c:6a:bd:c8:da:cd:6a:e6: e4:d5:b0:9f:b7:e5:07:a1:e6:c4:64:49:4e:a2:03:a3:bb:09: 77:55:6d:a7:9f:75:ea:9d:72:47:23:48:8a:7d:88:e5:aa:dd: ab:25:4c:7b:7d:5c:a4:22:dd:53:9e:e1:3c:87:e3:cc:89:d0: b4:6c:0c:61:00:8e:aa:db:85:6f:38:41:eb:4d:06:95:0f:0d: 4e:20:67:94:ec:1c:78:50:ed:0d:4f:1f:d7:4a:22:75:17:67: 0c:34:fe:7d:1a:30:5c:4f:39:17:f0:44:c2:e8:bd:ca:09:21: 03:9a:cb:da:b9:49:21:e4:b4:06:92:26:62:9e:1d:38:76:5b: c4:c5:a8:a9:96:cc:aa:3e:01:a2:ae:8c:45:a0:e8:cf:2a:e0: ca:8e:e5:18 battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMaingau (Net ID: 00:02:2D:66:94:73)50.1188, 8.6843
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.242): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneMastodon-API (Category: social) https://mastodon.social/api/v2/search?q=loginlogin
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneGamespot (Category: gaming) https://www.gamespot.com/profile/login/login
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:71:0A:12:B3)52.3759, 4.8975
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneChess.com (Category: gaming) https://www.chess.com/member/battleb0tbattleb0t
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneBARWN-Public (Net ID: 00:02:6F:03:AE:69)37.7642, -122.3993
2023-05-12 03:01:10Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.123): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F7:8C:15)41.8781, -87.6298
2023-05-12 02:56:50Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://zacharyburdette.com/index.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_aec_IESQMMUTEX_0_331"\n "IsoScope_aec_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_aec_IE_EarlyTabStart_0xe60_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_aec_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_aec_ConnHashTable<2796>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_aec_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"\n "96.6.232.137:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar87C3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar87C1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab87C0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab87C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "DA45VJAM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DA45VJAM.txt]- [targetUID: 00000000-00002800]\n Dropped file: "YXLLLO20.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YXLLLO20.txt]- [targetUID: 00000000-00002796]\n Dropped file: "4WUOR0VH.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4WUOR0VH.txt]- [targetUID: 00000000-00002796]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_8BA7CB83-7FF8-11ED-B877-0800273CFE14_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "~DFD0CCD659A3A95644.TMP" has type "data"- Location: [%TEMP%\\~DFD0CCD659A3A95644.TMP]- [targetUID: 00000000-00002796]\n "DA45VJAM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DA45VJAM.txt]- [targetUID: 00000000-00002800]\n "Tar87C3.tmp" has type "data"- Location: [%TEMP%\\Tar87C3.tmp]- [targetUID: 00000000-00002800]\n "Cab87C0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab87C0.tmp]- [targetUID: 00000000-00002800]\n "~DFFE2FBB3610963E2C.TMP" has type "data"- Location: [%TEMP%\\~DFFE2FBB3610963E2C.TMP]- [targetUID: 00000000-00002796]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_7ADE9AE2-7FFB-11ED-B877-0800273CFE14_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFE051EBAAF9DBCA61.TMP" has type "data"- Location: [%TEMP%\\~DFE051EBAAF9DBCA61.TMP]- [targetUID: 00000000-00002796]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002800]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002796]\n "Cab87C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab87C2.tmp]- [targetUID: 00000000-00002800]\n "YXLLLO20.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YXLLLO20.txt]- [targetUID: 00000000-00002796]\n "index_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "~DF19808A043737268F.TMP" has type "data"- Location: [%TEMP%\\~DF19808A043737268F.TMP]- [targetUID: 00000000-00002796]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "4WUOR0VH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4WUOR0VH.txt]- [targetUID: 00000000-00002796]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 414\nContent-Type: application/octet-stream\nDate: Tue, 20 Dec 2022 00:38:53 GMT\nEtag: "bd262ffded8f9193645cf1963d01292c-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMPFG4NQP1Z3ZF5C2ANP2MND\n\n{\n "name": "Zachary Burdette",\n "short_name": "Zachary Burdette",\n "lang": "en-us",\n "theme_color": "#2962ff",\n "background_color": "#2962ff",\n "icons": [{\n "src": "img/icon-192.png",\n "sizes": "192x192",\n "type": "image/png"\n }, {\n "src": "img/icon-512.png",\n "sizes": "512x512",\n "type": "image/png"\n }],\n "display": "standalone",\n "start_url": "/?utm_source=web_app_manifest"\n}"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive"\n 35.229.48.116
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSX55154A43F (Net ID: 00:01:E3:54:A4:3F)50.8897, 6.0563
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F7:35:6D)41.8781, -87.6298
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneLCPSSTAFF (Net ID: 00:0B:85:50:7F:91)39.0469, -77.4903
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonelikeevideo (Category: social) https://likee.video/@loginlogin
2023-05-12 03:11:17Physical LocationNoAbstractAPI1020NoneAmsterdam, North Holland, 1012, Netherlands, Europe188.114.96.1
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneMCUUID (Minecraft) (Category: gaming) https://mcuuid.net/?q=ayshooayshoo
2023-05-12 02:53:18Internet NameNoMnemonic PassiveDNS25010Nonewww.ayhu.xyzayhu.xyz
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.182): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:50:42Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wasimreja.github.io/netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9f0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2544"\n "IsoScope_9f0_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_9f0_IESQMMUTEX_0_303"\n "IsoScope_9f0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_9f0_IE_EarlyTabStart_0xb04_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_9f0_ConnHashTable<2544>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pro.fontawesome.com"\n "wasimreja.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFCE77C216766EB7B9.TMP" has type "data"- Location: [%TEMP%\\~DFCE77C216766EB7B9.TMP]- [targetUID: 00000000-00002544]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002544]\n "~DF3D8E8EB511650354.TMP" has type "data"- Location: [%TEMP%\\~DF3D8E8EB511650354.TMP]- [targetUID: 00000000-00002544]\n "~DFA1B02EDDB3740F24.TMP" has type "data"- Location: [%TEMP%\\~DFA1B02EDDB3740F24.TMP]- [targetUID: 00000000-00002544]\n "~DF047AF5B01B1C6397.TMP" has type "data"- Location: [%TEMP%\\~DF047AF5B01B1C6397.TMP]- [targetUID: 00000000-00002544]\n "~DF9CAF8A24CDDF2A4D.TMP" has type "data"- Location: [%TEMP%\\~DF9CAF8A24CDDF2A4D.TMP]- [targetUID: 00000000-00002544]\n "urlref_httpswasimreja.github.ionetflix-clone" has type "HTML document ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._D7A145BF-EF99-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "_7763E692-EF9A-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D7A145C1-EF99-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DFBE3414-EF99-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "T6P1ZC01.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T6P1ZC01.txt]- [targetUID: 00000000-00002544]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "WTGINOBI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WTGINOBI.txt]- [targetUID: 00000000-00002544]\n "SAL9KSU0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SAL9KSU0.txt]- [targetUID: 00000000-00002544]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "Z1J5GHXQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Z1J5GHXQ.txt]- [targetUID: 00000000-00002544]\n "SC9MWSRS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SC9MWSRS.txt]- [targetUID: 00000000-00002544]\n "9RPMKK4K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9RPMKK4K.txt]- [targetUID: 00000000-00002544]\n "31LPVZHQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\31LPVZHQ.txt]- [targetUID: 00000000-00002544]\n "netflix-clone_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://wasimreja.github.io/netflix-clone/"\n Pattern match: "https://wasimreja.github.io"\n Pattern match: "https://wasimreja.github.io/netflix-clone"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "https://pro.fontawesome.com/releases/v5.10.0/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921645190899231032348364844117031032230MUID02E5F61DC6DE605D1B1AE513C75A6147microsoft.com/102558439820831110702364859742031032230_EDGE_Vmicrosoft.com/921658439820831110702364875367031032230SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921645190899231032348364844117031032230MUID02E5F61DC6DE605D1B1AE513C75A6147microsoft.com/102558439820831110702364859742031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921645190899231032348364844117031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921659439820831110702365172242031032230MUID253BEC97DCC5678D3BB0FF99DD89661Dmsn.com/102559439820831110702365172242031032230"\n Pattern match: "MUIDB02E5F61DC6DE605D1B1AE513C75A6147ieonline.microsoft.com/921658439820831110702364859742031185.199.108.153
2023-05-12 03:32:40Open TCP PortNoPulsedive0030None188.114.97.20:80188.114.97.0/24
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.183): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:47:17Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://rakha360.github.io/facebook', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://rakha360.github.io/facebook', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://rakha360.github.io/facebook', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kit.fontawesome.com"\n "rakha360.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "104.18.22.52:443"\n "172.64.169.22:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rakha360.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9c4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_9c4_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_9c4_IESQMMUTEX_0_519"\n "IsoScope_9c4_IE_EarlyTabStart_0xb00_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2500"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_9c4_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_9c4_ConnHashTable<2500>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "facebook_1_.htm" has type "HTML document UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "free-v4-font-face.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_2E56694C-B34B-11ED-9FE5-0800270497D3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 180 x 45 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 2 icons 32x32 32 bits/pixel 16x16 32 bits/pixel"- [targetUID: N/A]\n "facebook_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF38C0E91F31DE9AC8.TMP" has type "data"- Location: [%TEMP%\\~DF38C0E91F31DE9AC8.TMP]- [targetUID: 00000000-00002500]\n "~DFBFD127F7C6B8EB92.TMP" has type "data"- Location: [%TEMP%\\~DFBFD127F7C6B8EB92.TMP]- [targetUID: 00000000-00002500]\n "RecoveryStore._CE31769F-B348-11ED-9FE5-0800270497D3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002500]\n "R9LTVOO7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\R9LTVOO7.txt]- [targetUID: 00000000-00002500]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002500]\n "~DF5A4B20CAF7FF8423.TMP" has type "data"- Location: [%TEMP%\\~DF5A4B20CAF7FF8423.TMP]- [targetUID: 00000000-00002500]\n "~DF1E20889D13C0AA85.TMP" has type "data"- Location: [%TEMP%\\~DF1E20889D13C0AA85.TMP]- [targetUID: 00000000-00002500]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /facebook HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: rakha360.github.io"\n "GET /facebook/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: rakha360.github.io"\n "HTTP/1.1 301 Moved Permanently\nConnection: keep-alive\nContent-Length: 162\nServer: GitHub.com\nContent-Type: text/html\npermissions-policy: interest-cohort=()\nLocation: https://rakha360.github.io/facebook/\nX-GitHub-Request-Id: B05E:70FD:4CDC77:57E341:63F715D2\nAccept-Ranges: bytes\nDate: Thu, 23 Feb 2023 07:44:21 GMT\nVia: 1.1 varnish\nAge: 900\nX-Served-By: cache-sjc10044-SJC\nX-Cache: HIT\nX-Cache-Hits: 1\nX-Timer: S1677138262.911903,VS0,VE1\nVary: Accept-Encoding\nX-Fastly-Request-ID: 20236c9c777600e56880cbbcc15a8ab66019f0d5"\n "<html>\n<head><title>301 Moved Permanently</title></head>\n<body>\n<center><h1>301 Moved Permanently</h1></center>\n<hr><center>nginx</center>\n</body>\n</html>"\n "GET /facebook/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /facebook/img/logo.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /facebook/img/mobile.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /facebook/responsive.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "XIo8>\'@@Dy\nzpsAPmqBDI!%"\'%31Z$>{/EdkotWQ./j-dE_,=G)kHt#qy9*wu+njPz(z>~(+t3[fJ<Y{x4Ro""f.5CG4a~>Ib4&eNlOqc?2GCOgG"?.=qZ;T+`rH&#DKDbSGpfmBn1X8a"b0fm;tTC|*Pt\nq;rDn5LUEgPggoebU3F:D\\1L@V#tcKui_EU2IG0F0k\ncQJ(Ul\ni](Dpn;6\nJY L4^STr?J:kB\'lYyY3\n \nde*z]@91U+r950 0/@\'!Q|vCz\\}nTAR9,<r.26R:inuHCrsKmwg\nwt4N9+I]u%8giXs,kXcuhy1QdZ1iu<R=&jim)kon"!&NvZJ$[@&lvc@^T3VM.d|m8Y0?L84\n/FFfE=!E)(J\\~`63jZ2lhj|8;lQ;Q:sFj bJTZ1\'rT\'vxNMs;n6$6{Nx-|&Ww9c6@n92$OJ|&K,?^IN_v!)xbR^si\nVf6Pdn_5h-5:q(fQs! s{4$s6a"CFs/2S`[XLLeHuidOmz\'~}brTOmX7\nD;``UU}4v`X/f*9c?I-*Y^Q^?)}[|sw;w$wq9n_mCI(d", "RgjT\'k\\ZZhT>$$q;bQJJDmEPw\n})iGD;OrT0T.zs{>p{8P\n+GfUS;UL-`G\nzu?9Fs_:sY*gv>uI?cY", "Zn6>@QM*q(v7&h9\\i,Hv@qK4/}v-$Ai`-3ho=9Ah;?]{L`__!:(>rJcRq~J:hm((8L;](2A\\*0$5DQ0%]GK"AvIxh:AjIpR%`jLAj=)Q]2LaIE#@>`ISzG@\n=TX(jMlX)OSrL"<|oI)%bU)2$7=Y L}x^v_+1s!)YS9*T_|Q3O@xi3aB :nJXr\n/ T:/ Yi%p!aat\n"}3`\nuq=*_+(1#.`6J[]AjR)\\\\1Ojr7s%duY!9hiWDRh:k+\nw!@B\nuL[!mj[;cLBK_&+)e\n|\nQ4+Mq9_v;=\'x\no5q{"By,;((6qJt3PAL-UW[IQxPxbzoW}&@XhLGx,P^\nyU\\:2aS.9QLFjuDH"@fYD;hi/5\\\nz,`Wbi+$B>WLJZab(d$j1iwz:|75&W<4+kv\n><>,,$33d],{Hi\nyp8#]|B$|H|@\n~nywb(OPadcD)G?xL[I2RV$NL&/\nBy{l.E#x"f"B<$9Ce6C\nEy4He8?!k@T#7jEvBQ5J:VpS[O jf{t SU_\\.wU/HkG", "$LwX@g6N59yr1~SK.T$oP[_~=e0%qKMb.6`-/0k6y%krfrog>;Vojf\\)\nUf/,VQ`-D; :KKM`t<DidJ\\uvc=a![O1:[21u$,[n(AX/q@!lYe=V%%2mxrY2v/+~k,HRK\nQl+s,eMR:%P~\'DM4#0/Y]|g~Q:\\JWOX#H":o("\n "HTTP/1.1 200 OK\nConnection: keep-alive\nContent-Length: 15909\nServer: GitHub.com\nContent-Type: image/png\npermissions-policy: interest-cohort=()\nLast-Modified: Wed, 22 Feb 2023 07:53:22 GMT\nAccess-Co185.199.111.153
2023-05-12 02:46:54Affiliate - Domain NameNoDNS Resolver0030Nonegithub.iobattleb0t.github.io
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-l.github.io185.199.111.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneApple Network 0a20a8 (Net ID: 00:02:2D:0A:20:A8)50.1188, 8.6843
2023-05-12 03:00:49Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.71): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMainSurf (Net ID: 00:02:2D:67:EF:87)50.1188, 8.6843
2023-05-12 02:45:19Physical LocationNoipapi.co1040NoneAshburn, Virginia, VA, United States, US2600:1f18:2489:8200::c8
2023-05-12 03:11:24Physical LocationNoAbstractAPI0030NoneArizona, United States+14805058800
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Nonechacha20-poly1305@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys-g (Net ID: 00:06:25:C0:74:7C)33.336199,-111.89446440830702
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX551573A43 (Net ID: 00:01:E3:57:3A:43)52.3759, 4.8975
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.181): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.222): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:34:24Affiliate - IP AddressNoDNS Look-aside1030None45.131.109.4845.131.109.53
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneInterwrx1 (Net ID: 00:02:2D:A8:7E:D5)33.617190550339146,-111.90827887019054
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneMy Passport (2.4 GHz) - 07B79D (Net ID: 00:00:C0:07:B7:9D)37.780462,-122.390564
2023-05-12 03:15:08Similar DomainYesTLD Searcher1010Nonebattleb0t.wtfbattleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonehhcpatp (Net ID: 00:06:25:49:AE:74)33.336199,-111.89446440830702
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneCaymen-ENT (Net ID: 00:00:C5:DE:B8:F1)34.0544, -118.244
2023-05-12 02:44:03UsernameNoSpiderFoot UI36000Noneayshoo"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.170): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonewullbrandt (Net ID: 00:06:25:51:EC:E1)33.336199,-111.89446440830702
2023-05-12 02:44:15SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1funny.battleb0t.xyz
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c581b373d7d806c-ORD 188.114.96.1
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:2052104.21.6.166
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneENDOMED (Net ID: 00:02:CF:87:A5:FB)40.2024, 29.0398
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneRPOWER1 (Net ID: 00:02:6F:B3:3B:A8)33.617190550339146,-111.90827887019054
2023-05-12 02:53:04Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://fluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://fluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]fluid.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:05:5D:EC:C1:DE)33.336199,-111.89446440830702
2023-05-12 03:24:22Web ContentNoWeb Spider1020None<!DOCTYPE html> <html> <iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> </html> https://kekw.battleb0t.xyz/jar
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020Noneimgur (Category: images) https://imgur.com/user/battleb0t/aboutbattleb0t
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneUnited States Domain Name: CLOUDFLARESSL.COM Registry Domain ID: 1877752347_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2023-03-17T11:06:38Z Creation Date: 2014-09-27T01:11:37Z Registry Expiry Date: 2032-09-27T01:11:37Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARESSL.COM Name Server: NS2.CLOUDFLARESSL.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 E6F95480B8B7B40CB784DEFF3DB68992C1A795554748DAB4CCE69FD298BD5F1F URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARESSL.COM Registry Domain ID: 1877752347_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2023-03-25T07:00:34Z Creation Date: 2014-09-27T01:11:37Z Registrar Registration Expiration Date: 2032-09-27T01:11:37Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Name Server: ns1.cloudflaressl.com Name Server: ns2.cloudflaressl.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [001cat.github.io] https://www.openphish.com/feed.txt001cat.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:3C:1A:6D)33.6170672,-111.90564645297056
2023-05-12 02:54:13Software UsedYesCensys0040NoneCloudFlare CloudFlare Load Balancer2606:4700:3030::ac43:a8fc
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.148): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonecelikpalas (Net ID: 00:12:17:69:2B:2C)40.2024, 29.0398
2023-05-12 03:00:58Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.99): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.25): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.36): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:74:7D:E7:23)41.8781, -87.6298
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneTrello (Category: social) https://trello.com/AltpapierAltpapier
2023-05-12 02:55:15Software UsedYesCensys0030NoneLaravel Laravel165.232.113.85
2023-05-12 02:45:45Physical LocationNoAbstractAPI0020NoneChantilly, Virginia, 20151, United States, North America2606:50c0:8000::153
2023-05-12 02:59:02Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://lux7ury-bele5koy-77572a.netlify.app/_sa_product_specification_spec.pdf', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_4e8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_4e8_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_4e8_IESQMMUTEX_0_331"\n "IsoScope_4e8_IESQMMUTEX_0_303"\n "IsoScope_4e8_ConnHashTable<1256>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1256"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_4e8_IE_EarlyTabStart_0xa24"\n "IsoScope_4e8_IE_EarlyTabStart_0xa24_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF908509EB2CF1DCAB.TMP" has type "data"- Location: [%TEMP%\\~DF908509EB2CF1DCAB.TMP]- [targetUID: 00000000-00001256]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001256]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00000736]\n "YQUXABB1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQUXABB1.txt]- [targetUID: 00000000-00001256]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00000736]\n "~DF442CC12776867824.TMP" has type "data"- Location: [%TEMP%\\~DF442CC12776867824.TMP]- [targetUID: 00000000-00001256]\n "_E9EE79CE-250C-11ED-AA8D-080027808805_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00000736]\n "_084DCE00-250E-11ED-AA8D-080027808805_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF8A85CE863099679C.TMP" has type "data"- Location: [%TEMP%\\~DF8A85CE863099679C.TMP]- [targetUID: 00000000-00001256]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001256]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00000736]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://lux7ury-bele5koy-77572a.netlify.app/_sa_product_specification_spec.pdf"- [Source: Input]\n Pattern match: "https://lux7ury-bele5koy-77572a.netlify.app"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: http://brittanysdesigns.com/ (AV positives: 1/88 scanned on 08/26/2022 07:14:28)\n URL: http://musing-khorana-e13644.netlify.app/ (AV positives: 6/88 scanned on 08/26/2022 06:18:26)\n URL: https://ebroubank.netlify.app/ (AV positives: 17/88 scanned on 08/26/2022 04:50:57)\n URL: http://sneakerheads.cloud/ (AV positives: 2/88 scanned on 08/26/2022 04:00:52)\n URL: https://jrhunor.com/ (AV positives: 1/88 scanned on 08/26/2022 03:31:37)\n File SHA256: d73dc3a6ecca6902ac80046ef9a48ac136a4c7af203da1817e287fb54b64c147 (AV positives: 1/74 scanned on 08/23/2022 09:07:56)\n File SHA256: e4f875a727ff02309cdd1349884ee4d8313fb62719b1a15bfe795b6de56fbb37 (AV positives: 23/75 scanned on 08/20/2022 00:17:25)\n File SHA256: 0aff84aa363dd4cfaad6b77fd6ee53bd542a7a4067a9c9d8b3bd541f362e6443 (AV positives: 1/74 scanned on 08/18/2022 13:09:18)\n File SHA256: 3cbad8805eb55852f462a60a82f56f6ff267f2180af5fc40607838e97b58111e (AV positives: 10/75 scanned on 08/15/2022 23:57:10)\n File SHA256: 53b6bcc44935e6141356b24f7e68b4970457269119a206c0a0b5d731f2e556d4 (AV positives: 6/74 scanned on 07/31/2022 22:52:37)\n File SHA256: faa32adb3d32d68cd8bc667b146e874a96cb4469d8e5dbbe4122216b9771bd2e (Date: 11/17/2019 03:18:46)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'10/88 Antivirus vendors marked sample as malicious (11% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'63088b430ab94550560941eb', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'8d65ee6c3d3e29e2405c7de07ca0dbc6a3c42dfa8e6cfd38e0d683284459d33f', u'sha512': u'5c037da9eaca7b7f4d877909d4bb53191a10022e56763aaa6dd9200e3d1bbaa906a2ccc48af2f5e8f197c49209339b12c5756e2c156645477688af7e4cd3c156', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://lux7ury-bele5koy-77572a.netlify.app/_sa_product_specification_spec.pdf', u'submission_id': u'63088b430ab94550560941ec', u'created_at': u'2022-08-26T08:58:43+00:00', u'filename': None}], u'analysis_start_time': u'2022-08-26T08:58:44+00:00', u'tags': [u'phishing'], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 6, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'56f91aa4b860b6026632b490d88ce4af', u'network_mode': u'default', u'processes': [], u'sha1': u'574bf6eeb46291ad6338ea08d0467661215d2443', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': u'Phishing site', u'environment_description': u'Windows 7 64 bit', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]34.74.170.74
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ad981cbd3140a-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.135.9
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0080004.github.io] https://www.openphish.com/feed.txt0080004.github.io
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonew1r3L3ss (Net ID: 00:01:24:F3:0B:65)37.7813933,-122.3918002
2023-05-12 02:44:23SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 29 13:55:16 2022 GMT Not After : Mar 29 13:55:15 2023 GMT Subject: CN=tiktok.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:tiktok.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77: 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13 Timestamp : Dec 29 14:55:17.050 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:28:6D:42:8E:49:9E:0C:06:C1:19:32:87: BF:75:CE:80:8F:D6:EA:C5:3B:07:D6:4C:75:42:82:B7: AF:11:51:87:02:21:00:AE:B6:AE:63:CB:FF:A9:BC:83: A0:CB:D1:C6:02:EE:7B:8C:98:F1:37:20:95:B3:3D:3B: 1D:2E:39:2F:06:AF:D5 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 29 14:55:17.019 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:D9:21:B2:7A:EF:D8:EF:8A:6A:56:47: 07:FC:9B:67:B8:AE:3E:10:F9:AF:08:C7:4F:19:35:0D: C5:86:2C:A0:FC:02:20:23:BD:B1:50:ED:06:FD:32:BC: AE:E7:5A:20:25:B5:AF:2F:31:CA:1D:81:02:1B:A1:2C: F3:DE:98:F2:29:F5:42 Signature Algorithm: sha256WithRSAEncryption 69:a8:61:13:18:01:a6:06:e2:eb:7a:7f:50:95:06:92:17:8d: ca:63:d6:69:98:12:cf:b0:fa:ee:80:84:43:ff:f7:1f:35:fe: 72:06:36:88:ae:e4:77:27:a1:93:d1:eb:02:37:43:a8:e0:86: 61:58:2f:fd:b8:58:c4:fe:4d:1e:e7:cc:96:cf:0a:d5:16:48: 9f:46:b8:50:28:e1:ed:1e:1c:e8:de:90:ce:fd:33:bc:3a:3f: eb:8c:75:a9:62:13:f7:4f:2b:08:b6:ff:b0:a0:90:34:79:dc: 8f:45:7a:05:74:fa:fc:67:dc:64:6a:b8:82:b5:d8:15:dc:e6: 30:a1:47:0a:e3:0b:70:53:63:1c:e4:bd:93:48:f8:f8:a9:29: 47:b8:8c:e0:2a:aa:34:51:c8:15:63:92:48:e4:5c:09:73:8c: 34:26:6a:c2:dd:6d:88:c9:62:37:c7:07:7b:a7:cb:0b:65:95: 3b:9c:ec:a8:8e:63:0a:23:39:ab:20:1d:fa:d0:19:f8:cd:6c: 5b:28:00:57:e4:27:6a:d2:8b:10:68:0f:2e:76:30:48:41:7b: 10:5a:d6:74:99:4a:28:13:dc:83:45:4c:b2:5e:dd:bc:a4:73: 29:47:2c:b2:ad:19:c4:e8:3c:a6:e9:8a:06:b9:d6:a7:ca:fd: 6d:cd:fb:dd battleb0t.xyz
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080NonePicsart (Category: art) https://picsart.com/u/baptistevautheybaptistevauthey
2023-05-12 02:50:17Internet NameNoDNS Resolver0020Nonewww.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 25 01:39:25 2023 GMT Not After : May 26 01:39:24 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 0a:22:b1:e9:af:d4:a9:74:88:84:74:c6:0c:06:4e:88:44:eb: 3d:8b:ff:0f:67:9b:d9:59:64:93:86:9d:3a:67:d2:a0:3e:52: 6d:1c:e7:15:10:f3:f5:51:a1:19:bc:c1:17:81:af:6e:00:02: 2c:2b:94:b9:a1:29:49:0c:d6:a8:59:00:4b:47:60:f7:bf:4d: a5:8e:dc:6c:e7:62:2f:6e:45:28:27:5d:0b:af:59:e7:df:13: 7b:cf:b2:a2:da:32:8d:b4:3a:0a:9a:bf:a9:4a:e7:ca:7c:b6: 03:94:66:c9:f3:4e:8b:df:cb:62:a9:c2:05:d7:41:e7:96:0d: 2f:fd:52:d1:77:82:07:ba:c9:49:53:9d:54:ee:70:d1:90:b1: a3:cc:e7:9c:0c:45:e3:02:85:7d:b0:fb:ec:d0:7e:53:65:3b: df:c8:91:a1:21:7f:e2:6c:76:54:71:ce:4e:bd:b9:b8:30:a1: c2:bc:22:2f:5c:87:b2:76:87:ed:5e:2b:71:c5:82:1c:b7:14: 13:1b:f2:3d:0c:ee:c2:59:8f:7f:d2:9f:b0:78:9f:80:1f:ba: 8b:65:58:fc:3c:40:e8:02:39:06:f7:24:58:38:34:e0:0d:b2: 2e:8a:82:16:b9:ac:3d:73:4d:68:a6:f4:81:4c:48:22:6d:44: 3e:f3:16:30
2023-05-12 03:03:32Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007hyno.github.io
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneU+Net149B-CHO (Net ID: 00:01:36:93:14:99)34.0544, -118.244
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneTF2 Backpack Examiner (Category: gaming) http://www.tf2items.com/id/login/login
2023-05-12 02:57:27Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': 41, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://archiveforjam.netlify.app/static/srt/HiJO1-18.srt', u'signatures': [{u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" touched "Computer" (Path: "HKCU\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SHELLFOLDER")\n "rundll32.exe" touched "Enhanced Storage Icon Overlay Handler Class" (Path: "HKCU\\CLSID\\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\\INPROCSERVER32")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"ThemeApiConnectionRequest" (Indicator: "ThemeApiConnectionRequest") in Source: 00000000-00003484-0000003B-36197385'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SmartScreen_AppRepSettings_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\SmartScreen_ClientId_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\CommunicationManager_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\LRIEElevationPolicyMutex"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2440"\n "IsoScope_988_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "_SHuassist.mtx"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_988_IESQMMUTEX_0_331"\n "Local\\LRIEElevationPolicyMutex"\n "IsoScope_988_IESQMMUTEX_0_303"\n "CommunicationManager_Mutex"\n "IsoScope_988_IE_EarlyTabStart_0xe74_Mutex"\n "Local\\ZonesCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00003484)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00003484)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"~DF645655DB470F49DD.TMP" has type "data"- Location: [%TEMP%\\~DF645655DB470F49DD.TMP]- [targetUID: 00000000-00002440]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002440]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00002996]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002996]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002996]\n "HiJO1-18.srt.kcpvle5.partial" has type "UTF-8 Unicode text"- Location: [%USERPROFILE%\\Downloads\\HiJO1-18.srt.kcpvle5.partial]- [targetUID: 00000000-00002996]\n "~DFD6CAA9D81E87A12A.TMP" has type "data"- Location: [%TEMP%\\~DFD6CAA9D81E87A12A.TMP]- [targetUID: 00000000-00002440]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00002996]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002440]\n "L2R4NE1M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L2R4NE1M.txt]- [targetUID: 00000000-00002996]\n "8864D121A6EBD5E6D0EFEDAB49B51A90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\8864D121A6EBD5E6D0EFEDAB49B51A90]- [targetUID: 00000000-00002996]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002440]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00002996]\n "OJK4RYGG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OJK4RYGG.txt]- [targetUID: 00000000-00002440]\n "B126BF247C927A243E186240F06A7849" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B126BF247C927A243E186240F06A7849]- [targetUID: 00000000-00002996]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-55', u'name': u'Touches files in the Windows directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 6, u'description': u'"rundll32.exe" touched file "%WINDIR%\\AppPatch\\sysmain.sdb"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-16', u'name': u'Connects to LPC ports', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rundll32.exe" connecting to "\\ThemeApiPort"'}, {u'category': u'Environment Awareness', u'origin': u'Registry Access', u'identifier': u'registry-78', u'name': u'Contains ability to read software policies', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1082', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-312', u'attck_id': u'T1082', u'relevance': 1, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\SAFER\\CODEIDENTIFIERS"; Key: "TRANSPARENTENABLED")'}, {u'category': u'Environment Awareness', u'origin': u'Registry Access', u'identifier': u'registry-13', u'name': u'Reads the windows installation date', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"iexplore.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION"; Key: "INSTALLDATE")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /static/srt/HiJO1-18.srt HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: archiveforjam.netlify.app\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "1daf\n\\Xr`Um|?~T@+NI,og\n43\'LCeI\\7u?F35.229.48.116
2023-05-12 02:56:12Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://rhombussystems.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rhombussystems.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rhombussystems.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rhombussystems.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"75.2.60.5:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_81c_IESQMMUTEX_0_331"\n "IsoScope_81c_IE_EarlyTabStart_0x9a4_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_81c_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2076"\n "IsoScope_81c_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_81c_ConnHashTable<2076>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_81c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2076"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2C3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2D3.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab40.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "2NV4DI3M.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2NV4DI3M.txt]- [targetUID: 00000000-00002076]\n Dropped file: "7Q4BSDMY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7Q4BSDMY.txt]- [targetUID: 00000000-00003788]\n Dropped file: "AEL973TY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AEL973TY.txt]- [targetUID: 00000000-00002076]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsrhombussystems.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Tar2C3.tmp" has type "data"- Location: [%TEMP%\\Tar2C3.tmp]- [targetUID: 00000000-00003788]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003788]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._59B6A8D7-6B48-11ED-BEA3-080027C7C560_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "2NV4DI3M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2NV4DI3M.txt]- [targetUID: 00000000-00002076]\n "Cab2C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2C2.tmp]- [targetUID: 00000000-00003788]\n "_59B6A8D9-6B48-11ED-BEA3-080027C7C560_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF5F9C3305164EE004.TMP" has type "data"- Location: [%TEMP%\\~DF5F9C3305164EE004.TMP]- [targetUID: 00000000-00002076]\n "7Q4BSDMY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7Q4BSDMY.txt]- [targetUID: 00000000-00003788]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar2D3.tmp" has type "data"- Location: [%TEMP%\\Tar2D3.tmp]- [targetUID: 00000000-00003788]\n "Cab40.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab40.tmp]- [targetUID: 00000000-00003788]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002076]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003788]\n "~DFED514D7C2021B614.TMP" has type "data"- Location: [%TEMP%\\~DFED514D7C2021B614.TMP]- [targetUID: 00000000-00002076]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rhombussystems.com\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"rhombussystems.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://rhombussystems.com/"\n Pattern match: "https://rhombussystems.com"\n Heuristic match: "rhombussystems.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/92 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'637e51ca3b1a3748295963c8', u'target_url': None, u'interest104.196.30.220
2023-05-12 03:12:58Malicious AffiliateYesOpenPhish0030NoneOpenPhish [battleb0t.github.io] https://www.openphish.com/feed.txtbattleb0t.github.io
2023-05-12 02:54:15HTTP Status CodeNoWeb Spider0020None200nwapi2.battleb0t.xyz
2023-05-12 03:11:18Physical CoordinatesNoAbstractAPI0020None52.3759, 4.8975188.114.97.1
2023-05-12 02:53:32Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: E9B4:1F0F:9CADE8:E25A67:645D08C5 Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100040-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683818693.056035,VS0,VE27 Vary: Accept-Encoding X-Fastly-Request-ID: 695e2aec93a90cc9e1a6417b158a1f1d94a5129d 185.199.111.153
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.52): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:23:40Open TCP PortNoPulsedive0030None188.114.96.15:8080188.114.96.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomAABCE4 (Net ID: 00:0C:F6:AA:BC:E4)50.8897, 6.0563
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonemedyczka.pl (Category: health) http://medyczka.pl/user/loginlogin
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWestEd (Net ID: 00:02:2D:05:7E:93)37.780462,-122.390564
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES (Net ID: 00:12:BF:53:F6:5F)40.2024, 29.0398
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0130Nonenginx{"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:22 GMT", "content-type": "text/html"}
2023-05-12 02:44:39Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Jan 23 21:31:46 2023 GMT Not After : Apr 23 21:31:45 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85: 67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9: c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8: 12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6: c7:25:79:67:99 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 23 22:31:46.387 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:E4:5D:77:E7:B9:FC:9E:AD:1C:B5:62: 14:DD:D8:A1:B9:93:A7:95:80:D0:27:BE:9B:FC:96:DD: 90:D7:C4:30:AA:02:20:05:D4:DE:FE:C2:15:EF:1B:42: 74:2D:E4:3F:4F:CB:73:3D:EC:7B:44:18:37:71:14:A8: 00:F1:6C:6D:6B:77:67 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Jan 23 22:31:46.397 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:BD:22:C5:30:9F:6F:36:15:B7:D1:CA: AD:CF:EB:D0:94:75:7F:1F:5A:28:FD:93:B5:75:02:8F: D1:C6:87:41:2E:02:20:7C:52:E6:58:A4:8D:55:6A:69: 9C:2C:54:4C:7F:AC:22:28:8D:2B:54:D7:47:45:0A:C9: 6B:D8:24:59:2E:89:1F Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:90:aa:85:4e:91:c5:53:b9:d9:ce:56:8c:48: a4:84:84:df:15:f2:f7:bf:4b:d6:de:72:8d:e4:36:65:23:71: d4:4d:c8:2a:c7:b7:82:2b:69:73:9f:f4:f6:c1:7d:a3:6f:02: 31:00:97:48:3c:2f:eb:bf:19:54:bc:8e:14:95:49:a7:05:bf: e6:fa:13:41:2f:ff:2a:2b:4a:df:86:c2:17:9a:7a:15:fb:b9: 93:c8:cf:89:19:ce:5b:35:b7:4b:d3:57:36:16
2023-05-12 02:47:32Open TCP PortNoPulsedive0020None172.67.135.9:8080172.67.135.9
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneUSR9110 (Net ID: 00:14:C1:13:AB:45)40.2024, 29.0398
2023-05-12 02:44:30Software UsedYesTool - Wappalyzer0020NoneNetlifypics.battleb0t.xyz
2023-05-12 03:00:49Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.70): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:52:24Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://sidharth-97.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IE_EarlyTabStart_0xdec_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_ConnHashTable<3416>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d58_IESQMMUTEX_0_331"\n "IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "151.101.1.229:443"\n "104.18.22.52:443"\n "172.64.100.10:443"\n "45.57.91.1:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "cdn.jsdelivr.net"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "query.prod.cms.msn.com"\n "sidharth-97.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httpssidharth-97.github.ionetflix")\n Found string "* Copyright 2011-2021 Twitter, Inc." (Indicator: "dir "; File: "bootstrap.min_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "nficon2016_1_.png" has type "PNG image data 64 x 64 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63f51a68a5499078.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd491743fdd515733.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1585a879-ebb4-11ed-8e6c-080027e195af}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1585a87b-ebb4-11ed-8e6c-080027e195af}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd491743fdd515733.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1585a87b-ebb4-11ed-8e6c-080027e195af}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63f51a68a5499078.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1585a879-ebb4-11ed-8e6c-080027e195af}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "svgexport-2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "free-fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20230417-popsignuptwoweeks-perspective_alpha_website_large_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "bootstrap.bundle.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF0A9ADF1D503EF6B0.TMP" has type "data"- Location: [%TEMP%\\~DF0A9ADF1D503EF6B0.TMP]- [targetUID: 00000000-00003416]\n "~DF8C58A1EF4593F24A.TMP" has type "data"- Location: [%TEMP%\\~DF8C58A1EF4593F24A.TMP]- [targetUID: 00000000-00003416]\n "~DFD491743FDD515733.TMP" has type "data"- Location: [%TEMP%\\~DFD491743FDD515733.TMP]- [targetUID: 00000000-00003416]\n "~DF63F51A68A5499078.TMP" has type "data"- Location: [%TEMP%\\~DF63F51A68A5499078.TMP]- [targetUID: 00000000-00003416]\n "urlref_httpssidharth-97.github.ionetflix" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003416]\n "RecoveryStore._1585A879-EBB4-11ED-8E6C-080027E195AF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_1D1B495B-EBB4-11ED-8E6C-080027E195AF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_1585A87B-EBB4-11ED-8E6C-080027E195AF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "tv_1_.webp" has type "185.199.108.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneKP51 (Net ID: 00:01:71:0A:07:87)52.3759, 4.8975
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None200WMadison (Net ID: 00:01:21:30:9B:23)41.8781, -87.6298
2023-05-12 02:54:30Software UsedYesCensys0030NoneOpenBSD OpenSSH 7.964.226.81.43
2023-05-12 03:31:32Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@resellercamp.comDomain Name: AYSHU.XYZ Registry Domain ID: D346635612-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: https://idwebhost.com Updated Date: 2023-02-06T12:49:42.0Z Creation Date: 2023-02-01T09:45:59.0Z Registry Expiry Date: 2024-02-01T23:59:59.0Z Registrar: CV Jogjacamp Registrar IANA ID: 1478 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: cP Hosting World Registrant State/Province: Bagerhat Registrant Country: BD Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.CPHOSTINGWORLD.NET Name Server: NS2.CPHOSTINGWORLD.NET DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:34.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: AYSHU.XYZ Registry Domain ID: D346635612-CNIC Registrar WHOIS Server: whois.resellercamp.com Registrar URL: http://resellercamp.com/ Updated Date: 2023-02-01T09:46:29Z Creation Date: 2023-02-01T09:45:59Z Registrar Registration Expiration Date: 2024-02-01T23:59:59Z Registrar: CV. Jogjacamp Registrar IANA ID: 1478 Registrar Abuse Contact Email: abuse@resellercamp.com Registrar Abuse Contact Phone: +62.82141570000 Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited) Registrant Organization: cP Hosting World Registrant State/Province: Bagerhat Registrant Country: BD Name Server: ns1.cphostingworld.net Name Server: ns2.cphostingworld.net DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:02:34Z<<< For more information on Whois status codes, please visit https://icann.org/epp Registration Service Provided By: RESELL CORE The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is", and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The Registrar of record is CV. Jogjacamp. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms.
2023-05-12 02:54:22Linked URL - ExternalNoWeb Spider0040Nonehttps://pbs.twimg.com/profile_images/1513617779546595336/ojFIrGXM_400x400.jpghttps://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg
2023-05-12 02:54:17Open TCP PortNoCensys0040None2606:4700:3037::6815:470e:802606:4700:3037::6815:470e
2023-05-12 03:23:27Open TCP PortNoPulsedive0030None188.114.96.9:8080188.114.96.0/24
2023-05-12 03:12:12Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2016-6329 https://nvd.nist.gov/vuln/detail/CVE-2016-6329 Score: 5.9 Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.188.114.96.1
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-cache-status: MISS{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"}
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Noneply.gg185.199.110.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewlan (Net ID: 00:01:71:0A:19:07)52.3759, 4.8975
2023-05-12 03:03:16IP AddressNoDNS Resolver0020None104.21.71.14panel.battleb0t.xyz
2023-05-12 02:45:12Physical LocationNoipapi.co0020NoneToronto, Ontario, ON, Canada, CA2606:4700:3031::ac43:8709
2023-05-12 02:53:42Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America185.199.109.153
2023-05-12 03:01:00Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.104): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:49Company NameNoCompany Name Extractor0030NoneGitHub\, Inc.C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io
2023-05-12 03:09:08Vulnerability - GeneralYesTool - Retire.js0140NoneCVE-2019-8331 Score: Unknown Description: Unknownhttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
2023-05-12 03:03:26Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0001vrn.github.io
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5cc474dd9f2b1c-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.96.1
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D7:1D)32.8608, -79.9746
2023-05-12 02:44:49Company NameNoCompany Name Extractor0020NoneREG.RU LLCDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.43): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-cache-hits: 0{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 02:53:49Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America2606:50c0:8000::153
2023-05-12 02:55:11Software UsedYesCensys0020Noneexim exim 4.9587.248.157.102
2023-05-12 03:08:51Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12534.148.97.127
2023-05-12 03:09:05Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.11187.248.157.102
2023-05-12 03:35:10Malicious Co-Hosted SiteYesComodo0130NoneBlocked by Comodo DNS [00ffcc.cn]00ffcc.cn
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneVGF-KonstablerWache (Net ID: 00:02:6F:84:5C:04)50.1188, 8.6843
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007-liang.github.io185.199.111.153
2023-05-12 03:12:14Affiliate - Domain WhoisNoWhois6060NoneDomain Name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2022-06-08T05:38:27Z Creation Date: 2022-06-03T05:37:56Z Registry Expiry Date: 2026-06-03T05:37:56Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-06-03T05:37:56.70Z Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<< For more information on Whois status codes, please visit https://icann.org/epp01def.io
2023-05-12 02:59:54Affiliate - Email AddressNoE-Mail Address Extractor0030Nonedave@bradshaw.net[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://financialcafe.net/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_cc0_IESQMMUTEX_0_519"\n "IsoScope_cc0_IESQMMUTEX_0_303"\n "IsoScope_cc0_ConnHashTable<3264>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cc0_IESQMMUTEX_0_331"\n "IsoScope_cc0_IE_EarlyTabStart_0xdc4_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3264"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"52.24.76.118:443"\n "172.64.132.15:443"\n "104.16.87.20:443"\n "142.250.189.232:443"\n "65.8.158.69:443"\n "104.17.25.14:443"\n "185.199.110.153:443"\n "142.250.189.234:443"\n "142.250.191.67:443"\n "142.250.189.174:443"\n "184.27.80.18:443"\n "20.25.53.147:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ke.ca+"&cx=c";Io()&&(f+="&sign="+ke.Td);var g=te||ve?Ho(b,f):void 0;g||(g=rl("https://","http://",ke.jd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Jo(){if(Zh()){return!0}return!1};var Mo=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),No={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Oo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF3A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFD53.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF39.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFF39.tmp]- [targetUID: 00000000-00003376]\n "CabFD52.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFD52.tmp]- [targetUID: 00000000-00003376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "FinancialCafeBlack-06_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "FinancialCafeWhite-07_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "imgggnew_1_.png" has type "PNG image data 1920 x 1699 8-bit colormap non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "profiles_1_.png" has type "PNG image data 136 x 135 4-bit colormap non-interlaced"- [targetUID: N/A]\n "SSL-Certified-icons_1_.png" has type "PNG image data 131 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "TarFF3A.tmp" has type "data"- Location: [%TEMP%\\TarFF3A.tmp]- [targetUID: 00000000-00003376]\n "6IILQXTA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6IILQXTA.txt]- [targetUID: 00000000-00003376]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FRC8Z6SG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FRC8Z6SG.txt]- [targetUID: 00000000-00003264]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._FED39B3D-CE42-11ED-A569-08002791028F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "wallet_1_.png" has type "PNG image data 137 x 137 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFBCF09A62309EF55B.TMP" has type "data"- Location: [%TEMP%\\~DFBCF09A62309EF55B.TMP]- [targetUID: 00000000-00003264]\n "iframeResizerDestination.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "TarFD53.tmp" has type "data"- Location: [%TEMP%\\TarFD53.tmp]- [targetUID: 00000000-00003376]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "https://+c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "https://cct.google/taggy/agent.js"\n Heuristic match: "* Copyright: (c) 2018 David J. Bradshaw - dave@bradshaw.net"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/graphs/contributors"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;800&display=swap"\n Pattern match: "C.JgU/0$"\n Pattern match: "p6gu.gqN/\ufffd\ufffdm\ufffd/\u0225\ufffdy\ufffd]\ufffd\ufffd#\ufffd\ufffd\ufffd\ufffdh\ufffd\ufffd\ufffd\ufffd\u070f\ufffd\ufffdZ\ufffd*~\ufffd$O\ufffd\ufffd\ufffdA\ufffdd\ufffd7\ufffdH2oc\ufffd.v\ufffd\ufffdY#8i&2v\ufffd"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;800&display=swap"\n Pattern match: "MUID30D366FDCBF662572726741ECA726330msn.com/102513402695683110216750963867231023696*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*_gidGA1.2.1308012239.1680102288financialcafe.net/1088416549478431023896345636378031023695*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?rp(R(c,gaFunctionName)):rp();if(pa(k)){var"\n Pattern match: "www.google-analytics.com==a.host&&
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneNettWork2 (Net ID: 00:01:E3:0E:70:8B)50.1188, 8.6843
2023-05-12 03:09:41Affiliate - Internet NameNoDNS Resolver0040None124.48.229.35.bc.googleusercontent.com35.229.48.124
2023-05-12 03:24:22HTTP Status CodeNoWeb Spider0120None403http://ayhu.xyz/
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneFilmweb (Category: hobby) https://www.filmweb.pl/user/loginlogin
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonetsunami (Net ID: 00:0D:29:AC:D1:67)32.8608, -79.9746
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonenon-specified SSID !! (Net ID: 00:02:2D:8E:B2:0E)50.1188, 8.6843
2023-05-12 03:11:21Raw Data from RIRsNoAbstractAPI0030None{u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean, LLC', u'organization_name': u'Digital Ocean', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'05:11:20'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'46.101.229.70', u'continent': u'Europe', u'region_iso_code': u'HE'}46.101.229.70
2023-05-12 02:45:36Affiliate - Internet NameNoDNS Raw Records1020Nonefrabjous-lebkuchen-324004.netlify.apppics.battleb0t.xyz
2023-05-12 02:44:15SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io185.199.111.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneLILLY_BURSA (Net ID: 00:1A:2A:05:D4:D0)40.2024, 29.0398
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneDowling_Network (Net ID: 00:1D:D5:13:CA:40)32.8608, -79.9746
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f60465c67192a-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"}
2023-05-12 03:00:12Internet Name - UnresolvedNoCertificate Transparency0010Nonecpcalendars.ayhu.xyzayhu.xyz
2023-05-12 02:44:49Company NameNoCompany Name Extractor0030NoneGitHub\, Inc.C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io
2023-05-12 03:41:52Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: <REDACTED> Connection: close Content-Length: 315 45.131.109.53
2023-05-12 03:41:58Internet NameNoDNS Resolver0040Nonevm.battleb0t.xyz{"operating_system": {"vendor": "Microsoft", "product": "Windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "other": {"family": "Windows"}}, "last_updated_at": "2023-05-12T01:40:25.089Z", "ip": "45.131.109.53", "labels": ["file-sharing", "network-administration", "remote-access"], "location_updated_at": "2023-05-07T11:15:30.169008Z", "autonomous_system_updated_at": "2023-05-07T11:15:30.169132Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"vm.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-10T21:12:17.288943702Z"}, "11858-33959.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-29T16:38:25.585351786Z"}, "wakapi.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-29T14:27:35.242336552Z"}, "www.tt-dev.de": {"record_type": "CNAME", "resolved_at": "2023-01-05T14:36:51.431345945Z"}, "traefik.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-07T14:38:59.772471404Z"}, "tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-31T14:50:50.814184504Z"}, "test.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:05.064783690Z"}, "wiki.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-08T14:20:13.917172001Z"}, "grafana.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-01T14:18:17.398732703Z"}, "70724-04381.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-20T20:07:07.842037289Z"}, "npm.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:04.915388971Z"}, "portainer.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-14T14:32:52.020207987Z"}, "ci.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-06T14:26:38.984649398Z"}}, "names": ["traefik.tt-dev.de", "npm.tt-dev.de", "vm.battleb0t.xyz", "wakapi.tt-dev.de", "portainer.tt-dev.de", "ci.tt-dev.de", "tt-dev.de", "grafana.tt-dev.de", "test.tt-dev.de", "www.tt-dev.de", "wiki.tt-dev.de", "70724-04381.pph-server.de", "11858-33959.pph-server.de"], "reverse_dns": {"resolved_at": "2023-05-04T16:22:43.166057588Z", "names": ["vm.battleb0t.xyz"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["file-sharing"], "truncated": false, "service_name": "SMB", "_decoded": "smb", "banner_hashes": ["sha256:51d9f41a595c653b76dbff0adeec37710decd99e91825ba2de9ef6e273bfcaf0"], "source_ip": "162.142.125.225", "extended_service_name": "SMB", "smb": {"smbv1_support": false, "negotiation_log": {"security_mode": 1, "system_time": 1683815217, "server_start_time": 1240428288, "_encoding": {"server_guid": "DISPLAY_HEX"}, "capabilities": 7, "server_guid": "0000000000000000000000000000000031a109594c6a1d49a3303a66d4c26ecb", "dialect_revision": 528, "authentication_types": ["1.3.6.1.4.1.311.2.2.30", "1.3.6.1.4.1.311.2.2.10"], "header_log": {"status": 0, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "flags": 1, "command": 0}}, "smb_version": {"major": 2, "version_string": "SMB 2.1", "minor": 1, "revision": 0}, "session_setup_log": {"target_name": "70724-04381", "setup_flags": 0, "header_log": {"status": 3221225494, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "command": 1, "flags": 1}, "negotiate_flags": 2726953477}, "smb_capabilities": {"smb_multicredit_support": true, "smb_persistent_handle_support": false, "smb_dfs_support": true, "smb_leasing_support": true, "smb_encryption_support": false, "smb_directory_leasing_support": false, "smb_multichan_support": false}, "has_ntlm": true}, "observed_at": "2023-05-11T14:26:57.515685601Z", "banner_hex": "534d4220534d4220322e31", "perspective_id": "PERSPECTIVE_HE", "transport_fingerprint": {"raw": "65535,128,true,MNWNNS,1460,false,false", "os": "Windows *", "id": 429}, "banner": "SMB SMB 2.1", "port": 445, "software": [{"vendor": "microsoft", "product": "windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "source": "OSI_TRANSPORT_LAYER"}]}, {"tls": {"server_key_exchange": {"ec_params": {"named_curve": 24}}, "_encoding": {"ja3s": "DISPLAY_HEX"}, "version_selected": "TLSv1_2", "cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "certificates": {"_encoding": {"leaf_fp_sha_256": "DISPLAY_HEX"}, "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "ruG0HFgv/8OXJWtxPCjUSQ85xDh2SJLByLm11c5cyZyMwJU/sWedNfO9DrevuT8F7VTYR5X9Jn9+NDXdfpZEQNy6zH+rYAiGSV94DzEOv8TqWPEo6TIzWBaS72PEIlTdq7nRnq7wO229GGWbClkbdw9qb1Ul/qbRHM7TT3kh7/gVKezZbTafnBnRnSghbqP3Z+9EoHVAitQl4NFBxkS94wX+pi5FPNe/dGPxT8v8SrvPl+DxkvgcVomdT3Gt7JTvfgjSWY2hJ5+d9dHNrgV4NShiaSBkDhIw3H44DQxJJGeOiPvGGMCLbHZIhhcbpYiP+//lXbcmsSe7v8Dij7/WiQ==", "exponent": "AAEAAQ=="}, "fingerprint": "46f940f431befbf3e8c0d41e66defd7ca5752176463e410bf7ff1a076f677750"}, "subject_dn": "CN=70724-04381.pph-server.de", "pubkey_bit_size": 2048, "fingerprint": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "issuer_dn": "CN=70724-04381.pph-server.de", "names": ["70724-04381.pph-server.de"], "tbs_fingerprint": "103620f100eb7ba4c99aca138e14895b8d66946b6c6a90ced8fa2de351716b31", "subject": {"common_name": ["70724-04381.pph-server.de"]}, "signature": {"self_signed": true, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["70724-04381.pph-server.de"]}}, "leaf_fp_sha_256": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc"}, "ja3s": "364ff14b04ef93c3b4cfa429d729c0d9"}, "_encoding": {"certificate": "DISPLAY_HEX"}, "_decoded": "rdp", "jarm": {"_encoding": {"cipher_and_version_fingerprint": "DISPLAY_HEX", "tls_extensions_sha256": "DISPLAY_HEX", "fingerprint": "DISPLAY_HEX"}, "cipher_and_version_fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2ad", "tls_extensions_sha256": "fd9c9d14e4f4f67f94f0359f8b28f532", "observed_at": "2023-04-25T19:43:40.097167804Z", "fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2adfd9c9d14e4f4f67f94f0359f8b28f532"}, "rdp": {"selected_security_protocol": {"tls": true, "raw_value": 1, "rdstls": false, "error_hybrid_required": false, "credssp_early_auth": false, "error_bad_flags": false, "error_ssl_forbidden": false, "error_ssl_cert_missing": false, "credssp": false, "error_ssl_user_auth_required": false, "error": false, "error_ssl_required": false, "standard_rdp": true, "error_unknown": false}, "protocol_flags": {"dynvc_graphics_pipeline": true, "neg_resp_reserved": true, "restricted_auth_mode": true, "restricted_admin_mode": true, "extended_client_data_supported": true}, "connect_response": {"connect_id": 0, "domain_parameters": {"max_mcspdu_size": 65528, "num_priorities": 1, "max_user_id_channels": 3, "domain_protocol_version": 2, "max_token_ids": 0, "max_provider_height": 1, "max_channel_ids": 34, "min_throughput": 0}}, "version": {"raw": 524299, "major": 10, "minor": 6}, "certificate_info": {}, "x224_cc_pdu_srcref": 13330}, "certificate": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "truncated": false, "service_name": "RDP", "labels": ["remote-access", "network-administration"], "source_ip": "167.94.146.58", "extended_service_name": "RDP", "observed_at": "2023-05-11T13:18:54.374691218Z", "perspective_id": "PERSPECTIVE_TELIA", "transport_protocol": "TCP", "port": 3389, "transport_fingerprint": {"raw": "64000,128,true,MNWNNS,1460,false,false"}}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://45.131.109.53:5985/"}, "response": {"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "Not Found", "protocol": "HTTP/1.1", "body_size": 315, "body_hashes": ["sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0", "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083"], "status_code": 404, "body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083", "headers": {"Content_Length": ["315"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]}, "html_tags": ["<TITLE>Not Found</TITLE>", "<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"], "source_ip": "162.142.125.216", "extended_service_name": "HTTP", "observed_at": "2023-05-12T01:02:37.678343941Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a", "perspective_id": "PERSPECTIVE_HE", "banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n", "port": 5985, "software": [{"product": "Windows", "vendor": "Microsoft", "source": "OSI_APPLICATION_LAYER", "p
2023-05-12 02:54:16Web ContentNoWeb Spider1020None<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="Cache-Control" content="no-cache"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes"> <link rel="apple-touch-icon" href="logo.png"> <link rel="icon" href="logo.png"> <title>WebGL Fluid Simulation</title> <meta name="description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:type" content="website"> <meta property="og:title" content="Webgl Fluid Simulation"> <meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/"> <meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png"> <script type="text/javascript" src="dat.gui.min.js"></script> <style> * { user-select: none; } html, body { overflow: hidden; background-color: #000; } body { margin: 0; position: fixed; width: 100%; height: 100%; } canvas { width: 100%; height: 100%; } .dg { opacity: 0.9; } .dg .property-name { overflow: visible; } @font-face { font-family: 'iconfont'; src: url('iconfont.ttf') format('truetype'); } .bigFont { font-size: 150%; color: #8C8C8C; } .cr.function.appBigFont { font-size: 150%; line-height: 27px; color: #A5F8D3; background-color: #023C40; } .cr.function.appBigFont .property-name { float: none; } .cr.function.appBigFont .icon { position: sticky; bottom: 27px; } .icon { font-family: 'iconfont'; font-size: 130%; float: right; } .twitter:before { content: 'a'; } .github:before { content: 'b'; } .app:before { content: 'c'; } .discord:before { content: 'd'; } </style> </head> <body> <canvas></canvas> <script src="./script.js"></script> </body> </html>oldfluid.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneRossAviation206 (Net ID: 00:0C:42:6C:BE:A6)33.6170672,-111.90564645297056
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.6534.74.170.74
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<hidden ssid> (Net ID: 00:01:E3:54:AE:E3)52.3759, 4.8975
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.38): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:11:17Physical CoordinatesNoAbstractAPI90020None52.3759, 4.8975188.114.96.1
2023-05-12 02:52:59Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://www.battleb0t.xyz", "firewall": "Fastly", "detected": true, "manufacturer": "Fastly CDN"}, {"url": "https://www.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]www.battleb0t.xyz
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.51): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01010101lzy.github.io] https://www.openphish.com/feed.txt01010101lzy.github.io
2023-05-12 02:45:48Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://traderai.space/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d08_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d08_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d08_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_d08_ConnHashTable<3336>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d08_IE_EarlyTabStart_0xd2c_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d08_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3336"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"191.101.2.55:443"\n "172.217.12.106:443"\n "151.101.1.229:443"\n "185.199.111.153:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "threejs.org"\n "traderai.space"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB2B0.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB240.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001016]\n "CabB29F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB29F.tmp]- [targetUID: 00000000-00001016]\n "CabB230.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB230.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "TarB2B0.tmp" has type "data"- Location: [%TEMP%\\TarB2B0.tmp]- [targetUID: 00000000-00001016]\n "KFOlCnqEu92Fr1MmWUlvAA_1_.woff" has type "Web Open Font Format TrueType length 65556 version 1.1"- [targetUID: N/A]\n "KFOmCnqEu92Fr1Me5g_1_.woff" has type "Web Open Font Format TrueType length 65456 version 1.1"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001016]\n "particles.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003336]\n "logow_1_.png" has type "PNG image data 432 x 136 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DF497BB768EA621C59.TMP" has type "data"- Location: [%TEMP%\\~DF497BB768EA621C59.TMP]- [targetUID: 00000000-00003336]\n "~DF4FA1B0A9F3FF7EDF.TMP" has type "data"- Location: [%TEMP%\\~DF4FA1B0A9F3FF7EDF.TMP]- [targetUID: 00000000-00003336]\n "~DFBC1F098CB0C585CC.TMP" has type "data"- Location: [%TEMP%\\~DFBC1F098CB0C585CC.TMP]- [targetUID: 00000000-00003336]\n "RecoveryStore._3D4AE533-DDC0-11ED-BD38-080027C37619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_3D4AE535-DDC0-11ED-BD38-080027C37619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_475EE3B6-DDC0-11ED-BD38-080027C37619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "script_1_.js" has type "ASCII text"- [targetUID: N/A]\n "VOPKN6EE.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\VOPKN6EE.htm]- [targetUID: 00000000-00001016]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "FSNCEO3Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FSNCEO3Q.txt]- [targetUID: 00000000-00003336]\n "FF4BO7D3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FF4BO7D3.txt]- [targetUID: 00000000-00003336]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://traderai.space/"\n Pattern match: "https://traderai.space"\n Pattern match: "MUIDB12A5A57128306EB03399B786297C6F47ieonline.microsoft.com/9216229494092831106132106127659431027661*"\n Pattern match: "SUIDMmicrosoft.com/9216216245171231027778106127659431027661*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUID1E300F3F0C876CC339721DC80D036D95msn.com/1025229494092831106132106830784431027661*"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025318836044831063887106783909431027661*"\n Pattern match: "www.msn.com/"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "http://opensource.org/licenses/MIT/*"\n Heuristic match: "/* Author : Vincent Garreau - vincentgarreau.com"\n Pattern match: "http://opensource.org/licenses/MIT"\n Pattern match: "vincentgarreau.com/particles.js"\n Pattern match: "github.com/VincentGarreau/particles.js"\n Pattern match: "SUIDMmicrosoft.com/9216216245171231027778106127659431027661*MUID12A5A57128306EB03399B786297C6F47microsoft.com/1025229494092831106132106127659431027661*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216216245171231027778106127659431027661*MUID12A5A57128306EB03399B786297C6F47microsoft.com/1025229494092831106132106127659431027661*_EDGE_V1microsoft.com/9216229494092831106132106158909431027661*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Me5g.woff"\n Pattern match: "https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlvAA.woff"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap"\n Pattern match: "https://cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js"\n Pattern match: "https://threejs.org/examples/js/libs/stats.min.js"\n Heuristic match: "cdn.jsdelivr.net"\n Heuristic match: "fonts.googleapis.com"\n Heuristic match: "fonts.gstatic.com"\n Heuristic match: "threejs.org"\n Pattern match: "https://traderai.space/Accept-Language"\n Pattern match: "particles.js/2.0.0/particles.min.js"\n Pattern match: "https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://185.199.111.153
2023-05-12 02:45:48Physical LocationNoAbstractAPI1020NoneChicago, Illinois, 60666, United States, North America104.21.6.166
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneNGMH (Net ID: 00:09:5B:B3:C8:70)33.6170672,-111.90564645297056
2023-05-12 02:45:48Internet NameNoVirusTotal0020Nonefunny.battleb0t.xyzkekw.battleb0t.xyz
2023-05-12 02:54:13HTTP Status CodeNoWeb Spider0030None200https://ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0040Nonecloudflare{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:26Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 09:cc:cb:40:35:8f:10:16:7b:c7:37:cb:94:7e:31:1a Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 Validity Not Before: Mar 23 00:00:00 2023 GMT Not After : Mar 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:c7:e0:ee:e2:73:a9:c6:66:6e:30:ed:fc:ae:52: d4:ca:18:2f:13:3b:72:ab:38:92:54:46:c1:4d:8e: 47:44:3c:fd:42:6f:de:16:4a:26:42:38:ad:e6:91: f4:0b:0b:51:3f:e6:50:3a:4c:ca:ea:9e:3d:ae:a2: 1a:21:17:88:b9 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F X509v3 Subject Key Identifier: ED:98:C9:DB:21:9F:40:A3:B3:0F:A1:47:F2:8D:C0:DD:DA:EB:C7:D1 X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz, DNS:sni.cloudflaressl.com X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl Full Name: URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt X509v3 Basic Constraints: critical CA:FALSE CT Precertificate Poison: critical NULL Signature Algorithm: ecdsa-with-SHA256 30:46:02:21:00:f0:9f:8d:f6:d4:d5:c9:85:3d:e1:3b:e8:89: 39:bb:cd:62:6f:8c:ee:3f:e9:ac:78:6c:9b:85:17:ee:a9:64: 05:02:21:00:e4:53:28:da:31:66:f2:dc:34:6e:1b:42:2d:d7: 79:d3:ee:4b:3d:8a:1c:37:ce:37:5d:dc:4f:bf:b9:94:32:b3
2023-05-12 03:03:29Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io002evapey.github.io
2023-05-12 03:10:00Affiliate - Internet NameNoDNS Resolver1040Noneshop.telleria.com165.232.113.92
2023-05-12 03:03:22Co-Hosted Site - Domain NameNoDNS Resolver0030None0.church0.church
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.8434.74.170.74
2023-05-12 03:18:06URL (Uses Javascript)NoPage Information0030Nonehttp://oldfluid.battleb0t.xyz<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="Cache-Control" content="no-cache"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes"> <link rel="apple-touch-icon" href="logo.png"> <link rel="icon" href="logo.png"> <title>WebGL Fluid Simulation</title> <meta name="description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:type" content="website"> <meta property="og:title" content="Webgl Fluid Simulation"> <meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers."> <meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/"> <meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png"> <script type="text/javascript" src="dat.gui.min.js"></script> <style> * { user-select: none; } html, body { overflow: hidden; background-color: #000; } body { margin: 0; position: fixed; width: 100%; height: 100%; } canvas { width: 100%; height: 100%; } .dg { opacity: 0.9; } .dg .property-name { overflow: visible; } @font-face { font-family: 'iconfont'; src: url('iconfont.ttf') format('truetype'); } .bigFont { font-size: 150%; color: #8C8C8C; } .cr.function.appBigFont { font-size: 150%; line-height: 27px; color: #A5F8D3; background-color: #023C40; } .cr.function.appBigFont .property-name { float: none; } .cr.function.appBigFont .icon { position: sticky; bottom: 27px; } .icon { font-family: 'iconfont'; font-size: 130%; float: right; } .twitter:before { content: 'a'; } .github:before { content: 'b'; } .app:before { content: 'c'; } .discord:before { content: 'd'; } </style> </head> <body> <canvas></canvas> <script src="./script.js"></script> </body> </html>
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonewavelan network (Net ID: 00:02:2D:0D:63:6F)34.0544, -118.244
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c57480ebf7f3732-FRA Content-Encoding: gzip 188.114.96.1
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneDevOps - DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development and IT operations as a means for improving and shortening the systems development life cycle.cdn-185-199-111-153.github.com
2023-05-12 02:44:20Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.110.153
2023-05-12 03:32:27Open TCP PortNoPulsedive0030None188.114.97.14:443188.114.97.0/24
2023-05-12 02:56:33Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://voyageplay.ai/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar32FA.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bf8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bf8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_bf8_IESQMMUTEX_0_519"\n "IsoScope_bf8_ConnHashTable<3064>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_bf8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_bf8_IE_EarlyTabStart_0xb78_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3064"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3064"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab32F9.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002976]\n "~DF0102A8D036D93BAD.TMP" has type "data"- Location: [%TEMP%\\~DF0102A8D036D93BAD.TMP]- [targetUID: 00000000-00003064]\n "~DF6DA11E7760B49E9F.TMP" has type "data"- Location: [%TEMP%\\~DF6DA11E7760B49E9F.TMP]- [targetUID: 00000000-00003064]\n "RecoveryStore._D53E7D97-1CF4-11ED-96A5-080027F708E5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar32FA.tmp" has type "data"- Location: [%TEMP%\\Tar32FA.tmp]- [targetUID: 00000000-00002976]\n "J0CXAHLN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0CXAHLN.txt]- [targetUID: 00000000-00003064]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003064]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002976]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003064]\n "9F4E7D2B4E1791C98BAE1536D04998B0" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9F4E7D2B4E1791C98BAE1536D04998B0]- [targetUID: 00000000-00002976]\n "RM4WKYJ5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RM4WKYJ5.txt]- [targetUID: 00000000-00003064]\n "_593C2B6E-1CF7-11ED-96A5-080027F708E5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab32F9.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab32F9.tmp]- [targetUID: 00000000-00002976]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003064]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003064]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: voyageplay.ai\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_104.196.30.220]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 11496\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 360\nContent-Type: application/octet-stream\nDate: Mon, 15 Aug 2022 22:26:27 GMT\nEtag: "03ac729a0a20f0fa736f8d32597e40d7-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GAJ4SY0PCVKT6ZTGE83ZQNQ2\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-192x192.png",\n "sizes": "192x192",\n "type": "image/png"\n },\n {\n "src": "/android-chrome-512x512.png",\n "sizes": "512x512",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"- [Source: SSL_104.196.30.220]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: voyageplay.ai\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.196.30.220]\n\n "-,,-,,-,,-,,-,,-,,-,,-,,-,,100ONNxwwxwwONN100-,,-,,-,,-,,-,,-,,-,,-,,-,,\'\'\'\n,,,-,,-,,-,,-,,-,,-,,-,,211ttttss211-,,-,,-,,-,,-,,-,,-,,,,,))),,,-,,-,,-,,-,,-,,-,,?>>???-,,-,,-,,-,,-,,-,,,++)))-++-,,-,,-,,-,,-,,-,,????>>-,,-,,-,,-,,-,,-,,-++"""-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n211yxxXWWXWWyxx100-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n""")))J,++-,,-,,-,,-,,-,,tttwvv0//-,,-,,-,,-,,0//wvvsss-,,-,,-,,-,,-,,-,,***I-++-,,-,,-,,-,,-,,100wvv-,,-,,-,,-,,-,,-,,-,,-,,wvv100-,,-,,-,,-,,-,,+++,++-,,-,,-,,-,,-,,ONN0//-,,-,,100ZYYZYY100-,,-,,0//ONN-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,-,,xwwyxx-,,-,,100100-,,-,,yxxwww-,,-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,XWW-,,-,,ZYYZYY-,,-,,VUU-,,-,,-,,-,,-,,,++,++-,,-,,-,,-,,-,,XWW-,,-,,ZYYZYY-,,-,,.--4444334330//-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,-,,xwwyxx-,,-,,100100-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,ONN0//-,,-,,100ZYYZYY100-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++-++-,,-,,-,,-,,-,,100wvv-,,-,,-,,-,,-,,-,,-,,-,,-,,-"- [Source: SSL_104.196.30.220]\n\n ",,-,,-,,-,,-,,-,,-,,-,,-,,-,,+++)))J,++-,,-,,-,,-,,-,,tttwvv0//-,,-,,-,,-,,/...---,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,***I"""-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n211yxxXWW\\[[{{{zyy-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n"""-++,..&EF!\\]$OP+11-,,???<;;-,,-,,-,,-,,-,,-,,-,,-,,-,,-++A ab-,,???-,,-,,-,,-,,-,,-,,-,,-,,,,,)))ac-,,211tttsrr.---,,-,,-,,-,,-,,-,,-,,,,,+11-,,-,,100ONNxww{{{SRR211-,,-,,-,,-,,-,,-,,-,,-,,-,,\'\'\'\n$OP-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,))));;8!\\]-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,...2&EF-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,)))s,..-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,,,,,,\'\'\'\nA-++-,,,++-,,-,,-,,-,,-,,-,,-,,-,,,++-,,-++)))\ns""")))J-++\n++-\n\n\n++\n++-\n\n\n++-++***I"""(0` U\'\'\'\n%%%")))P+++|-++-++-++-\n\n-\n\n-++-++-+++++|)))P%%%"\'\'\'\nU)))2+++j-,,,++-,,,++-,,-,,-,,-,,-,,-,,-,,-,,,++-,,,++-,,+++j)))2 ***-++,**-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,**-++***111.++d,,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,,,.++d111.))8-,,,++-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++-,,.**7333/,,L,++-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++/,,L333....++d-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,.++d...333.++d-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,.++d333104.196.30.220
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneChris (Net ID: 00:1D:D1:A7:3B:10)32.8608, -79.9746
2023-05-12 02:56:54IPv6 AddressNoDNS Resolver0020None2606:4700:3031::ac43:8709www.ayhu.xyz
2023-05-12 03:03:24Co-Hosted Site - Domain NameNoDNS Resolver2030None000.lt000.lt
2023-05-12 03:32:18Malicious AffiliateYesabuse.ch0140Noneabuse.ch URLhaus (Domain) [cdn-185-199-109-154.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-109-154.github.com
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneMariner (Net ID: 00:14:C1:0D:F8:10)40.2024, 29.0398
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.153): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:09:43Affiliate - Internet NameNoDNS Resolver0040None123.97.148.34.bc.googleusercontent.com34.148.97.123
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:00:C5:D7:47:EC)37.7642, -122.3993
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneXFINITY (Net ID: 00:0D:67:33:68:5F)39.0469, -77.4903
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.125): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES (Net ID: 00:12:BF:30:97:DD)40.2024, 29.0398
2023-05-12 02:57:25Internet NameNoCertificate Transparency0110Nonenuke.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:53:20IP AddressNoMnemonic PassiveDNS28020None207.154.228.169kekw.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBDSMLR (Category: XXXPORNXXX) https://login.bdsmlr.comlogin
2023-05-12 02:44:15SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 Validity Not Before: Feb 21 00:00:00 2023 GMT Not After : Mar 20 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f: a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af: ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24: 29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09: 23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a: 5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed: f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99: 4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77: c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2: 38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3: f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57: 77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee: 3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76: b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1: 95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f: 43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97: 2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07: 24:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4 X509v3 Subject Key Identifier: 8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Feb 21 15:03:41.179 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD: F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24: D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25: A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53: A4:D8:EF:86:C7:5C:70:1A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6: 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5 Timestamp : Feb 21 15:03:41.162 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7: 09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3: 74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A: 04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37: AB:35:8B:24:23:B9:2B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Feb 21 15:03:41.130 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09: BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45: 49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98: 13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E: 4F:4E:1C:82:A5:B3 Signature Algorithm: sha256WithRSAEncryption 37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08: 1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79: 13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22: 8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37: 4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0: 4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43: 64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef: 4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c: f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a: fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da: 33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08: e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8: 28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96: d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75: 27:d0:e3:df 185.199.111.153
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/fredo.PNGhttps://pics.battleb0t.xyz/
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneTwitter (Category: social) https://twitter.com/AltpapierAltpapier
2023-05-12 02:48:53Malicious Co-Hosted SiteYesVirusTotal0020NoneVirusTotal [githubusercontent.com] https://www.virustotal.com/en/domain/githubusercontent.com/information/githubusercontent.com
2023-05-12 02:45:35Raw DNS RecordsNoDNS Raw Records0010Noneayhu.xyz. 86400 IN NS brett.ns.cloudflare.com. ayhu.xyz. 86400 IN NS leanna.ns.cloudflare.com.ayhu.xyz
2023-05-12 03:09:55Affiliate - Internet NameNoDNS Resolver0030Noneplesk.keyubu.net87.248.157.103
2023-05-12 02:54:15Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8www.battleb0t.xyz
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneTF2 Backpack Examiner (Category: gaming) http://www.tf2items.com/id/battleb0t/battleb0t
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonex-github-request-id: 1AD4:4FA0:AFAB37:106D10A:645DA7F4{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:31:19Malicious IP on Same SubnetYesblocklist.de0040Noneblocklist.de List [64.226.80.0/20] http://lists.blocklist.de/lists/all.txt64.226.80.0/20
2023-05-12 02:44:05Raw Data from RIRsNoCertSpotter10010None[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afabattleb0t.xyz
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F0:97:C1)37.780462,-122.390564
2023-05-12 02:54:23HTTP Status CodeNoWeb Spider0050None403https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU
2023-05-12 02:45:35Internet NameNoDNSDumpster0010Nonekekw.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.61): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.12335.229.48.116
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneTroop (Net ID: 00:0E:F4:ED:81:91)37.751, -97.822
2023-05-12 03:00:57Malicious Co-Hosted SiteYesVXVault.net0120NoneVXVault Malicious URL List [github.com] http://vxvault.net/URL_List.phpgithub.com
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter0010NoneCN=oldfluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:23:35Open TCP PortNoPulsedive0030None188.114.96.13:8443188.114.96.0/24
2023-05-12 03:08:49Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.10835.229.48.116
2023-05-12 02:44:24Internet NameNoDNS Resolver0020Nonenwapi.battleb0t.xyzCN=nwapi.battleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None0101.github.io185.199.111.153
2023-05-12 03:33:13Web Content LanguageNoLanguage Detector0050NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5eeb1a42bf')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="OwKUCDNMgBcJHVKY8nwcXEP4QH6PT2kVm2HBGkp44qM-1683861862-0-AWLoc992boZljuKuI-OBA8JKemVnVUC1OpOL5WA6H__Iq90123kv27raPeBnAM1gG8-u_GUHUIjkNRARNHi-eimNvmJ4rPPxMkUV2QmYUEqMIZBr0A65Rs8LmsZu82c9s9x6llue0RdEW_caMvviu63PT1rv_bBKXMf1rHRuL651jz2WFzUdCtMQpW6Egz9tRVRjq5p5DSqDh55BkcMfXifbvXVDgCJtfVyuppJGXIw1O3dWJT8pln-UY4GtVbRsMFPevbWJODfBaMma6BpIVfB3OcO1PwoUlljtOyyIFegfArGbCDdTMuWW7MTLDlShBnu-Lhu5vOc-Ud28hWS6Af2dBCBcHh5XGl_1kuftIN3x2Yrz1OgV60xO0_Ft4cvMx22_Xbt7KQegGiYk7J4oDHrBq-69T02ReScczZXd4TQyXoU9qHcKZvKsNQmpV8fSqGGhR6xiFbU8_QFDTT8jXa5OZWcXPnNRfc6AD50gDy5Q6ftPGx8ku1bIa-BYJl0tEjfjvdrLmpKOgvt9HqryqBGQGW4sUnihX9ydJUDsex46ckUHkCXeufqZn5AD6MtN5oYFRHHhtjXnJcAp8WeElzI07rPkFj51H8EcsL4wD4_j8spF714slOYp5I3UNmZcpEY7hPbC_UrXxeNbe8Vb8W4O-5IvI2tAlXSs551O3aDHuLsWbsArUO69cE4cxnurB8E2VDklGwp0UjIA1ZbCcpeAqz4V9q7Rwf-aIp9UCsMIdDd03vJdv4BEy-C0uG1-hj0OttJBemux1PqA1Oxh9yKktn6NkFswTsNgRXA8FQdJPB55BpT7hX34f--63YYznOGOdwPnDQcV50l_KNiuyd5iXvh6Ql-Y6gEkavuOPF7ZE9H3PdFRCjRHpQfMmVGrr33gOKExrD-4XicoHlXnlplsncZhnYm0eFVn58vM-kJzFzoAYzJQ6LHPK-rLwUXHzdM6AMR_OdpTBapGpYQut19xKMEhf7XFlJB3i5IvPoLlbKbnM6DASBEm9gloHgHGhLjyH1D86MFl7dLmOy7HXf9Dt59vLXRTySh361-MOVviaFEilkvPgOfzGNeoCglzenOA29aR5-LvniWcnxwdMx19GiPvWq5dL0FsY-IaI8C318jSGkDd19eYdtZYb5Trduu1XD0QykyRaGCiXFCKXs9qPoDsrChJMKxRJKG6txIjwI-hz9vzBTixzmEz31H_03qyn6xl9MHLNpR4uoY5ttVTXocR7hDlDoTIHoxw4bmwvZZns-g2xlnvOFfDm6Z3ymoAiBTVXb9UI0-FgG-KNuyY4Y49oFMfBVNbHXGX0NQ7nC0zQXw0LMG69KhyLsZAbvBSEmnEAy81l38C-eHlDjsSlcF_pEqbs8b24FlZ_Ycg5qR-qEhQLJ_IivsUFKo4fWdGLbL7vtldXPDD9ikL5U_HiqKqxo8b-MjuggAlbaMrnYqciKkrFAYhtlSn6vG0BcwQbEZVsrKxnf1U5iCKBIDK1cXcJ7qxw6FoFlpbsT9cf9V-SFcvkbQR4ynJNaf1tfeZ6cTUfprkZy8GusVJdlQcoHnz3EkTZyvTp96y0si0IlMRhE1eqk8AoDep7FzFKBEGzL7gDQU2Jn1nwjFLKXoqiHtb5T9bBlt5hhj_Ci6kEYTQdRQGW8cTzRzMqPyN66hhKyLGLcgc7GZethYHaIwxFGmc_-FTVSTksGANC23y4Y0EQ958se1s8VzeS_g_Q7AoqHmpjBZ2xnQukuWvbqKS_jTYtZPUwascKOCTAnovpYgH8wEPiBeTBcqYmCRQUV1WQ5Sl2pAf4AfP3RpDCeUM9RYjWn8EtaTb5Bhr_k9830NT-b8RF7puAAgLTTKA4q6e5vn2ewBbnV7XJ0GouaXcDgkRUitPYbV97TyYXMDG5jrsoDMwKExF3yfQ65a4HURQJ3I0-2cN6cUG-Y-wfJ_ULyEJZKHCJ0AAHYnUol27xezw1EIch91oOc2hzP8yiIMXI8T3Yo-aupeX9LKThZP5WSadqXIdAKdNvRnbMtEuMzDmhmp29m0ybwuinUP8O7RYb7j1B42foptRV6LcZaaB7GxtNFE6cbYJEgKR3EVXJ9v1X1LNujPJ_2-MknLO1BAr44SCZq4n5UiQqguKB0ip0JOSrV9oOqb3mxkBI20TA2suDdWcUUiDjuemwe_R_SFef-VIvq4m-JFV_iinHTfs5xSvQj_DV9QpslncdUm4d3a4BDcKZYMI_YaNhT37IZDWJKLAZUX_a4_bgw8NO47VSFunBOSL4CABnjTz1vyLJql2e3xxqjgafM7I6m59nuymQeY8F1qvaKmYyA1bIjmlBpJjIy-YvbCvFy0xRzKQttdY1KMKqJpm2hMaWno-PDyzEL6Hdcvve0j1uskEzjTLP_kK22Nhie7r9a88EK-EJpd4ugQ4u7t-kbsifC-M0rVW6p8dFHSbqa0iaKw84zeu6BHIQYJpq8ZELQZOExGCyk3QdEEKgtXofElfaYiQeb5hxWCA9mTHgbKSVuU6D2o"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '2801', cRay: '7c5f8c5eeb1a42bf', cHash: '66932cb8b087b32', cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'bBrUwSR1j4q+jiK831F3uz4Yhp8vDXUt4BefqtjwDOM1gm//5501ZpnQ7c811CiMG7EvRE/6yKWzdSdEgeqlKrPobmKgPq4s4sf5keh0JSpRTFqyThcJtJJr1NWRsfypsHrBAC+XbLByIcYvWD8TmKM3Lhv7t6zi6igSlfKXyW90iyZVyqiH832ebLGiO/GSvvShgl1OfVaUjymgCjY8n2bwTQnz1bukp+HAMcsu1wZ3PK1kdPfO+f6tcNFOs2NyMVJRmQfONHTCt2nKiRK6ouj1Q6Ih203tDYZ5b0WmDfvIz7g3fRTkgLvOxApauVZZ+Pn/FqSlbbEuJ5Y0aM2tvO/8QCq5RpbNSQjdvneQgssTK9l1UKSvRFVWE5iKT4EQV1PBMPxYDBJ+CvYrUHSFx9P+yC9YQqnfqdmyJ9FgXN/PhzJhVNTNCuoNVqV31Wu1Q5EP48PNidXTO4PmCrJKW8p3kSzZx/9Yl/8dCnD9smPeVcx5F6nXmnXOfIJiYKRBRZ58nvyXlIirQZyiZSy0uk2tqc5S71/Aw3pbF23wUkCK/NSr0bVfW1AY4v9YGH9L', t: 'MTY4Mzg2MTg2Mi4yMjQwMDA=', m: 'kADszgADVaHA/mRyw7h+MKSs6RoLc0QTNBq8+AYYMs8=', i1: 'q0RPvxk//GqHpe4FgiHvYg==', i2: 'CV688EYHriA2UWvDyWxv3g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5eeb1a42bf'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5eeb1a42bf'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:54:07HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5445d12f8c1040-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}2606:4700:3031::ac43:8709
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.4): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMSCI (Net ID: 00:11:93:03:4B:10)32.8608, -79.9746
2023-05-12 03:23:09Open TCP PortNoPulsedive0030None188.114.96.0:80188.114.96.0/24
2023-05-12 03:34:01Raw File Meta DataNoBinary String Extractor0040None"Exif sgssso <Qwm7 >6x.O x>t7? g$sy? .b97< /Ggy! l/5-o ggs43Z x.o.n> NNEsz gmuss Mswy5 dIys6 >t6w6 03Ryr\G a>0xM g_on8 9!6sBsmms ?r:\t L5M3O nq_JxO `uns?g F1_?J $vw3C ?.O:H Gq$rMmo 0y7?i <?qgg WYeyq$ !um_KM ykmsrzz ?2Cm7 3>O0? irIyo t.Iof?y R\y2I tnt"3 !t5K?/ hfIoq' bI>sy w?f?f? <Aq"Cio /uMbO > Ige >km7M 1$vw0 y.n/" /uM>9 njKym v:Ky$ ryw2Com s<U?o v?R.> hGydd soyg' :7Ieq 5zO-$ 2pMsw wGo$w?<w :xssms jVw:o .?ygs nn9?m oO_n: nFumS W7ofc U95 5 Gs\-?o ry>f< gae$w ?2kmO sIyf/! t8y<? \Cwy1 _Bx_K oeqq$ g5b9c /2?.o/ hcg>o kkkn? /`0E' xn/<a uwosm .<7qq zdWqk $1\Mm rzW?' tx<Iogss ldU9? K?.?/ r\isI ?6gAs $Kxn< nnnOS qyooo Hc<M? Ej\Ioy' x'8_ahttps://funny.battleb0t.xyz/images/random_3.jpg
2023-05-12 02:48:47Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://n.top/i,right:n.right/a,bottom:n.bottom/i,left:n.left/a,x:n.left/a,y:n.top/i', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://u8718684.ct.sendgrid.net/ls/click?upn=c5xukOe5Km-2FX79RKM6mUHkScXT7d3MNfbWP0FHOMHMSulHtt7TNqqdRBsqy10BrNUPGt1JnDtK6UMujmNu-2Bt5QYPlc-2BQrkgsqzJjN5vxSR6z81-2Fizrzyogjzfo-2BS9lx85Rb5sSUZZtUDNWUm86HtmS9EQuA-2BU4RfDy5n3r8sM3E-3DN0PW_-2F2Ce3NhTMiWIwvgWzERJRAygrU5zMIOZQxSuADrBlh7TNOxfvwo3CxH1Ohu8ySaee3krnnMOpDWXeZ1Bk4KZX9BkUZ8Edttb71LkdIzlOxeoHONdzpW8pWlgXqx83YJopFXPvRQGIv7Sn6HH66wOe3aU2Y0Prx-2FGZ3tSyA-2BkVN0gySn2zKqzQQmjicFw5za2NlxBl9CrGRWVutMdwUrhmoYf-2FXzIW7IQrIrlKUnWzPPY-2FpjVlisUhaE4YaXyGPCLka2hWOa0554QN2BjNnsHe6dwjndEUsQJ85b-2FnY955ArnKu76MKNRVCnjUZuZzCTQRtAnEn328443nOkyocNgPHpNa-2BICLRgB6RuqAUvD3kdSXakjxhKyTs0-2Bkt1Te3Tb-2B8aJjG6GIstuUjl-2BbQLHM-2FGnlea9WKNJpf8hKv6-2B7JI-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4036"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_IE_EarlyTabStart_0xb90_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_ConnHashTable<4036>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fc4_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_fc4_IESQMMUTEX_0_519"\n "IsoScope_fc4_IE_EarlyTabStart_0xb90_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.121:443"\n "104.18.6.8:443"\n "156.146.53.13:443"\n "152.199.5.152:443"\n "151.101.2.137:443"\n "162.247.241.2:443"\n "74.125.137.155:443"\n "13.227.74.109:443"\n "34.192.63.2:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bam-cell.nr-data.net"\n "cdn.ezshield.net"\n "cigna.identityforce.com"\n "js-agent.newrelic.com"\n "maxst.icons8.com"\n "platform.linkedin.com"\n "purecatamphetamine.github.io"\n "secure.identityforce.com"\n "stats.g.doubleclick.net"\n "u8718684.ct.sendgrid.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"platform.linkedin.com" (Indicator: "linkedin.com")\n "{state:0,transportUrl:b,context:c,parent:ki()},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ke.ca+"&cx=c";No()&&(f+="&sign="+ke.Zd);var g=te||ve?Mo(b,f):void 0;g||(g=wl("https://","http://",ke.qd+f));ei().destination[a]={state:1,context:c,parent:ki()};Hb(g)}};function Oo(){if(ci()){return!0}return!1};var Ro=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),So={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},To={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "GET /badges/js/profile.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://cigna.identityforce.com/app/Register?Type=PROVISIONAL&VALUE=C66B9A18A6A7&RETAILERCODE=Cigna&GNDNRLL=PSSAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: platform.linkedin.comDNT: 1Connection: Keep-Alive" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar280F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar27BF.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab27BE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab27BE.tmp]- [targetUID: 00000000-00000732]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000732]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"US_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "main.fe4aff76.chunk_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "2.96415f03.chunk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "gtm_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "application_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "la-solid-900_1_.eot" has type "Embedded OpenType (EOT) la-solid-900 family"- [targetUID: N/A]\n "Tar280F.tmp" has type "data"- Location: [%TEMP%\\Tar280F.tmp]- [targetUID: 00000000-00000732]\n "saleslanding_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Cab27BE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab27BE.tmp]- [targetUID: 00000000-00000732]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "nr-spa-1212.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "2.6b2b9e73.chunk_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "IDF_Cigna_1_.png" has type "PNG image data 801 x 98 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "trustev.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Register_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "la-regular-400_1_.eot" has type "Embedded OpenType (EOT) la-regular-400 family"- [targetUID: N/A]\n "open-sans-v17-latin-800.8ab0bbdd_1_.woff" has type "Web Open Font Format TrueType length 19072 version 1.1"- [targetUID: N/A]\n "open-sans-v17-latin-700.f24f4bce_1_.woff" has type "Web Open Font Format TrueType length 18900 version 1.1"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"cigna.identityforce_1_.xml" has type "Unknown"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://u8718684.ct.sendgrid.net/ls/click?upn=c5xukOe5Km-2FX79RKM6mUHkScXT7d3MNfbWP0FHOMHMSulHtt7TNqqdRBsqy10BrNUPGt1JnDtK6UMujmNu-2Bt5QYPlc-2BQr185.199.110.153
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.191): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Noneavanticom (Net ID: 00:02:6F:09:A3:B6)50.1188, 8.6843
2023-05-12 02:53:28Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://www.metawalletss.com/download.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d58_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d58_ConnHashTable<3416>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_d58_IESQMMUTEX_0_519"\n "IsoScope_d58_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d58_IE_EarlyTabStart_0xa74_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.211:80"\n "154.82.100.211:443"\n "142.250.189.202:443"\n "142.250.189.234:443"\n "142.250.191.35:443"\n "43.251.41.15:443"\n "185.199.109.153:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.metawalletss.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "metamask.io"\n "va.v.liveperson.net"\n "www.metawalletss.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta content="MetaMask Download" property="twitter:title">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<meta content="A crypto wallet &amp; gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<meta content="summary_large_image" name="twitter:card">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<a href="javascript:;" rel="noreferer\n noopener" target="_blank" class="footer-link">Twitter</a>" (Indicator: "dir "; File: "download_2_.htm")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:after {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"download-android_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlaced" and extension "png"\n "download-extension_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlaced" and extension "png"\n "download-ios_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlaced" and extension "png"\n "Edge_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced" and extension "png"\n "Brave_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced" and extension "png"\n "Firefox_1Firefox_1_.png" has type "PNG image data 107 x 100 8-bit/color RGBA non-interlaced" and extension "png"\n "chrome_1chrome_1_.png" has type "PNG image data 100 x 100 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eedc9fcb-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{eedc9fcd-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd28e17afbccfac18.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{eedc9fcd-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd28e17afbccfac18.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df659f277b3559949f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eedc9fcb-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "webflow_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n ".jsonp_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "metamask-staging-2.webflow_1_.css" has type "ASCII text"- [targetUID: N/A]\n "download-android_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlace185.199.109.153
2023-05-12 02:56:54IP AddressNoDNS Resolver0020None172.67.135.9www.ayhu.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneJBZD (Category: images) https://jbzd.com.pl/uzytkownik/loginlogin
2023-05-12 03:01:48Vulnerability - CVE LowYesTool - testssl.sh0020NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.www.battleb0t.xyz
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0130Nonenginx{"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:14 GMT", "content-type": "text/html"}
2023-05-12 03:13:42Vulnerability - CVE MediumYesTool - testssl.sh0020NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.87.248.157.102
2023-05-12 03:27:54Open TCP PortNoPulsedive0030None188.114.96.138:8080188.114.96.0/24
2023-05-12 02:44:03Human NameNoSpiderFoot UI2000NonePatrick Pogoda"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonenore (Net ID: 00:01:E3:0B:96:F0)50.1188, 8.6843
2023-05-12 03:23:50Open TCP PortNoPulsedive0030None188.114.96.20:8080188.114.96.0/24
2023-05-12 02:55:27Physical LocationNoURLScan.io0010NoneDEbattleb0t.xyz
2023-05-12 03:11:12Physical CoordinatesNoOpenStreetMap74040None33.617190550339146,-111.9082788701905414455 North Hayden Rd, Scottsdale, US-AZ, US, 85260
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:53:19Malicious IP AddressYesVirusTotal0130NoneVirusTotal [34.74.170.74] https://www.virustotal.com/en/ip-address/34.74.170.74/information/34.74.170.74
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:38Software UsedYesTool - Wappalyzer0020NoneCloudflarenuke.battleb0t.xyz
2023-05-12 02:45:29Raw Data from RIRsNoipapi.co0030None{u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'104.196.30.220', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'104.196.0.0/18', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}104.196.30.220
2023-05-12 03:09:50Affiliate - Internet NameNoDNS Resolver0040None82.170.74.34.bc.googleusercontent.com34.74.170.82
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None200WMadison (Net ID: 00:01:21:30:9B:24)41.8781, -87.6298
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.166): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:24Software UsedYesTool - Wappalyzer0020NoneHTTP/3oldfluid.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWayport_Access (Net ID: 00:14:6A:5B:53:91)32.8608, -79.9746
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None01101101.github.io185.199.111.153
2023-05-12 03:01:14Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.131): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneRoom 229 (Net ID: 00:02:2D:8B:9E:AE)33.617190550339146,-111.90827887019054
2023-05-12 03:41:56Affiliate - Internet NameNoDNS Resolver1040Nonemn2.tjdev.de45.131.109.48
2023-05-12 02:44:13Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonegithub.iowww.battleb0t.xyz
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2083104.21.71.14
2023-05-12 02:55:25Raw Data from RIRsNoGoogle1020None{'webSearchUrl': u'https://www.google.com/search?q=site:www.ayhu.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://www.ayhu.xyz/']}www.ayhu.xyz
2023-05-12 03:43:57URL (Form)NoPage Information0040Nonehttps://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c59d97743e3')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="IzWcLwqG74V5tV1nWv6NwCgv19x6fOKHH9bpAKGqFvs-1683861861-0-AaT1IDJ8zL-HPKAcS5jW_S_lOAZThpdmCpakWJJZLTdl-YC7YmW7x0R3Esq2ci5pRxETFrXUoScSBrwB5quPRe1171zsRq5FO5HvSBsT8wSH48d6cjZBcafhFd-gYMgKn5vz-FkJUPQ0nF10-q2ubdvcw8hKSSRUsAC4C2bgwDMz0kRykTgIN5O-4hUEH_aIMPUl85RgiecFAuvX8Ivy5H7CWHsXJNLmrFihUW3yur5y4mznmwIt6LoJGKtAduIhk1MMkrSy06zOCVQNVecBCYfPFg-LQUxzu01zND8kx6XIr4D_Z7JCVLT2xHDvC0QW8SVEpEQxyz1_6w4Q_kXekAKzWUv6f2WQc9reLDcoidSiSGME_E1JbznCGlu2Qcv2UxBiUp3ZaVMVnVkjfbD8tvqsMpOiPHRoL0QGNOvZC9IWd3DmNkLVl0o7A7gZ6X6XvmxN8FN6zQ5MuokY1veB1HzJur_7DeYGkiQKi-0P2vRxvm4WDXUmU4f2tq7Esl4HSqC16vv9LBLaBAi8Z_5ASfDKC4_Qtwk5ocpapPABdtQe_KyihhYQ0p3PsebP3qabKmLOkD2fDvF3lYLd3qMvC4RgGh-YX8l7PTUCq3wEfd8Mi9e6YReBeIzcGw5PwaoMHFYsP5RhUMwk71xYoONoQnXtJO45ecOy75oe90Gm07DUOsZsURI3qtJbwRlmpa7xW_oJhMCvGoxCaFBmv4Tj_3i4JWKOMf7hpKtp919xj-jQIAWQmSIDBw3LhMZPRePjKwSZV17PsqlmFxhMjxxo_oGcprk2tlsBrXLDx9NJVWy2DHDR-TPwL1u1-c5lRkjOzwwNIlsSIltqwOI6w4aVA6MdRM9LQlE6JVGhJTOkyMSmOGg0b-gPtNYSVQZ4M0bbvY5ZejvC-622MlBNpTcTQgj-Hr5BRzvJOQNVBtKeZNEcL0V-HlUOqjgsgCuZ0n-_DmccPSp6yXjib7zziw0VsFZ51VNwFMiyAJLSoQVd1OjGuw3fSFPRsqIT0NzkM6LJJ9oyKVkZXep7mdpjCvm52q0byqZXvzL2VDAtJAJmAXjedpHk-ixt-DqOfzQw9GqcICnOaIAwGCalMfoPOf8GPEND9RClu9LRyO_FDNt75C01Varldc5Ftwg8k-rAHBToDSA8_BQdwA01UognhxgoBkv5pTU2f0H6TbryBj0d8lUJpXsYh3CtyN0y8DOT_kz_DjrrzIT964Pdi7AsCCs8mo2IE6lrD73n8Izje7P97pkFkPjlBN2jtfhSvPURw_vpTJ5ZaaFdYA9KK-YFF68xMCw6ewAMK1rkYSoe1oqSv02a9QAvlbxHhD_COD3weHDV-tI_xq_UVBQKGO4fDKE5ZB_Li_qQJ1UU8CLWZeL01WBdYpUyqwj8DSDtW_hWLGQxeKSnHsjkNN44s8ztTjWQa0EOv111zkoc_jo1-AKbBfegf0gXFbeefPUQPApaVp0ZSh976fXDUBkg-u9zIFuO8PmOpT12qOluulzM3HAWuIXPfFdKdkuM_0Ju0J2nYUnPnIIPw7-X0VlO10ISCMaRppc2X6T6WN3Me0ur-AgpXQrtaOHERtZpzl81diItC7rlhoi2hcwlyknYz9uG6Jvt4vO7CVGEkxo64WkJUYfdQcxWDVfCj5P8OtigH5bAFPrPlThHqTc5vpPnWpu_04hxNRR1-yz89uQ30xUpmEOd55phY60kcWBwhTfKO_t_0MJs_4gMTnO_VQemTQRtnrcmjKY2pn8nAizQEc0LX-nJ_4sW5z-DGM44AAFGVM5-U7o0Y7m1jXwg99HdEmqr2iPndrQh3ksnfvVAApgCg0pbwWbA71pkVfyO8vPpUv_GruozMnSwm3sFOR28jhXLHljB6WOMjmilFX-I80iAeT78A5CMWmca6g1quxd5xHVTMFnl-Ys3ieqarC7YmJ7eytJNcbcsYSdnciNL21ndjddEi22yCTG9No7nWap74I3S-XDZ5j0YJh9aMipl2sHc0u1U-Vx2vJmPYYV1MWTS_cbbT2ub5ALyjMgyaSA96qpG_Ooy4cFCkf0E0RRynEWRVadMZE1Vz5bBogaFEOjsc334EAR0zTIX8_4nnRO5mOvEVRo4ZTcKeicbfVjehihRxW1wdSDJAbbGCjjkZj3DldP4NK0vlhWlD9UbhT6NEC6tNcCjkKUECuinurOI-oV4Cegh-51bGD-UpvxqLsfIQd9QODY03eyCxUur045Y22aLoD51JCbhy39Jp0fS35dbrG4QIggvUdxGVolRMemldY1hGoUkHPtE8nB2YB7L2z90pSQRrkz2F1mucH6C2aK0d1BE2f04Z7nAiGFk7bERb053H4pvO-fGR73M06TI9KFQDNVYHk7iyF8yJ8kA23l9FgJhokSfUX3_PYhrtNIdVilfmf2nfkSfGzPgsBbAL-1WUlksPvUQq7Tut8_2gnISEhXjovKigslLYWTdPYupiAliABg3BLe_WNuc41K408YYwipU-2SdiixQBhgUVLS8Sh615rA"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '89417', cRay: '7c5f8c59d97743e3', cHash: 'd514be865123f26', cUPMDTk: "\/lol.html?__cf_chl_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'FoAd4lVBdR3won9Rs2Jfak+tQjzXxPoSuo1RDbLWoBgbDtG4sbp6dJPVY2yPACeJPMILVDmGpWRL5p83JUdrP8nuVYCG+5vbYX8rd53MVZ5kJ9wlfWFmCqWwQJUw/8TZawBHID/u/30DQeOeSeUTm1hqzmleggywIwf6pMg+ibTI90WBrTuW9wSkueaL3qTaSW+A5NmE5a98IBe6uITwE7298cOlvN5xe0V0Y44L/7J794Ti/d2obzW0EWmpSj68DzdMrP78juCknmUCL5iCtrWXrfhdXXjruJCYgBsuVR5T1HoPLAY8ZaUH61xukMd5qVzPRfNIIlhcoowZA1Eh2PMRByvPcFpdrPeDKOY1J+M5l4lk4/TNmiDkgCFAka0tLoM1HisA+wo47P0wfWILTScPL+M3MhFjnCEsQgVWbbbcu7ppiHsxevxnn0ypjrb3lrjH9FQcH522PtO7okA/1k5zFXRELcMaZ1PaWlYYxUzZ0lEDuGD8W2uAABd3Zqr48isKkErgxdWRypRiannuzpfhTo9gXIVZgjYXWZqPwNgKEtOvG48uUqTLWAhuTpBS', t: 'MTY4Mzg2MTg2MS40MTQwMDA=', m: 'cETLdgv65AVfRnLUKPe0Cd6r3wJgEhjfW5wAN2YKd/o=', i1: 'w+O5Ul3LVrlFQJyL4ELS5Q==', i2: 'eUom9RfWfCbkQbM7K2vx8A==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c59d97743e3'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c59d97743e3'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonecpanel.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.81): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneSWLFO (Net ID: 00:11:95:4C:CD:45)32.8608, -79.9746
2023-05-12 02:54:41Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H06QWFV48ACFBYY7E5EAJW1H Date: <REDACTED> Content-Length: 0 104.196.30.220
2023-05-12 02:54:20Linked URL - ExternalNoWeb Spider0030Nonehttps://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyzhttp://nuke.battleb0t.xyz/
2023-05-12 02:46:49SSL Certificate - Issued toNoSSL Certificate Analyzer0030NoneCN=*.cloudwaysapps.com64.226.81.43
2023-05-12 02:54:20Netblock IPv6 MembershipNoCensys0040None2600:1f18:2000::/352600:1f18:2489:8200::c8
2023-05-12 03:03:33Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io008security.github.io
2023-05-12 02:54:30HTTP HeadersNoCensys0030None{"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}64.226.81.43
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:02:2D:00:21:01)37.7813933,-122.3918002
2023-05-12 02:54:18Web Content TypeNoWeb Spider0040Nonetext/css;charset=utf-8https://pics.battleb0t.xyz/gallery.css
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:17Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.148): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNet8FBA (Net ID: 00:01:36:5C:8F:B8)37.7813933,-122.3918002
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneZiggo8BC690 (Net ID: 00:0C:F6:8B:C6:90)50.8897, 6.0563
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None21880a (Net ID: 00:02:2D:21:88:0A)37.7642, -122.3993
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Nonecurve25519-sha256@libssh.org{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 02:52:35Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html#adeajiboye%40tfl.gov.uk', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html#adeajiboye%40tfl.gov.uk', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ff8_ConnHashTable<4088>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ff8_IE_EarlyTabStart_0xccc_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ff8_IESQMMUTEX_0_303"\n "IsoScope_ff8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4088"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.94.90.1:443"\n "185.199.108.153:443"\n "69.16.175.42:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link"\n "code.jquery.com"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df220c6963395ab279.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eb5e3e79-eb33-11ed-90db-080027f80375}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df03903f02ca632e35.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{eb5e3e7b-eb33-11ed-90db-080027f80375}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\1hgch0kk.txt"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[2].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eb5e3e79-eb33-11ed-90db-080027f80375}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df220c6963395ab279.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.linksharepoint.html#adeajiboye%40tfl.gov.uk" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "CabC98.tmp" has type "data"- Location: [%TEMP%\\CabC98.tmp]- [targetUID: 00000000-00003752]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00004088]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF220C6963395AB279.TMP" has type "data"- Location: [%TEMP%\\~DF220C6963395AB279.TMP]- [targetUID: 00000000-00004088]\n "~DFD673A39745136900.TMP" has type "data"- Location: [%TEMP%\\~DFD673A39745136900.TMP]- [targetUID: 00000000-00004088]\n "~DF03903F02CA632E35.TMP" has type "data"- Location: [%TEMP%\\~DF03903F02CA632E35.TMP]- [targetUID: 00000000-00004088]\n "~DF4CF5FEB5537E8681.TMP" has type "data"- Location: [%TEMP%\\~DF4CF5FEB5537E8681.TMP]- [targetUID: 00000000-00004088]\n "_EB5E3E7B-EB33-11ED-90DB-080027F80375_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._EB5E3E79-EB33-11ED-90DB-080027F80375_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F40A39E6-EB33-11ED-90DB-080027F80375_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "CE6PK5S8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CE6PK5S8.txt]- [targetUID: 00000000-00004088]\n "NIMW53JC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NIMW53JC.txt]- [targetUID: 00000000-00004088]\n "QCNMHTZN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QCNMHTZN.txt]- [targetUID: 00000000-00004088]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003752]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "BZQCY431.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BZQCY431.txt]- [targetUID: 00000000-00004088]\n "GWHYI938.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GWHYI938.txt]- [targetUID: 00000000-00004088]\n "UZP7J6YA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UZP7J6YA.txt]- [targetUID: 00000000-00004088]\n "5DVSSG1V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5DVSSG1V.txt]- [targetUID: 00000000-00004088]\n "sharepoint_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "CabF738.tmp" has type "data"- Location: [%TEMP%\\CabF738.tmp]- [targetUID: 00000000-00003752]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003752]\n "CabF749.tmp" has type "data"- Location: [%TEMP%\\CabF749.tmp]- [targetUID: 00000000-000185.199.108.153
2023-05-12 03:03:26Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000407.github.io
2023-05-12 03:32:23Open TCP PortNoPulsedive0030None188.114.97.12:80188.114.97.0/24
2023-05-12 02:51:54Raw Data from RIRsNoHybrid Analysis2020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=5673cc9137db&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:1480:304:WilStaging_02"\n "SM0:1480:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:1480:120:WilError_01"\n "Local\\SM0:1480:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.136:443"\n "13.227.21.58:443"\n "13.227.74.64:443"\n "185.199.108.153:443"\n "74.125.137.157:443"\n "142.250.191.68:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\edge_autofill_global_block_list.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sync data\\leveldb\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\7c516a82-27f5-4723-be57-30a8336c14b5.tmp"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\service worker\\database\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6236_1468670677\\shopping.js]- [targetUID: 00000000-00006236]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001308]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6236_1265273683\\Ruleset Data]- [targetUID: 00000000-0000623185.199.108.153
2023-05-12 02:44:11Co-Hosted Site - Domain NameNoSSL Certificate Analyzer2110Nonegithub.combattleb0t.xyz
2023-05-12 02:44:05SSL Certificate ExpiringYesCertSpotter0010None2023-05-26 01:39:24battleb0t.xyz
2023-05-12 03:09:26Co-Hosted SiteNoSSL Certificate Analyzer1020Nonecdnjs.cloudflare.com188.114.96.1
2023-05-12 03:09:28SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=Let's Encrypt,CN=R387.248.157.102
2023-05-12 02:50:16Internet NameNoDNS Resolver0020Nonenuke.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 13 15:23:51 2023 GMT Not After : May 14 15:23:50 2023 GMT Subject: CN=nuke.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31: ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71: 0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af: 0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a: 5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7: 39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65: 24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59: 71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34: e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9: 0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc: 9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74: 06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3: aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75: 91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79: 73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb: 18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61: 4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26: a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1: d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1: 46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9: 1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01: 80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7: eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de: b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f: e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48: f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99: d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20: 45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86: e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd: 16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9: 1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9: f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8: 73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9: 53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba: 3c:1f:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nuke.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 9d:ff:c4:18:06:c7:30:d4:36:0f:0e:18:02:e1:f1:df:09:d5: 21:48:af:f9:5b:c3:31:1b:5f:2b:b6:70:3d:80:2b:58:d6:6f: b5:cd:ce:70:10:56:ed:d2:2c:18:4d:d8:55:56:01:67:34:4f: bc:a8:06:13:c7:63:73:41:9d:bd:7a:2d:d7:ed:6a:95:df:86: a0:fd:bf:15:00:37:ee:c9:32:cd:29:05:23:5a:30:c7:ce:39: 29:07:6d:b0:2b:6a:1c:81:8f:29:05:30:c4:40:2c:ba:5f:67: f5:56:a5:86:93:08:a2:16:e7:a9:15:01:13:84:23:08:70:b8: b0:8e:c4:e6:9c:43:cf:99:85:ea:2e:4c:6c:a4:51:b4:75:a3: cf:1f:af:40:ab:43:86:65:fb:ba:43:42:24:c7:fd:a0:13:49: bf:fb:a3:fe:ef:4b:38:f1:34:bd:37:28:78:ae:eb:fe:f8:2c: 4d:b8:bd:50:64:c1:2a:97:b9:ac:34:8d:83:6a:c1:4b:6d:6a: 3a:8c:69:86:1e:d9:d4:69:98:23:cc:ff:1b:aa:4f:58:58:dd: f4:2d:3e:92:9e:ec:9c:7f:4a:ba:35:54:c6:db:d8:38:08:1a: 75:fe:73:ca:92:d8:db:5e:94:c8:9a:15:84:e4:03:5b:a9:4b: 3c:ac:3c:70
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneTanuki.pl (Category: hobby) https://tanuki.pl/profil/loginlogin
2023-05-12 02:50:28Raw Data from RIRsNoGLEIF0030None[{u'attributes': {u'highlighting': u'<b>C</b>/O <b>CENTRALNIC</b> <b>LTD</b>', u'value': u'C/O CENTRALNIC LTD'}, u'type': u'autocompletions'}](c) CentralNic Ltd
2023-05-12 02:45:06Physical LocationNoipapi.co0020NoneSan Francisco, California, CA, United States, US2606:50c0:8003::153
2023-05-12 02:46:38Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://stellarium.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_aec_ConnHashTable<2796>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_aec_IESQMMUTEX_0_331"\n "IsoScope_aec_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"\n "IsoScope_aec_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_aec_IE_EarlyTabStart_0xee8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "142.250.189.168:443"\n "172.67.71.29:443"\n "142.250.189.238:443"\n "142.251.2.155:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"stellarium.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"stellarium.org"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-154', u'name': u'Found suspicious keywords in script (string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed keyword:"ActiveXObject" [Source: analytics_1_.js]\n Observed keyword:"ActiveXObject" [Source: jq-ui-flplayer-sw-aggregated_1_.js]\n Observed keyword:".Run" [Source: 00000000-00002916.00000000.67483.02150000.00000002.mdmp\n 00000000-00002916.00000000.67527.02150000.00000002.mdmp]'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+je.ca+"&cx=c";Go()&&(f+="&sign="+je.Sd);var g=se||ue?Fo(b,f):void 0;g||(g=rl("https://","http://",je.jd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Ho(){if(Zh()){return!0}return!1};var Ko=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Lo={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Mo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "thumb-5_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 40x40 components 3"- [targetUID: N/A]\n "~DFFE60A6B95FE0E2E6.TMP" has type "data"- Location: [%TEMP%\\~DFFE60A6B95FE0E2E6.TMP]- [targetUID: 00000000-00002796]\n "slide-1_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 600x250 components 3"- [targetUID: N/A]\n "jq-ui-flplayer-sw-aggregated_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dl-macosx_1_.png" has type "PNG image data 60 x 40 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "XCL1KF20.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XCL1KF20.txt]- [targetUID: 00000000-00003580]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._9738A693-C3A3-11ED-9D1F-0800272BE4CA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "slide-3_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 600x250 components 3"- [targetUID: N/A]\n "42BV46U1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\42BV46U1.txt]- [targetUID: 00000000-00003580]\n "slide-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 600x250 components 3"- [targetUID: N/A]\n "7RO40XI5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7RO40XI5.txt]- [targetUID: 00000000-00002796]\n "~DFDA73984BBB04A3BA.TMP" has type "data"- Location: [%TEMP%\\~DFDA73984BBB04A3BA.TMP]- [targetUID: 00000000-00002796]\n "_9738A695-C3A3-11ED-9D1F-0800272BE4CA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bg-l_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 113x181 components 3"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dl-windows_1_.png" has type "PNG image data 60 x 40 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"stellarium.org" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "http://static.flowplayer.org/swf/expressinstall.swf,cachebusting:true},t"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://www.gnu.org/licenses/"\n Pattern match: "http://jqueryui.com/about"\n Pattern match: "http://docs.jquery.com/UI"\n Pattern match: "http://docs.jquery.com/UI/Effects/"\n Pattern match: "http://docs.jquery.com/UI/Mouse"\n Pattern match: "http://docs.jquery.com/UI/Position"\n Pattern match: "http://docs.jquery.com/UI/Widget"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "MUID2D2A9A2C4664691E26D188FA47286894msn.com/1025218105305631099439219419004131020976*"\n Pattern match: ".2.1166814548.1678934302stellarium.org/1088135761420831167827160715879131020976*"\n Pattern match: ".2.1166814548.1678934302stellarium.org/1088135761420831167827160715879131020976*_gidGA1.2.164760106.1678934302stellarium.org/1088231157260831021177160731504131020976*"\n Pattern match: ".2.1166814548.1678934302stellarium.org/1088135761420831167827160715879131020976*_gidGA1.2.164760106.1678934302stellarium.org/1088231157260831021177160731504131020976*_gat_gtag_UA_109850660_11stellarium.org/1088219999910431020976160778379131020976*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?pp(R(c,gaFunctionName)):pp();if(pa(k)){var"\n Pattern match: "https://+c"\n Pattern match: "www.google-analytics.com==a.host&&(a.port||b)==b&&D(a.path,/plugins/)?!0:!1},ne=function(a){var"\n Pattern match: "www.google-analytics.com},Ge=function(a){switch(a){default:case"\n Pattern match: "https://tagassistant.google.com/"\n Pattern match: "https://+g185.199.111.153
2023-05-12 02:50:48Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://nickcher.github.io/netflix_landing_clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b0c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b0c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2828"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b0c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b0c_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b0c_IE_EarlyTabStart_0xda0_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b0c_ConnHashTable<2828>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2828"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.96.160.210:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "nickcher.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "netflix_landing_clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab26D3.tmp" has type "data"- Location: [%TEMP%\\Cab26D3.tmp]- [targetUID: 00000000-00003584]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002828]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF64A1F5312060F4AE.TMP" has type "data"- Location: [%TEMP%\\~DF64A1F5312060F4AE.TMP]- [targetUID: 00000000-00002828]\n "~DFC2B27440F7A0B15C.TMP" has type "data"- Location: [%TEMP%\\~DFC2B27440F7A0B15C.TMP]- [targetUID: 00000000-00002828]\n "~DF0A3D913D5F45CD6B.TMP" has type "data"- Location: [%TEMP%\\~DF0A3D913D5F45CD6B.TMP]- [targetUID: 00000000-00002828]\n "~DF87F80C8C1C5AD9DE.TMP" has type "data"- Location: [%TEMP%\\~DF87F80C8C1C5AD9DE.TMP]- [targetUID: 00000000-00002828]\n "urlref_httpsnickcher.github.ionetflix_landing_clone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._B6073E9B-EF99-11ED-BFDF-0800272E71EF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C011B3B6-EF99-11ED-BFDF-0800272E71EF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B6073E9D-EF99-11ED-BFDF-0800272E71EF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "script_1_.js" has type "ASCII text"- [targetUID: N/A]\n "NUC70NVO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NUC70NVO.txt]- [targetUID: 00000000-00003584]\n "W4NLV9B9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W4NLV9B9.txt]- [targetUID: 00000000-00002828]\n "9UXBXI81.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9UXBXI81.txt]- [targetUID: 00000000-00002828]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003584]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "LO9MJJD0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LO9MJJD0.txt]- [targetUID: 00000000-00003584]\n "6YRDU7V9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6YRDU7V9.txt]- [targetUID: 00000000-00002828]\n "G0VQDCLZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\G0VQDCLZ.txt]- [targetUID: 00000000-00002828]\n "GUUOB0ON.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GUUOB0ON.txt]- [targetUID: 00000000-00002828]\n "Cab281E.tmp" has type "data"- Location: [%TEMP%\\Cab281E.tmp]- [targetUID: 00000000-00003584]\n "Cab2833.tmp" has type "data"- Location: [%TEMP%\\Cab2833.tmp]- [targetUID: 00000000-00003584]\n "Cab2E9E.tmp" has type "data"- Location: [%TEMP%\\Cab2E9E.tmp]- [targetUID: 00000000-00003584]\n "Cab2821.tmp" has type "data"- Location: [%TEMP%\\Cab2821.tmp]- [targetUID: 00000000-00003584]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003584]\n "Cab281D.tmp" has type "data"- Location: [%TEMP%\\Cab281D.tmp]- [targetUID: 00000000-00003584]\n "netflix_landing_clone_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://nickcher.github.io/netflix_landing_clone/"\n Pattern match: "https://nickcher.github.io"\n Pattern match: "https://nickcher.github.io/netflix_landing_clone"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt0-!http://oneocsp.microsoft.com/ocsp05E9R"\n Pattern match: "https://i.ibb.co/r5krrdz/logo.png"\n Pattern match: "https://i.ibb.co/vXqDmnh/background.jpg"\n Pattern match: "SUIDmicrosoft.com/9216418687628831032347268501117031032230MUID09E339F3135660E63EB22AFD12D26110microsoft.com/185.199.108.153
2023-05-12 02:44:16SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 04:50:12 2023 GMT Not After : Jul 23 04:50:11 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8: 3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1: dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6: a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b: 57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14: 5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e: 22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56: d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e: 20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b: 1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7: e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4: c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d: b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0: 4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51: be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49: cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed: d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c: 27:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 95:2c:18:1f:d0:91:73:33:88:ab:4e:68:d6:e3:58:9c:45:64: b3:8a:0d:c0:05:28:dd:e1:2b:f4:06:90:e5:1f:5e:3c:9c:82: f8:42:f9:9c:fc:f0:39:70:2a:ec:b3:e8:e8:27:a3:e2:22:80: 9f:b5:25:f6:b8:88:47:5f:86:6d:fa:80:87:2b:27:3e:0f:10: 6e:32:3f:e2:3c:74:e0:3c:4f:db:80:e5:a0:7b:df:70:24:e5: 0b:57:3d:66:c3:68:d9:cb:10:13:bf:3d:4b:9b:bd:e4:38:dc: 16:3b:ab:a4:bb:05:4c:21:58:ec:56:01:d3:cd:f7:e4:52:ad: 1c:0c:0e:45:9d:25:b3:ee:43:f3:93:10:64:3c:d1:8d:ef:4c: a1:a0:46:a0:9c:7a:71:16:74:1d:79:35:f7:b7:75:a9:5d:1a: 70:92:2b:c8:d4:0a:a7:04:cf:3a:2e:08:b5:53:9c:fd:91:52: 6d:bc:96:2f:53:07:7f:1a:15:71:f1:e4:9c:95:b8:03:cb:17: 25:b8:bd:2e:3d:91:c6:72:cb:50:7f:bb:42:cd:87:4e:3f:af: 01:27:cd:29:c4:cc:43:33:bb:f8:a1:ac:9f:c7:0b:d7:f6:39: 18:d3:6f:bb:a0:79:75:5a:d1:c9:35:44:91:1c:7a:a8:9d:4d: fb:9f:95:2e battleb0t.xyz
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.31): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneJuggernaut (Net ID: 00:0C:41:D7:E4:AF)33.617190550339146,-111.90827887019054
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneRicos Loft 5 (Net ID: 00:01:9F:34:7B:CC)34.0544, -118.244
2023-05-12 03:09:45Affiliate - Internet NameNoDNS Resolver0040None136.97.148.34.bc.googleusercontent.com34.148.97.136
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePatriots Win (Category: political) https://patriots.win/u/login/login
2023-05-12 02:55:11Open UDP PortNoCensys0020None87.248.157.102:5387.248.157.102
2023-05-12 03:12:52Raw Data from RIRsNonumverify0030None{u'international_format': u'+14805058800', u'local_format': u'4805058800', u'number': u'14805058800', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'}+14805058800
2023-05-12 03:28:39Open TCP PortNoPulsedive0030None188.114.96.160:8443188.114.96.0/24
2023-05-12 02:50:21Raw Data from RIRsNoHybrid Analysis0020None{u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.108.153'}], u'result': [{u'environment_id': 160, u'job_id': u'645d8a88279c2a120702351f', u'analysis_start_time': u'2023-05-12 00:38:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fd3f87723c83f2305810fe23fef4cf445f78d61b1bd01c5ba0f86e6abdd341d0', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 160, u'job_id': u'645d49f8de4a448d8502e802', u'analysis_start_time': u'2023-05-11 20:03:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'caa85587541ac5a6fa3be679888d72e2e42fdcad7692d730bfdac5f1eda53cb8', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 160, u'job_id': u'645d21c0b499dcb7b70d14f2', u'analysis_start_time': u'2023-05-11 17:11:29', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'da548ef9df8cab343b3862fc91c34c186e72b4b4c2ea3d2b464bc6043a235960', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 160, u'job_id': u'645d0f98dcd5664d0b03879a', u'analysis_start_time': u'2023-05-11 15:54:01', u'vx_family': u'Malicious site', u'av_detect': u'33', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'f957cd2858479ac1c3950fe600ab6a011f2955b2cada6371078e83f2d9ce16ca', u'type': None, u'type_short': u'url', u'size': 142}, {u'environment_id': 110, u'job_id': u'645c5e23b4ad9858e30c3320', u'analysis_start_time': u'2023-05-11 03:16:52', u'vx_family': u'Phishing site', u'av_detect': u'62', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'2b8ddeb1ac7750da80502b1322e14c3de7bb618006fe7ddf37f47b9324d3bb67', u'type': None, u'type_short': u'url', u'size': 72}, {u'environment_id': 110, u'job_id': u'645c5e1fc129a37d29017ae4', u'analysis_start_time': u'2023-05-11 03:16:48', u'vx_family': u'Phishing site', u'av_detect': u'71', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'72bea1bb6678facfbacd6d43b3e50cbf0d128005c52469fd378a2c17b8a9d8e4', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'645c5df8abfe193107024f1e', u'analysis_start_time': u'2023-05-11 03:16:09', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'72dcf92fdd87135607534fb22cd7cb1030bdce9f3ac073f1de1f62b3a33edf56', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 110, u'job_id': u'645c5de3e95b4421cb07d72c', u'analysis_start_time': u'2023-05-11 03:15:48', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'bdeb520577acc7f04dc5ec8e74234521dc150dedad20f555e3db29d2afeb902f', u'type': None, u'type_short': u'url', u'size': 73}, {u'environment_id': 110, u'job_id': u'645c5de38943312361085a76', u'analysis_start_time': u'2023-05-11 03:15:48', u'vx_family': u'Phishing site', u'av_detect': u'59', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6b9cb44f8af65c9c7de7aeefe5df75082005b066e5269a7beab8d9351e8fe0a9', u'type': None, u'type_short': u'url', u'size': 65}, {u'environment_id': 110, u'job_id': u'645c5c6fcf0b25bc970e9ca1', u'analysis_start_time': u'2023-05-11 03:09:36', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'be1d588c403275660b01eca90094a469c99c292f3f377a701a37fa0b2226362b', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'645c5bf5f586b26472036a15', u'analysis_start_time': u'2023-05-11 03:07:34', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'0754c3a617f3c7c89ea46c89c18542dd456aee3a70b9dd31bfc459a66031bbaa', u'type': None, u'type_short': u'url', u'size': 71}, {u'environment_id': 110, u'job_id': u'645c5bb295b3d7015b0ad91e', u'analysis_start_time': u'2023-05-11 03:06:26', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6fa5b98ea302c88b5188162b088f9b4e374c799581571973ea6c5651d9040060', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 110, u'job_id': u'645c5baae95b4421cb07d5e2', u'analysis_start_time': u'2023-05-11 03:06:18', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'c89f9c848a950df9536d3df2ceafaec95f0aa29af4b956a2bfd1dfbbd379cb17', u'type': None, u'type_short': u'url', u'size': 86}, {u'environment_id': 110, u'job_id': u'645c5b9ec8c83d3b240e95c6', u'analysis_start_time': u'2023-05-11 03:06:07', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'2b41abf0a1ffd0bfbf700bb5eee65e98fb627cb92c9a148bc3d4acd1a6b24c6e', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 160, u'job_id': u'645c346964201940820bd22f', u'analysis_start_time': u'2023-05-11 00:18:49', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6ff193a6ca9551050e9c92179433950b4a1e5c440e0b35cab4b36916f38ab19f', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'645bdba7396080d9fe10009e', u'analysis_start_time': u'2023-05-10 18:00:07', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8163eb8a3e42f3967f5831043d6e16ebb5ed541ef09bad6181080ef6e0d7bd2a', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 100, u'job_id': u'645b9d1743bfaa77c207d7d5', u'analysis_start_time': u'2023-05-10 13:33:11', u'vx_family': None, u'av_detect': u'50', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'822a90d8cb0a1a10355a4a70a196e8630d132c645f14cbb143b3f9b7394a251f', u'type': None, u'type_short': u'url', u'size': 114}, {u'environment_id': 110, u'job_id': u'645ae4e1346528d7b70ca2e9', u'analysis_start_time': u'2023-05-10 00:27:14', u'vx_family': u'Phishing site', u'av_detect': u'59', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ca308e63c510b0b503331cc7778db986b057b684b3dbaa752e4f62cb13664b77', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 110, u'job_id': u'645ae36a67851ac2340e520d', u'analysis_start_time': u'2023-05-10 00:20:58', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'9732e24d121e342e55deabd13611e857c769c96da9717e6d7ebc87449f2a7905', u'type': None, u'type_short': u'url', u'size': 57}, {u'environment_id': 110, u'job_id': u'645ad4ea367c0ebd57074ef9', u'analysis_start_time': u'2023-05-09 23:19:06', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'a91d30a9dfbf18fc164f18e29c383f3b3964ac705c585938d8d588d02f3da688', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'645ad31c5702e95bf3033576', u'analysis_start_time': u'2023-05-09 23:11:24', u'vx_family': u'Phishing site', u'av_detect': u'62', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'e81a2290a3986847ba37b34e8a5c695786daf2ff2a13d86708b03f6647d220ab', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 100, u'job_id': u'645aa20e7a292c0be70b0612', u'analysis_start_time': u'2023-05-09 19:42:07', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fac0f6b5c9cc17d9e85e803349fbdcb7dd616c0192e797952d500bc5bd892fe7', u'type': None, u'type_short': u'url', u'size': 141}, {u'environment_id': 160, u'job_id': u'645a76cea2d0c5300e066333', u'analysis_start_time': u'2023-05-09 16:37:35', u'vx_family': None, u'av_detect': u'33', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c1370cd545c8d3458c340bf48e48850af74876898cb8557ed1a692c1d7654113', u'type': None, u'type_short': u'url', u'size': 123}, {u'environment_id': 100, u'job_id': u'6459c8ee434bd90ac20239bb', u'analysis_start_time': u'2023-05-09 04:15:43', u'vx_family': None, u'av_detect': u'0', u'environment_d185.199.108.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneNETGEAR (Net ID: 00:0B:7D:08:41:CB)39.0469, -77.4903
2023-05-12 03:32:25Open TCP PortNoPulsedive0030None188.114.97.13:80188.114.97.0/24
2023-05-12 02:45:31Raw Data from RIRsNoPhishStats0020None[{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.110.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2255774, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Site not found \xb7 GitHub Pages', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'05d383e42f69258d635e6789e2a3163ab4e15be5920ead730c050aefc2f422d5', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'www.mise-a-jour.github.io', u'date': u'2018-06-06T21:16:47.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'http://www.mise-a-jour.github.io/imp/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}]185.199.110.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonex-timer: S1683860053.987504,VS0,VE2{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None2WIRE623 (Net ID: 00:00:85:F5:03:9F)37.7813933,-122.3918002
2023-05-12 02:46:01Physical LocationNoAbstractAPI1030NoneNorth Charleston, South Carolina, 29415, United States, North America104.196.30.220
2023-05-12 03:01:29Web ServerNoTool - WhatWeb0020Nonecloudflarefluid.battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:E3:AC)50.1188, 8.6843
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:11087.248.157.102
2023-05-12 03:00:58Co-Hosted SiteNoHackerTarget2020None01001101ck.github.io185.199.111.153
2023-05-12 02:55:05BGP AS MembershipNoCensys0020None13335188.114.97.1
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneCollaborative intelligence - Collaborative intelligence characterizes multi-agent, distributed systems where each agent, human or machine, is autonomously contributing to a problem solving network. Collaborative autonomy of organisms in their ecosystems makes evolution possible.cdn-185-199-111-153.github.com
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneWLAN (Net ID: 00:01:24:F3:FD:65)34.0544, -118.244
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonehome (Net ID: 00:06:25:61:49:C4)33.336199,-111.89446440830702
2023-05-12 03:31:27Affiliate - Email AddressNoE-Mail Address Extractor0040None6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.comDomain Name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com Updated Date: 2022-10-23T13:11:02.954Z Creation Date: 2022-09-09T13:47:20.593Z Registry Expiry Date: 2023-09-09T13:47:20.593Z Registrar: NAMECHEAP Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Fax: REDACTED FOR PRIVACY Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: wesley.ns.cloudflare.com Name Server: rachel.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<< For more information on domain status codes, please visit https://icann.org/epp The WHOIS information provided in this page has been redacted in compliance with ICANN's Temporary Specification for gTLD Registration Data. The data in this record is provided by Uniregistry for informational purposes only, and it does not guarantee its accuracy. Uniregistry is authoritative for whois information in top-level domains it operates under contract with the Internet Corporation for Assigned Names and Numbers. Whois information from other top-level domains is provided by a third-party under license to Uniregistry. This service is intended only for query-based access. By using this service, you agree that you will use any data presented only for lawful purposes and that, under no circumstances will you use (a) data acquired for the purpose of allowing, enabling, or otherwise supporting the transmission by e-mail, telephone, facsimile or other communications mechanism of mass unsolicited, commercial advertising or solicitations to entities other than your existing customers; or (b) this service to enable high volume, automated, electronic processes that send queries or data to the systems of any Registrar or any Registry except as reasonably necessary to register domain names or modify existing domain name registrations. Uniregistry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. All rights reserved. Domain name: nom-nom.link Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-09T13:47:20.59Z Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com Name Server: rachel.ns.cloudflare.com Name Server: wesley.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:44:19IPv6 AddressNoDNS Resolver15030None2600:1f18:2489:8200::c8funny.battleb0t.xyz
2023-05-12 03:03:55Co-Hosted SiteNoThreatMiner0020Noneeliaspinheironeto.github.io185.199.108.153
2023-05-12 03:34:36Netblock MembershipNoRIPE5030None45.131.109.0/2445.131.109.53
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneDisqus (Category: social) https://disqus.com/by/Altpapier/Altpapier
2023-05-12 02:55:25Social Media PresenceNoSocial Network Identifier0040NoneGithub: https://github.com/Altpapier/SkyHelperAPI/issueshttps://github.com/Altpapier/SkyHelperAPI/issues
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.224): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:00:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.43): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:38Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01-edu.github.io
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonezoom (Net ID: 00:01:38:3F:26:0C)40.2024, 29.0398
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneTeespring (Category: business) https://login.creator-spring.comlogin
2023-05-12 03:00:58Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.96): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless2 (Net ID: 00:01:36:03:07:83)52.3759, 4.8975
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx Guest (Net ID: 00:01:21:26:42:50)41.8781, -87.6298
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneTechAir (Net ID: 00:01:21:30:60:FE)41.8781, -87.6298
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:62:CF:8A)33.336199,-111.89446440830702
2023-05-12 02:54:14HTTP Status CodeNoWeb Spider0120None403kekw.battleb0t.xyz
2023-05-12 02:44:15Co-Hosted SiteNoSSL Certificate Analyzer0120Nonenetlify.appfunny.battleb0t.xyz
2023-05-12 02:47:25Open TCP PortNoPulsedive0020None185.199.108.153:443185.199.108.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:7B:56:15)33.336199,-111.89446440830702
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040None7732 1224 (Net ID: 00:0F:CC:FD:AD:58)32.8608, -79.9746
2023-05-12 02:59:59Affiliate - Email AddressNoE-Mail Address Extractor0030Nonejhruby.web@gmail.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneComputing websitescdn-185-199-111-153.github.com
2023-05-12 03:03:40Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01010101lzy.github.io
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None472 (Net ID: 00:02:2D:C3:4A:5F)37.7642, -122.3993
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonezoom1372 (Net ID: 00:01:38:85:A8:E5)37.7813933,-122.3918002
2023-05-12 03:01:30Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.40): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:08:54Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7234.74.170.74
2023-05-12 02:55:25Linked URL - InternalNoGoogle0020Nonehttps://www.ayhu.xyz/www.ayhu.xyz
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080NoneYouTube User (Category: video) https://www.youtube.com/user/baptistevauthey/aboutbaptistevauthey
2023-05-12 02:56:09SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 13 15:23:51 2023 GMT Not After : May 14 15:23:50 2023 GMT Subject: CN=nuke.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31: ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71: 0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af: 0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a: 5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7: 39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65: 24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59: 71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34: e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9: 0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc: 9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74: 06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3: aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75: 91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79: 73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb: 18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61: 4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26: a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1: d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1: 46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9: 1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01: 80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7: eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de: b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f: e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48: f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99: d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20: 45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86: e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd: 16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9: 1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9: f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8: 73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9: 53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba: 3c:1f:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nuke.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 13 16:23:51.711 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:74:49:47:F4:26:47:0D:47:E2:9A:66:AF: F3:3B:46:53:9D:6A:00:FC:C4:5B:6D:E9:3D:6A:E5:A3: AC:D8:18:26:02:21:00:F0:DF:BE:68:08:A5:73:33:B8: 41:78:C8:F1:1D:97:89:D0:3C:53:99:EC:D3:37:A8:F1: 3C:4D:2D:2A:6D:AA:99 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 13 16:23:51.724 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C5:F1:D7:EC:63:EF:D2:2B:1D:83:7B: 83:54:8D:82:F0:09:7B:86:48:A1:52:8A:D7:9F:9A:A4: 8F:C9:E6:6D:A9:02:21:00:BF:BA:DA:57:96:9F:75:77: 05:96:B4:C2:FA:F6:06:66:B5:84:A9:CC:F1:BA:83:9B: 82:75:E0:63:24:71:36:67 Signature Algorithm: sha256WithRSAEncryption 85:63:54:da:d2:e7:1a:fb:ec:3f:3a:27:f7:a7:67:fe:c8:7b: 01:a2:64:e4:ee:ee:8e:f0:73:aa:5c:d0:77:bb:6f:be:12:26: 63:92:52:2b:90:c5:19:0c:01:d9:fb:68:bc:45:29:22:6d:35: 24:74:65:da:4b:43:d7:65:1a:2d:49:c6:90:fb:fd:df:39:3b: cf:ed:9d:e1:a6:3d:3e:a0:05:2d:c4:03:55:00:85:97:89:e2: 1e:88:22:b2:ee:28:86:0f:c1:b8:e5:17:29:7c:e7:e3:6e:66: 99:6b:e8:89:3f:2e:a5:71:74:a0:b7:70:7a:4e:d4:b2:8a:69: b1:f7:4b:20:bd:fb:7b:d5:07:9a:0c:c6:99:dd:4b:3f:c8:5e: 41:b1:8e:dd:2a:1a:39:aa:08:e2:1e:e6:e3:63:8f:d4:59:98: ae:0a:7d:59:e3:fc:7d:a9:1f:51:9d:83:fc:16:e1:80:20:2f: 21:21:50:dd:de:43:12:b9:29:89:20:37:79:64:39:a0:00:fa: b9:f2:d1:d6:97:d7:a4:ad:65:b2:7e:a9:68:2b:1e:77:25:f0: a5:6a:9b:71:2e:77:c5:cb:51:1f:d8:52:be:f1:4f:2f:03:bf: 1b:74:58:57:b0:dc:c1:17:3e:44:8c:02:67:40:b6:b2:69:3c: 5b:81:25:af battleb0t.xyz
2023-05-12 03:23:27Open TCP PortNoPulsedive0030None188.114.96.9:8443188.114.96.0/24
2023-05-12 03:03:16Internet Name - UnresolvedNoDNS Resolver0020Nonemail.ayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 03:24:21Linked URL - InternalNoWeb Spider5020Nonehttps://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiUhttps://ayhu.xyz/lol.html
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneAllstate 2.4G (Net ID: 00:02:6F:F8:0A:40)33.617190550339146,-111.90827887019054
2023-05-12 03:00:49Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.67): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:49Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonecloudwaysapps.com64.226.81.43
2023-05-12 03:00:51Co-Hosted SiteNoHackerTarget1020None000.ovh185.199.111.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonephi (Net ID: 00:06:B1:2D:D2:D1)33.617190550339146,-111.90827887019054
2023-05-12 02:57:44Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 10, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://develop--lifecard-basic.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5672:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5672:120:WilError_01"\n "Local\\SM0:5580:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:5580:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5672:120:WilError_01"\n "Local\\SM0:5672:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5676:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://develop--lifecard-basic.netlify.app/"\n Pattern match: "https://develop--lifecard-basic.netlify.app"'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE4-12014391507\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\966b4622-5189-4715-ace7-32781c511d01" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE4-26614537913\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d0313995-11ad-4fbc-ac47-fb134ed2e3e0" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE6-26619492266\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\OptimizationGuidePredictionModels" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE6-50648112176\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Bookmarks" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE2-65382453450\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Bookmarks.msbak" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE2-65382453450\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00007352-00000BE4-161466459\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\reports" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00007352-00000BE4-164012001\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\attachments" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00007352-00000BE4-166951574\n "--type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\\Microsoft\\Edge\\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=103.0.5060.53 "--annotation=exe=%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=103.0.1264.37 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd8,0x7ff9146190b8,0x7ff9146190c8,0x7ff9146190d8" (Indicator: "microsoft\\edge\\user data") in Source: msedge.exe'}], u'threat_level': 0, u'size': None, u'job_id': u'637eba44d524a07f2576099e', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'suspicious_identifiers': [], u'attck_id': u'T1005', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Data from Local System', u'informative_identifiers': [], u'tactic': u'Collection', u'informative_identifiers_count': 0, u'suspicious_identifiers_count': 1}], u'certificates': [], u'hosts': [u'34.148.97.127'], u'sha256': u'025407f1cd178ff7c81c5b101ca381ce72f5056e2ae85a03b5184adbb9151083', u'sha512': u'68475e41725f628b8af418c7f8123130b34e9b9627d9378d7adbfd41d9af4bbb930e36e05c418c7477a17d81df67a8d6f0fcba60f9094f21b33f41363ec82ae3', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://develop--lifecard-basic.netlify.app/', u'submission_id': u'637eba44d524a07f2576099f', u'created_at': u'2022-11-24T00:26:44+00:00', u'filename': None}], u'analysis_start_time': u'2022-11-24T00:30:54+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 4, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'3633daa5dd9513875472344179c1fb32', u'network_mode': u'default', u'processes': [], u'sha1': u'a04be0e448fafc36381b730c03d0fd075779e81d', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 10 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}]34.148.97.127
2023-05-12 02:54:54HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5a6f150a072cb8-ORD"]}2a06:98c1:3121::1
2023-05-12 02:56:50Internet NameNoDNS Resolver0020Nonefunny.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:48:35 2023 GMT Not After : Apr 14 17:48:34 2023 GMT Subject: CN=funny-face-pictures.nom-nom.link Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4: 8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62: 35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7: d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d: 46:7d:03:91:0a ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 14 18:48:35.447 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:23:7B:64:B6:2C:AC:F5:E8:CA:03:17:B5: C8:52:1F:78:4E:9E:45:71:9E:BA:A5:B9:28:E2:F6:98: 5C:9C:55:4D:02:21:00:C5:7A:6D:7B:D9:FC:31:BE:EE: D2:45:60:40:E8:F3:98:F6:00:28:61:5C:51:F5:50:E2: F1:BC:67:67:34:47:34 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 14 18:48:35.442 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:77:EF:CC:3A:63:43:C6:E6:6C:CD:36:4F: 64:00:42:35:30:9C:67:0E:E7:F4:15:29:43:E9:0B:EB: EA:B5:DD:47:02:20:43:3C:D6:F2:D6:6A:25:2C:8C:A9: 19:78:E2:12:1F:E6:13:A2:C8:59:FC:58:1D:CC:B7:3C: FE:5E:08:B2:25:67 Signature Algorithm: sha256WithRSAEncryption 26:53:65:d8:0f:da:9d:5c:c2:89:7f:e9:59:db:82:df:21:01: bc:a3:b0:96:ec:a1:79:53:d3:6d:a2:73:a4:48:f5:f3:60:37: 2f:d6:c2:bc:34:d6:5c:7b:52:5d:a2:86:c6:22:cc:0d:88:a5: 09:9e:b7:e0:33:0e:94:6a:31:dd:1a:ce:0b:4a:1b:35:81:e8: 18:b8:67:35:7b:c5:55:5b:fa:24:e1:61:d8:fc:4c:fb:0b:69: 6d:b7:e9:88:a8:d9:f4:30:10:9e:d7:62:ac:85:d6:f5:b8:e4: d1:e1:dd:33:91:22:79:d9:d1:27:2a:78:63:a1:7e:92:44:93: 5d:7f:b9:50:5b:7c:41:db:0c:39:77:23:a9:bf:96:10:23:77: 56:f9:ce:90:f2:c8:df:fc:44:22:77:ff:3a:73:64:da:f9:9d: 43:b8:69:0a:60:9d:7e:36:25:20:ea:05:1d:9b:94:cd:ee:68: aa:a6:47:3a:63:73:de:dd:31:b0:d6:03:9e:95:3c:99:1c:f5: c1:10:0c:3b:9b:5b:bb:2b:91:5b:f8:0b:8e:c1:0a:80:b1:82: 3c:fb:af:ea:e3:db:58:02:64:c3:ab:7a:c9:4d:e2:fc:10:3c: ec:06:e0:99:ff:1b:90:aa:e6:ba:48:4e:20:e1:c2:59:01:96: cd:48:36:11
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneApple Network 079699 (Net ID: 00:02:2D:07:96:99)37.7642, -122.3993
2023-05-12 02:45:34Email Gateway (DNS MX Records)NoDNS Raw Records0010Noneroute1.mx.cloudflare.netbattleb0t.xyz
2023-05-12 03:12:16Co-Hosted Site - Domain WhoisNoWhois3050None Domain Name: ECASH-PAY.COM Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15Z Creation Date: 2021-04-26T06:58:38Z Registry Expiry Date: 2024-04-26T06:58:38Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: ecash-pay.com Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15.08Z Creation Date: 2021-04-26T06:58:38.00Z Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<< For more information on Whois status codes, please visit https://icann.org/eppecash-pay.com
2023-05-12 03:03:27Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.nwapi.battleb0t.xyz
2023-05-12 03:01:22Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.203): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None5526 7041 (Net ID: 00:00:C5:B5:6E:E5)41.8781, -87.6298
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.217): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:13:02Blacklisted Affiliate IP AddressYesThreat Jammer0130NoneThreat Jammer - Risk score: 40 (MEDIUM) https://threatjammer.com/info/87.248.157.9387.248.157.93
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneBelkin_G_Wireless_ (Net ID: 00:1C:DF:B6:B6:F1)32.8608, -79.9746
2023-05-12 03:31:34Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@gmo.jpDomain Name: AYHA.XYZ Registry Domain ID: D293590239-CNIC Registrar WHOIS Server: whois.discount-domain.com Registrar URL: http://www.onamae.com Updated Date: 2022-04-30T16:37:38.0Z Creation Date: 2022-04-25T16:34:12.0Z Registry Expiry Date: 2024-04-25T23:59:59.0Z Registrar: GMO Internet Group, Inc. d/b/a Onamae.com Registrar IANA ID: 49 Domain Status: ok https://icann.org/epp#ok Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Registrant Organization: Whois Privacy Protection Service by onamae.com Registrant State/Province: Tokyo Registrant Country: JP Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.GM111.PARKLOGIC.COM Name Server: NS2.GM111.PARKLOGIC.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@gmo.jp Registrar Abuse Contact Phone: +81.337709199 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayha.xyz Registry Domain ID: D293590239-CNIC Registrar WHOIS Server: whois.discount-domain.com Registrar URL: http://www.onamae.com Updated Date: 2023-04-26T06:12:30Z Creation Date: 2022-04-25T16:34:14Z Registrar Registration Expiration Date: 2023-04-25T23:59:59Z Registrar: GMO INTERNET, INC. Registrar IANA ID: 49 Registrar Abuse Contact Email: abuse@gmo.jp Registrar Abuse Contact Phone: +81.337709199 Domain Status: ok https://icann.org/epp#ok Registry Registrant ID: E4D57C1767DC8C Registrant Name: Whois Privacy Protection Service by onamae.com Registrant Organization: Whois Privacy Protection Service by onamae.com Registrant Street: 26-1 Sakuragaoka-cho Registrant Street: Cerulean Tower 11F Registrant City: Shibuya-ku Registrant State/Province: Tokyo Registrant Postal Code: 150-8512 Registrant Country: JP Registrant Phone: +81.354562560 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: proxy@whoisprotectservice.com Registry Admin ID: E4D57C3C00BE9C Admin Name: Whois Privacy Protection Service by onamae.com Admin Organization: Whois Privacy Protection Service by onamae.com Admin Street: 26-1 Sakuragaoka-cho Admin Street: Cerulean Tower 11F Admin City: Shibuya-ku Admin State/Province: Tokyo Admin Postal Code: 150-8512 Admin Country: JP Admin Phone: +81.354562560 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: proxy@whoisprotectservice.com Registry Tech ID: E4D27D6C252D99 Tech Name: Whois Privacy Protection Service by onamae.com Tech Organization: Whois Privacy Protection Service by onamae.com Tech Street: 26-1 Sakuragaoka-cho Tech Street: Cerulean Tower 11F Tech City: Shibuya-ku Tech State/Province: Tokyo Tech Postal Code: 150-8512 Tech Country: JP Tech Phone: +81.354562560 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: proxy@whoisprotectservice.com Name Server: ns1.gm111.parklogic.com Name Server: ns2.gm111.parklogic.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-04-26T06:12:30Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:10:00Affiliate - Internet NameNoDNS Resolver1040Nonenetherlands-18708423.mongo.ondigitalocean.com165.232.113.94
2023-05-12 03:00:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.21): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBJNPSETUP (Net ID: 00:00:85:F3:6A:27)41.8781, -87.6298
2023-05-12 02:46:17Physical LocationNoMetaDefender0030NoneSan Francisco, United States172.67.168.252
2023-05-12 03:32:29Open TCP PortNoPulsedive0030None188.114.97.15:80188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None02:30:14 (Net ID: 00:02:2D:03:B5:67)37.7642, -122.3993
2023-05-12 03:23:29Open TCP PortNoPulsedive0030None188.114.96.10:80188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:D1:F0:AA:05)41.8781, -87.6298
2023-05-12 03:12:41Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2016-6329 https://nvd.nist.gov/vuln/detail/CVE-2016-6329 Score: 5.9 Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.188.114.97.1
2023-05-12 02:44:28IP AddressNoDNS Resolver73020None34.148.97.127funny.battleb0t.xyz
2023-05-12 03:31:33Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabuse@namesilo.comDomain Name: AAHU.XYZ Registry Domain ID: D289905874-CNIC Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com Updated Date: 2022-06-06T11:23:48.0Z Creation Date: 2022-04-10T16:51:06.0Z Registry Expiry Date: 2024-04-10T23:59:59.0Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Registrant Organization: See PrivacyGuardian.org Registrant State/Province: AZ Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: LINDA.NS.GIANTPANDA.COM Name Server: VIVIAN.NS.GIANTPANDA.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namesilo.com Registrar Abuse Contact Phone: +1.4805240066 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:36.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: aahu.xyz Registry Domain ID: D289905874-CNIC Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com/ Updated Date: 2023-04-10T07:00:00Z Creation Date: 2022-04-10T07:00:00Z Registrar Registration Expiration Date: 2023-04-10T07:00:00Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Registrar Abuse Contact Email: abuse@namesilo.com Registrar Abuse Contact Phone: +1.4805240066 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: REDACTED FOR PRIVACY Registrant Organization: See PrivacyGuardian.org Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Registrant City: Phoenix Registrant State/Province: AZ Registrant Postal Code: 85016 Registrant Country: US Registrant Phone: +1.3478717726 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Registry Admin ID: Admin Name: Domain Administrator Admin Organization: See PrivacyGuardian.org Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Admin City: Phoenix Admin State/Province: AZ Admin Postal Code: 85016 Admin Country: US Admin Phone: +1.3478717726 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Registry Tech ID: Tech Name: Domain Administrator Tech Organization: See PrivacyGuardian.org Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Tech City: Phoenix Tech State/Province: AZ Tech Postal Code: 85016 Tech Country: US Tech Phone: +1.3478717726 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Name Server: hugh.ns.cloudflare.com Name Server: ryleigh.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:00:00Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of high-volume, automated, electronic processes. The Data in our WHOIS database is provided for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. We do not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to us (or our computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without our prior written consent. We reserve the right to terminate your access to the WHOIS database at our sole discretion, including without limitation, for excessive querying of the WHOIS database or for failure to otherwise abide by this policy. We reserve the right to modify these terms at any time. Domains - cheap, easy, and secure at NameSilo.com https://www.namesilo.com Register your domain now at www.NameSilo.com - Domains. Cheap, Fast and Secure
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=funny.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:56:19Netblock MembershipNoRIPE0020None188.114.97.0/24188.114.97.1
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget1020None0.dontkillmyapp.com185.199.111.153
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None104.21.71.14nwapi.battleb0t.xyz
2023-05-12 03:31:30Affiliate - Email AddressNoE-Mail Address Extractor0070Noneabuse@namecheap.comDomain Name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://www.namecheap.com/ Updated Date: 2022-06-08T05:38:27Z Creation Date: 2022-06-03T05:37:56Z Registry Expiry Date: 2026-06-03T05:37:56Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Capital Region Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: IS Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain name: 01def.io Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-06-03T05:37:56.70Z Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.117): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX551572EC4 (Net ID: 00:01:E3:57:2E:C4)52.3759, 4.8975
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneWireless (Net ID: 00:09:5B:26:F3:E2)33.617190550339146,-111.90827887019054
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0036labs.github.io] https://www.openphish.com/feed.txt0036labs.github.io
2023-05-12 03:00:36Affiliate - Email AddressNoE-Mail Address Extractor0040Noneabuse@namecheap.com Domain Name: CLOUDWAYSAPPS.COM Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-09-12T18:44:13Z Creation Date: 2012-01-04T12:17:34Z Registry Expiry Date: 2028-01-04T12:17:34Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-1086.AWSDNS-07.ORG Name Server: NS-2016.AWSDNS-60.CO.UK Name Server: NS-222.AWSDNS-27.COM Name Server: NS-854.AWSDNS-42.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: cloudwaysapps.com Registry Domain ID: 1695307151_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-06-22T11:27:03.11Z Creation Date: 2012-01-04T12:17:34.00Z Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com Name Server: ns-222.awsdns-27.com Name Server: ns-854.awsdns-42.net Name Server: ns-1086.awsdns-07.org Name Server: ns-2016.awsdns-60.co.uk DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:55:25Social Media PresenceNoSocial Network Identifier0040NoneGithub: https://github.com/Altpapier/SkyHelperAPI/tree/master/exampleshttps://github.com/Altpapier/SkyHelperAPI/tree/master/examples
2023-05-12 02:45:44Physical LocationNoAbstractAPI1020NoneChantilly, Virginia, 20151, United States, North America2606:50c0:8002::153
2023-05-12 02:54:19Linked URL - InternalNoWeb Spider1030Nonehttps://fluid.battleb0t.xyz/logo.pnghttps://fluid.battleb0t.xyz/
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:76:57:05)33.336199,-111.89446440830702
2023-05-12 02:56:51Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:47 2022 GMT Not After : Mar 27 01:46:46 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73: ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3: 24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1: 1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c: 7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75: bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64: 25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35: 82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30: 5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5: 3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91: 70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3: 52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92: e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56: a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64: aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98: 02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b: 8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa: b6:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 27 02:46:47.420 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:5E:6B:E1:80:95:E9:06:B9:64:A1:6D:DC: F7:46:19:D7:44:B3:41:56:D0:CD:B2:17:79:5E:38:01: 98:82:42:B4:02:21:00:BB:82:4F:AE:81:BB:9F:FF:F6: F5:EC:BC:04:24:9F:54:06:50:1B:72:28:CB:B2:D2:B9: F3:82:3C:FB:08:50:07 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 27 02:46:47.434 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:DB:34:C7:60:1E:A0:7B:B4:93:B7:C3: 6F:79:DF:2B:2D:A1:07:F6:E0:3C:66:9E:DB:AB:71:DF: C8:12:FA:43:40:02:20:40:0C:EE:4D:C0:C7:6C:61:B4: C4:4E:15:E2:3B:37:04:6C:A3:AE:DB:A8:2D:9F:6D:D1: 44:F8:EF:BB:53:2D:AA Signature Algorithm: sha256WithRSAEncryption 2d:0d:59:11:7e:bd:11:7c:f4:13:c8:d6:c5:40:47:7f:c1:17: f8:18:85:ad:f5:ee:eb:ca:33:40:d0:80:8a:a2:5e:d9:cb:36: 84:5e:8f:ea:da:80:c0:0f:bc:fb:ed:5d:aa:90:c6:8d:e2:e0: 93:88:ba:dd:b6:40:89:0d:e9:1c:2b:f7:10:55:11:ed:5f:b4: fb:fb:56:28:a1:cf:a8:59:b5:c5:78:e9:54:8e:06:d9:23:af: f2:43:7d:64:52:f1:26:ea:4f:5e:ca:47:af:10:86:bc:07:b5: f9:72:9d:08:e5:af:f4:89:55:6c:58:05:70:62:87:bc:37:3c: b1:7c:29:a6:06:1e:b5:a4:e0:40:13:6d:69:d7:73:91:80:75: 18:3c:5b:0a:7c:a4:ff:05:c7:98:e1:97:78:96:31:ea:08:08: 4a:40:e6:a1:dd:b4:58:50:6f:80:e3:70:72:18:89:1b:9e:32: 1a:ca:dd:a2:a8:e9:74:eb:2c:c4:a6:1c:b7:31:48:b6:e4:67: 9b:a7:9c:a6:df:cd:82:95:8c:31:83:cd:c7:0e:e3:d2:a3:19: 06:a0:13:7b:a7:11:2c:dd:85:53:7f:ff:2c:0f:11:cf:5d:a7: fb:7d:2f:9b:4b:7a:3e:55:04:0b:72:4a:13:4f:26:99:3b:63: 24:f8:e3:2a
2023-05-12 03:32:08Open TCP PortNoPulsedive0030None188.114.97.5:8443188.114.97.0/24
2023-05-12 03:08:59Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.9287.248.157.102
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSamsung Galaxy S8_5419 (Net ID: A2:C9:A0:CE:8F:DC)37.751, -97.822
2023-05-12 02:54:19Linked URL - InternalNoWeb Spider1030Nonehttps://fluid.battleb0t.xyz/app_badge.pnghttps://fluid.battleb0t.xyz/
2023-05-12 02:46:29Netblock MembershipNoRIPE5030None64.226.80.0/2064.226.81.43
2023-05-12 03:00:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.35): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:59:16Raw Data from RIRsNoHybrid Analysis0020None{u'count': 1, u'search_terms': [{u'id': u'host', u'value': u'188.114.96.1'}], u'result': [{u'environment_id': 100, u'job_id': u'631a665717ba8f2f707e8915', u'analysis_start_time': u'2022-09-08 22:02:00', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'5d930bb75d728b31880a4b3fe975a343b4dfd7855f2a943ba94d6c5bb93a8cfa', u'type': None, u'type_short': u'url', u'size': 44}]}188.114.96.1
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040None3035 3464 (Net ID: 00:0F:CC:61:D8:F8)32.8608, -79.9746
2023-05-12 02:46:49Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app104.196.30.220
2023-05-12 02:46:50Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app34.74.170.74
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneEijsbouts (Net ID: 00:01:E3:04:C3:19)52.3759, 4.8975
2023-05-12 02:44:42Internet NameNoDNS Resolver0020Nonefunny.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:33:43 2023 GMT Not After : Apr 14 17:33:42 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96: e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57: f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f: 0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a: 5c:c8:f0:96:d7 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 14 18:33:43.335 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:F2:1C:95:AC:AF:08:7C:44:9A:42:32: 2C:2F:8A:04:A1:13:F3:46:FA:9D:26:CA:C9:98:C2:1D: 74:69:E4:86:1B:02:21:00:B6:39:78:67:7F:13:7F:74: 50:2A:AE:F8:F3:CD:06:25:FB:E7:4F:A7:FE:B7:C5:D8: 77:35:DE:26:00:5A:58:41 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 14 18:33:43.326 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:98:54:50:30:B1:AC:EB:16:2E:CF:2C: E2:5C:6F:49:73:2D:91:13:E2:7A:C0:23:16:9D:9E:E9: 34:9D:A8:4E:A2:02:21:00:E3:DA:6F:CF:C9:A3:6F:47: 24:1E:42:4E:CB:2C:6D:AC:F1:F2:5C:4B:15:0B:90:2E: FE:19:52:BD:26:73:E2:1D Signature Algorithm: sha256WithRSAEncryption 2f:9e:31:fd:c7:7d:47:cd:fd:01:35:76:75:af:bd:65:15:84: 23:f2:b5:a5:8c:aa:3b:d4:46:ab:0f:e0:6d:fb:3d:ad:16:bd: 71:fe:51:be:c7:6a:78:ea:91:90:3b:63:30:ca:95:ff:ee:9d: 47:eb:f2:5f:85:42:d9:44:d3:72:73:10:be:c7:a2:44:25:dc: 30:6d:25:07:16:5b:55:37:2d:53:15:d4:54:6f:02:56:82:ca: 95:f2:b0:da:05:fe:09:30:21:c9:bf:23:af:eb:66:9c:3c:46: c8:ed:d9:23:0c:31:c4:20:44:6b:a8:53:fc:12:a1:6a:08:26: 66:47:c9:ad:7e:d3:29:01:28:72:f6:e7:00:31:5c:a0:b4:5c: 64:09:26:8a:da:16:e9:1a:8b:b1:d1:3c:b2:df:e5:77:f4:c3: a8:4f:d0:1f:26:99:a7:10:8e:7f:65:a5:5e:cc:0b:70:42:ad: cf:7c:e0:c3:b5:7f:91:07:d9:1f:ba:ef:57:c4:d1:91:9e:a3: 40:93:8d:12:a1:08:bc:b5:cb:35:70:ad:45:f9:4b:fb:c8:74: 0b:37:9e:08:b9:59:0e:0e:55:98:c2:7b:c5:55:28:93:52:3c: ca:41:c2:5e:52:c3:32:1b:c4:d5:a9:18:45:1e:58:3a:fc:ed: c0:69:88:aa
2023-05-12 03:01:15Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.139): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.244): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:18Internet NameNoDNS Resolver0020Nonewww.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 18:07:07 2022 GMT Not After : Mar 13 18:07:06 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5: cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40: 8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da: 78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a: 56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00: cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85: b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4: 1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d: 86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9: c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0: 2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f: 7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28: 87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb: 3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9: ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf: fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce: a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1: d3:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 56:a7:32:cc:63:2f:7b:45:7f:05:18:5f:3e:03:67:82:e5:0e: 14:24:2d:4e:bd:24:f5:fa:90:92:69:17:7b:d1:23:b4:5f:72: 7a:af:32:e2:c8:28:7e:98:41:f2:c7:ab:41:34:02:6f:ca:a4: 77:0e:6b:df:35:1b:69:e8:30:42:43:a2:b1:d9:fd:cb:17:1e: 46:a3:67:c9:5d:ff:94:85:0e:a2:df:d3:83:d0:a3:f2:83:7b: dd:2e:d5:ae:32:94:05:46:0c:19:ca:ed:27:24:30:de:c1:83: b3:fa:a9:28:10:06:41:f9:bc:8e:ec:2c:b2:c5:50:1b:53:d4: 5f:dc:93:4c:91:47:36:3e:18:bb:60:2e:2b:c3:a2:8e:d0:41: bf:b5:f2:c1:3c:9e:23:83:f3:0a:e9:90:b8:ea:07:4c:7d:33: 7f:96:41:8c:3e:17:1d:9e:ed:d7:88:e1:f2:d6:4c:ee:67:b7: 9d:77:dd:54:17:a0:45:80:3c:14:ae:d9:2c:f9:2f:a7:d3:1a: b6:ff:c0:51:b2:15:42:38:03:d0:4b:ff:c0:3f:6d:02:65:07: 67:bb:0a:98:60:da:ab:a9:72:b1:8d:b2:e0:ad:99:f8:08:b9: 1a:39:e6:69:82:23:94:db:8e:23:77:72:cb:aa:45:70:fd:4e: 10:ce:72:06
2023-05-12 03:01:00Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.103): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneCollaborative projectsbattleb0t.github.io
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneRTL867x-ADSL (Net ID: 00:08:A1:C5:5A:46)40.2024, 29.0398
2023-05-12 02:54:54Open TCP PortNoCensys0020None2a06:98c1:3121::1:4432a06:98c1:3121::1
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneMatrix (Net ID: 00:06:25:B5:6B:A4)33.336199,-111.89446440830702
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.238): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:32:02Open TCP PortNoPulsedive0030None188.114.97.2:443188.114.97.0/24
2023-05-12 02:53:39Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-12T01:06:26.588Z", "ip": "185.199.108.153", "location_updated_at": "2023-05-11T02:22:47.949696Z", "autonomous_system_updated_at": "2023-04-28T16:49:31.623526Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "sidzhang.me": {"record_type": "A", "resolved_at": "2023-05-07T18:33:14.124363141Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "www.umeerrama.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T03:24:25.913053555Z"}, "markthorp.com": {"record_type": "A", "resolved_at": "2023-03-16T13:51:32.870019802Z"}, "lainamae.github.io": {"record_type": "A", "resolved_at": "2023-03-19T16:04:34.954365399Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "yomikang.com": {"record_type": "A", "resolved_at": "2023-03-13T23:26:36.363123885Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "villterv.duckdns.org": {"record_type": "A", "resolved_at": "2023-03-22T20:33:12.338237784Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "www.mpcontractingllc.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T14:45:02.303045548Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "sprouttech.co.uk": {"record_type": "A", "resolved_at": "2022-11-16T13:56:26.442294692Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "www.raymondyin.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:36:01.064188731Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "elvishenry.github.io": {"record_type": "A", "resolved_at": "2023-03-10T15:31:55.603307966Z"}, "www.maloley.me": {"record_type": "CNAME", "resolved_at": "2023-03-08T17:00:37.978750103Z"}, "surdu.me": {"record_type": "A", "resolved_at": "2023-05-04T18:59:57.242525118Z"}, "sarith.net": {"record_type": "A", "resolved_at": "2023-03-22T20:26:16.119209942Z"}, "altiusaero.com": {"record_type": "A", "resolved_at": "2023-04-27T13:40:10.787464508Z"}, "www.felixnrc.ar": {"record_type": "CNAME", "resolved_at": "2023-03-03T12:11:30.075523539Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "guestsofthetalkshow.net": {"record_type": "A", "resolved_at": "2023-04-24T20:00:08.001925119Z"}, "www.axelfontaine.com": {"record_type": "CNAME", "resolved_at": "2023-04-25T14:00:05.244431324Z"}, "www.bluebridges.ml": {"record_type": "CNAME", "resolved_at": "2023-01-04T15:20:49.107407095Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "marcosanson.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:31.111859990Z"}, "www.henryelvis.fr": {"record_type": "CNAME", "resolved_at": "2023-03-04T16:13:03.494253182Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "www.mishamol.ru": {"record_type": "CNAME", "resolved_at": "2023-04-24T22:01:44.486211723Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "sarahsantiago.com.br": {"record_type": "A", "resolved_at": "2023-02-18T01:39:20.470353293Z"}, "jarrodboone.info": {"record_type": "A", "resolved_at": "2023-03-06T16:41:45.613039480Z"}, "p2sr.github.io": {"record_type": "A", "resolved_at": "2023-03-22T00:24:30.825824556Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "www.jinhankim.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T22:14:08.392069866Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "www.cryptdocs.ml": {"record_type": "CNAME", "resolved_at": "2023-03-19T17:59:09.887768968Z"}, "vighnesh.ninja": {"record_type": "A", "resolved_at": "2023-03-19T17:46:52.312167687Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "gronskiy.com": {"record_type": "A", "resolved_at": "2023-03-17T14:05:29.509591628Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "vesgauniformes.com": {"record_type": "A", "resolved_at": "2023-02-22T15:35:48.205405836Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "jianli.hogancn.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:40:00.667151420Z"}, "prohlaseni.altair.blog": {"record_type": "CNAME", "resolved_at": "2023-05-07T12:27:20.143793708Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "loadout.inkstrike.net": {"record_type": "CNAME", "resolved_at": "2023-04-18T19:24:34.277583383Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "derekmagill.net": {"record_type": "A", "resolved_at": "2023-05-03T19:23:31.613919607Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "www.adamtroc.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T16:03:03.862526493Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "varshaprasad.com": {"record_type": "A", "resolved_at": "2023-03-22T11:02:20.888175128Z"}, "mlefree.com": {"record_type": "A", "resolved_at": "2023-03-08T14:17:25.701832947Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-04-23T17:40:41.917214504Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "sar.portal2.sr": {"record_type": "CNAME", "resolved_at": "2023-03-19T17:40:17.370882551Z"}, "p1nant0m.com": {"record_type": "A", "resolved_at": "2023-03-26T21:40:25.850660596Z"}, "www.lainamae.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:30:14.030874675Z"}, "tablerpressurewashing.com": {"record_type": "A", "resolved_at": "2023-03-11T12:53:29.882274705Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "alexndrvega.github.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:51.452605486Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "www.runningcode.net": {"record_type": "CNAME", "resolved_at": "2023-05-03T20:11:29.826302413Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "codelib.alteredlife.co.uk": {"record_type": "CNAME", "resolved_at": "2023-04-17T23:28:22.855144188Z"}, "www.ryjer.net": {"record_type": "CNAME", "resolved_at": "2023-04-04T21:20:41.787316653Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "www.fanfit.com.au": {"record_type": "CNAME", "resolved_at": "2023-05-01T12:19:08.882320873Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "lethaltext.ai": {"record_type": "A", "resolved_at": "2023-04-03T12:14:51.572505030Z"}, "felixnrc.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:32:03.703893737Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "www.brly.net": {"record_type": "CNAME", "resolved_at": "2023-04-08T19:19:47.603414761Z"}, "www.wishingwellberlin.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:00:16.833241253Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}, "bamru-tech.github.io": {"record_type": "A", "resolved_at": "2023-03-17T16:27:10.957414808Z"}}, "names": ["www.felixnrc.ar", "maxkross.github.io", "www.fanfit.com.au", "comics.bilardi.net", "sar.portal2.sr", "cyberfriendscircle.io", "www.maloley.me", "varshaprasad.com", "www.jinhankim.com", "www.wise.fitness", "yomikang.com", "kleinsplayground.com", "lainamae.github.io", "www.umeerrama.com", "derekmagill.net", "intersolarnft.github.io", "dhanush.is-a.dev", "gmacd.net", "elvishenry.github.io", 185.199.108.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None200WMadison (Net ID: 00:01:21:30:9B:1A)41.8781, -87.6298
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00theway.github.io] https://www.openphish.com/feed.txt00theway.github.io
2023-05-12 02:44:16Internet NameNoDNS Resolver4020Nonewww.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNetFBC6 (Net ID: 00:01:36:5A:FB:C4)37.7813933,-122.3918002
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneTraventHome (Net ID: 00:01:24:F0:1D:C3)37.7642, -122.3993
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:00:13Internet Name - UnresolvedNoCertificate Transparency0010Nonewebdisk.ayhu.xyzayhu.xyz
2023-05-12 03:09:56Affiliate - Internet NameNoDNS Resolver0030Nonedgn.keyubu.com87.248.157.106
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.15): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonesocial_msdn (Category: social) https://social.msdn.microsoft.com/profile/loginlogin
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:20:8C:1A)37.7642, -122.3993
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:05:5D:ED:08:8A)33.336199,-111.89446440830702
2023-05-12 03:38:36Blacklisted Affiliate IP AddressYesUCEPROTECT0040NoneUCEPROTECT - Level 2 (some false positives) (46.101.229.68)46.101.229.68
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneTwist Studio (Net ID: 00:02:2D:07:96:23)37.780462,-122.390564
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.174): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneVEBNG (Net ID: 00:02:6F:75:9C:1E)50.1188, 8.6843
2023-05-12 02:58:57SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 0d:40:8d:d9:7c:a1:bd:4c:0d:06:c5:3f:c3:e9:2e:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Apr 11 04:54:50 2023 GMT Not After : Jul 10 04:54:49 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a5:65:fa:d8:79:b7:aa:9f:cd:61:b9:6d:61:bb: e3:07:27:16:d3:e1:46:58:db:ea:35:f8:26:d8:c8: 09:7e:b6:39:79:12:45:7f:4a:96:c2:65:47:bc:37: b3:76:46:83:08:24:7b:32:63:f5:07:b6:17:66:20: 18:e4:18:8c:6e:16:7f:bc:81:ec:10:38:cc:20:6d: 2c:d6:29:65:3d:24:15:7a:78:2a:d0:43:3c:46:03: 10:b3:27:47:c6:2c:d9:37:1a:f8:11:aa:82:ad:00: 76:a7:88:0c:2b:f1:1a:b2:9a:95:76:c4:a9:4b:c3: 62:f9:12:87:35:9a:50:60:71:89:06:0b:f5:83:3f: b3:37:8b:3d:cb:f9:c2:99:ee:99:d3:c8:08:07:e1: c6:20:fc:1e:cb:95:74:f5:c1:74:33:8b:1b:39:2e: 63:89:98:62:bd:9a:c6:13:b2:b5:95:ec:cb:ee:ce: 27:e7:da:24:f1:8e:b6:e6:ab:e2:7a:20:63:e1:26: ab:e8:05:03:30:6e:ae:59:d4:02:26:10:36:ee:3d: 2a:f4:c0:78:59:fa:77:cd:2a:88:bd:16:94:1a:e1: c4:ca:d8:5b:b7:12:2e:db:10:0e:ec:94:77:40:49: b3:6f:75:18:22:d3:cb:58:3c:44:d0:05:e2:db:a8: 00:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: BA:51:29:0E:2E:1D:B8:E3:1A:BA:7C:11:8D:3C:69:BB:27:B0:51:A7 X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/TQXQbT5nMS4 CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/PX7fR59yV-s.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 35:8a:d2:67:fd:ed:b1:23:72:f0:a2:4c:97:ee:c5:7e:e1:b0: 84:de:17:e3:7f:b0:fd:4c:e4:f5:d9:c1:87:4a:b8:32:d6:97: 13:2d:ab:c3:d8:0c:ce:60:02:7a:3d:d5:8b:4f:9b:89:37:1e: 07:e8:65:4f:13:db:bc:f2:3f:ba:ea:3a:b7:97:d8:a0:c0:4a: 65:8c:35:35:fd:69:77:08:6c:3c:bf:e2:a6:4a:02:ca:fc:ed: e5:52:89:bc:c1:b6:61:98:79:3c:a3:31:8c:d6:1d:49:4c:6e: 4f:51:4b:80:2f:a3:0a:eb:fd:a0:1d:23:01:9e:b7:13:91:2e: ea:39:a6:6a:a5:6e:65:a0:60:47:cf:fa:44:01:e4:af:f2:74: c6:c0:9c:28:45:d7:eb:58:39:c7:39:24:41:f2:f3:e3:a3:aa: 8b:59:5c:05:a1:91:0e:a2:f0:b0:ab:cb:39:e8:59:97:1b:9f: 8d:d8:c2:47:ab:c2:d9:46:03:7a:5d:eb:fd:3e:65:0d:f9:fe: dc:1b:a2:95:80:34:f0:64:f6:d6:5a:43:e4:2b:5f:53:8b:84: 65:53:97:2f:8f:bb:f4:1d:f8:10:82:18:da:d2:33:31:94:ea: 59:b0:de:49:31:a7:28:65:0c:5e:e7:fb:cf:58:f0:de:70:9b: 5c:67:53:d1 ayhu.xyz
2023-05-12 03:25:17Internet NameNoDNS Brute-forcer0010Nonewww.ayhu.xyzayhu.xyz
2023-05-12 02:54:16Linked URL - InternalNoWeb Spider3020Nonehttps://oldfluid.battleb0t.xyz/oldfluid.battleb0t.xyz
2023-05-12 02:51:40Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://email.energypreciousplus.com/?qs=202284189811717324811030210873145040889', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:7728:120:WilError_01"\n "SM0:7728:120:WilError_01"\n "Local\\SM0:7728:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7728:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"51.38.209.93:80"\n "138.91.254.96:443"\n "104.21.12.87:443"\n "104.21.39.188:443"\n "104.17.24.14:443"\n "104.21.24.239:443"\n "185.199.108.153:443"\n "142.251.46.202:443"\n "142.251.46.163:443"\n "35.190.80.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"email.energypreciousplus.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.nel.cloudflare.com"\n "api.edgeoffer.microsoft.com"\n "cdnjs.cloudflare.com"\n "email.energypreciousplus.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "inorganik.github.io"\n "k.chasingglitters.com"\n "kyleismyfavorite.com"\n "signaturewithatwist.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\shopping.js]- [targetUID: 00000000-00001340]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001340]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\1340_2106655350\\edge_driver.js]- [targetUID: 00000000-00001340]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\edge_driver.js]- [targetUID: 00000000-00001340]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\1340_2106655350\\vendor.bundle.js]- [targetUID: 00000000-00001340]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00001340]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\auto_open_controller.js]- [targetUID: 00000000-00001340]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00001340]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\1340_2106655350\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00001340]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\edge_checkout_page_validator.js]- [targetUID: 00000000-00001340]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00001340]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\product_page.js]- [targetUID: 00000000-00001340]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUI185.199.108.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Noneremraz wd pro 2g (Net ID: 00:00:C0:01:7B:3F)52.3759, 4.8975
2023-05-12 03:24:22Linked URL - InternalNoWeb Spider1020Nonehttps://ayhu.xyz/http://ayhu.xyz/
2023-05-12 02:55:52Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://fakeyou.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fakeyou.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fakeyou.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar207B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:80"\n "104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_b04_IE_EarlyTabStart_0xeac_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b04_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b04_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b04_ConnHashTable<2820>_HashTable_Mutex"\n "IsoScope_b04_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2820"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b04_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab207A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpfakeyou.com" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003088]\n "_87BE6B54-B749-11ED-AC3C-080027FE9315_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "Cab207A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab207A.tmp]- [targetUID: 00000000-00003088]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._7CF0C385-B749-11ED-AC3C-080027FE9315_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFDAD5417A26E3E872.TMP" has type "data"- Location: [%TEMP%\\~DFDAD5417A26E3E872.TMP]- [targetUID: 00000000-00002820]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "42VPP0D5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\42VPP0D5.txt]- [targetUID: 00000000-00002820]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002820]\n "OPUDGCZY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OPUDGCZY.txt]- [targetUID: 00000000-00002820]\n "Tar207B.tmp" has type "data"- Location: [%TEMP%\\Tar207B.tmp]- [targetUID: 00000000-00003088]\n "HVIM856A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HVIM856A.txt]- [targetUID: 00000000-00002820]\n "J0B825KS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0B825KS.txt]- [targetUID: 00000000-00002820]\n "33YQJ8LX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\33YQJ8LX.txt]- [targetUID: 00000000-00002820]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "ZMP638A7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZMP638A7.txt]- [targetUID: 00000000-00002820]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: fakeyou.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://fakeyou.com/"\n Pattern match: "http://fakeyou.com"\n Heuristic match: "fakeyou.com"\n Heuristic match: "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: fakeyou.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63fdd56ace3ff76e250d8f82', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220', u'104.196.30.220'], u'sha256': u'2a96acb6a11ab86bced4aba33d700808a6df7486ededb0db3e75f1d8e104.196.30.220
2023-05-12 03:15:36Physical LocationNoipstack0030NoneGermany207.154.228.169
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-experiments.github.io185.199.111.153
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr>
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:02:2D:04:09:0C)37.780462,-122.390564
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneTEO Network Enterprise (Net ID: 00:01:24:F0:B7:E1)37.7813933,-122.3918002
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NonePornhub Users (Category: XXXPORNXXX) https://www.pornhub.com/users/ayhuayhu
2023-05-12 02:44:27Software UsedYesTool - Wappalyzer0020NonePatreonnwapi.battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom67E1E4 (Net ID: 00:0C:F6:67:E1:E4)50.8897, 6.0563
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:0E:F4:FC)33.6170672,-111.90564645297056
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F2:68:C6)37.7813933,-122.3918002
2023-05-12 03:23:35Open TCP PortNoPulsedive0030None188.114.96.13:80188.114.96.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneChili Bean Cafe (Net ID: 00:02:61:19:70:71)34.0544, -118.244
2023-05-12 02:57:52Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/main/license)*/:root', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 14, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'christitus.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2560:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2560:120:WilError_01"\n "Local\\SM0:2560:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:2560:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:420:304:WilStaging_02"\n "Local\\SM0:420:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6500:304:WilStaging_02"\n "Local\\SM0:6500:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "msedge.exe" with commandline "--type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\\Microsof ..." (UID: 00000000-00006356), Spawned process "msedge.exe" with commandline "--type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAA ..." (UID: 00000000-00000420), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=network.mojom.NetworkService - ..." (UID: 00000000-00006500), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=storage.mojom.StorageService - ..." (UID: 00000000-00006936), Spawned process "msedge.exe" with commandline "--type=renderer --disable-client-side-phishing-detection --displ ..." (UID: 00000000-00002696), Spawned process "msedge.exe" with commandline "--type=renderer --disable-client-side-phishing-detection --displ ..." (UID: 00000000-00005140), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=asset_store.mojom.AssetStoreSe ..." (UID: 00000000-00004120), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00004536), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00002404), Spawned process "msedge.exe" with commandline "--type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu ..." (UID: 00000000-00006928), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00006236), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00004364), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00005160)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-21', u'name': u'Launches a browser', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Launches browser "msedge.exe" (UID: 00000000-00006356)\n Launches browser "msedge.exe" (UID: 00000000-00000420)\n Launches browser "msedge.exe" (UID: 00000000-00006500)\n Launches browser "msedge.exe" (UID: 00000000-00006936)\n Launches browser "msedge.exe" (UID: 00000000-00002696)\n Launches browser "msedge.exe" (UID: 00000000-00005140)\n Launches browser "msedge.exe" (UID: 00000000-00004120)\n Launches browser "msedge.exe" (UID: 00000000-00004536)\n Launches browser "msedge.exe" (UID: 00000000-00002404)\n Launches browser "msedge.exe" (UID: 00000000-00006928)\n Launches browser "msedge.exe" (UID: 00000000-00006236)\n Launches browser "msedge.exe" (UID: 00000000-00004364)\n Launches browser "msedge.exe" (UID: 00000000-00005160)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"<!DOCTYPE html>\n<html lang="en-US"><meta charset="utf-8">\n<title>Chris Titus Tech | Tech Content Creator</title>\n\n<meta name="author" content="Chris Titus">\n<meta name="description" content="Having Fun with Technology">\n\n\n\n<meta name="author" content="Chris Titus">\n<meta name="generator" content="Hugo 0.101.0" />\n\n mobile responsive meta -->\n<meta name="viewport" content="width=device-width\n initial-scale=1\n maximum-scale=5">\n\n Favicon -->\n<link rel="icon" href="https://christitus.com/images/favicon.png" type="image/x-icon">\n\n\n\n<script type="application/javascript">\nvar doNotTrack = false;\nif (!doNotTrack) {\n(function(i,s,o,g,r,a,m){i[\'GoogleAnalyticsObject\']=r;i[r]=i[r]||function(){\n(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),\nm=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)\n})(window,document,\'script\',\'https://www.google-analytics.com/analytics.js\',\'ga\');\nga(\'create\', \'UA-5817718-4\', \'auto\');\n\nga(\'send\', \'page" (Indicator: "send")\n "is Titus">\n<meta name="description" content="Having Fun with Technology">\n\n\n\n<meta name="author" content="Chris Titus">\n<meta name="generator" content="Hugo 0.101.0" />\n\n mobile responsive meta -->\n<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=5">\n\n Favicon -->\n<link rel="icon" href="https://christitus.com/images/favicon.png" type="image/x-icon">\n\n\n\n<script type="application/javascript">\nvar doNotTrack = false;\nif (!doNotTrack) {\n(function(i,s,o,g,r,a,m){i[\'GoogleAnalyticsObject\']=r;i[r]=i[r]||function(){\n(i[r].q=i[r].q||[]).push(arguments)}\ni[r].l=1*new Date();a=s.createElement(o)\n\nm=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)\n})(window,document,\'script\',\'https://www.google-analytics.com/analytics.js\',\'ga\');\nga(\'create\', \'UA-5817718-4\', \'auto\');\n\nga(\'send\', \'pageview\');\n}\n</script>\n\n\n\n<script>\n (function (w, d, s, l, i) {\n w[l] = w[l] || [];\n w[l].push({\n \'gtm.start\': new Date().getTime()\n" (Indicator: "send"), "event: \'gtm.js\'\n });\n var f = d.getElementsByTagName(s)[0]\n\n j = d.createElement(s)\n\n dl = l != \'dataLayer\' ? \'&l=\' + l : \'\';\n j.async = true;\n j.src = \'https://www.googletagmanager.com/gtm.js?id=\' + i + dl;\n f.parentNode.insertBefore(j, f);\n })(window, document, \'script\', \'dataLayer\', \'GTM-5JNJ8NL\');\n</script>\n\n\n\n<link rel="amphtml" type="text/html" href="https://christitus.com/amp/" title="Chris Titus Tech | Tech Content Creator" />\n<link rel="alternate" type="application/rss+xml" href="https://christitus.com/index.xml" title="Chris Titus Tech | Tech Content Creator" />\n<link rel="alternate" type="application/json" href="https://christitus.com/index.json" title="Chris Titus Tech | Tech Content Creator" />\n\n \n<link rel="preconnect" href="https://fonts.gstatic.com">\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<style crossorigin="anonymous" media="all" type="text/css" integrity="sha512-&#43;PN/fcoUb5XuLwnJWEg/QUlQ57vePLVQwn/BZpXTd9zB5zN6fEtzTpWtFS0fdl2BK2K0SSE0j/STHWxJkrpPLw==">/*!* Bo" (Indicator: "connect"), "amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}article\naside\nfigcaption\nfigure\nfooter\nheader\nhgroup\nmain\nnav\nsection{display:block}body{margin:0;font-family:-apple-system\nBlinkMacSystemFont\nsegoe ui\nRoboto\nhelvetica neue\nArial\nnoto sans\nliberation sans\nsans-serif\napple color emoji\nsegoe ui emoji\nsegoe ui symbol\nnoto color emoji;font-size:1rem;font-weight:400;line-height:1.5;color:#212529;text-align:left;background-color:#fff}[tabindex="-1"]:focus:not(:focus-visible){outline:0!important}hr{box-sizing:content-box;height:0;overflow:visible}h1\nh2\nh3\nh4\nh5\nh6{margin-top:0;margin-bottom:.5rem}p{margin-top:0;margin-bottom:1rem}abbr[data-original-title]\nabbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl\nol\nul{margin-top:0;margin-bottom:1rem" (Indicator: "bind"), "isplay:inline-block;margin-bottom:.5rem}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button\ninput\noptgroup\nselect\ntextarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button\ninput{overflow:visible}button\nselect{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}[type=button]\n[type=reset]\n[type=submit]\nbutton{-webkit-appearance:button}[type=button]:not(:disabled)\n[type=reset]:not(:disabled)\n[type=submit]:not(:disabled)\nbutton:not(:disabled){cursor:pointer}[type=button]::-moz-focus-inner\n[type=reset]::-moz-focus-inner\n[type=submit]::-moz-focus-inner\nbutton::-moz-focus-inner{padding:0;border-style:none}input[type=checkbox]\ninput[type=radio]{box-sizing:border-box;padding:0}textarea{overflow:auto;resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;max-width:100%;padding:0;margin-bottom:.5rem;font-size:1.5rem;line-height:inherit;color:inherit;white-space:normal}progress{vertical-align:baseline}[type=number" (Indicator: "select"), "ype=time].form-control{-webkit-appearance:none;-moz-appearance:none;appearance:none}select.form-control:focus::-ms-value{color:#495057;backgroun34.148.97.127
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider2030Nonehttps://funny.battleb0t.xyz/images/withat_3.jpghttps://funny.battleb0t.xyz/
2023-05-12 02:44:22Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.108.153
2023-05-12 02:53:49Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 926E:68C5:23DED94:340F30D:645D2C8B Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-klot8100050-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683827851.292615,VS0,VE22 Vary: Accept-Encoding X-Fastly-Request-ID: 7edd7f29f5c97925d836dfcf6284b65fe4dca468 2606:50c0:8000::153
2023-05-12 02:44:14IPv6 AddressNoDNS Resolver16010None2606:4700:3031::ac43:8709ayhu.xyz
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Nonecurve25519-sha256@libssh.org{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=nwapi2.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:03:27Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000justin000.github.io
2023-05-12 03:09:36Affiliate - Internet NameNoDNS Resolver0040None223.30.196.104.bc.googleusercontent.com104.196.30.223
2023-05-12 03:09:59Affiliate - Internet NameNoDNS Resolver1040Noneinbox.clientify.net165.232.113.82
2023-05-12 03:02:53Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.oldfluid.battleb0t.xyz
2023-05-12 03:00:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.30): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}172.67.135.9
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet2C26 (Net ID: 00:01:36:4F:2C:24)34.0544, -118.244
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:3C:B8:8B)33.6170672,-111.90564645297056
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"}
2023-05-12 03:23:11Open TCP PortNoPulsedive0030None188.114.96.1:8080188.114.96.0/24
2023-05-12 02:54:30Open TCP PortNoCensys0030None64.226.81.43:8064.226.81.43
2023-05-12 02:45:58Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fcopernicus.es%2Fdaniel.gomez%40copernicus.es', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_eac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_eac_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_eac_IE_EarlyTabStart_0xc48_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_eac_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_eac_IESQMMUTEX_0_331"\n "IsoScope_eac_ConnHashTable<3756>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3756"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.40.106:443"\n "102.37.125.193:443"\n "35.186.254.174:443"\n "104.18.10.207:443"\n "104.26.8.175:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "fonts.gstatic.com"\n "llink.to"\n "stackpath.bootstrapcdn.com"\n "tamannigeria.org"\n "track.salesflare.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "daniel.gomez@copernicus.es"\n Pattern match: "w@e.w"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B1E.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1938.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003772]\n "Cab1937.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1937.tmp]- [targetUID: 00000000-00003772]\n "Cab1B1D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1B1D.tmp]- [targetUID: 00000000-00003772]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Tar1B1E.tmp" has type "data"- Location: [%TEMP%\\Tar1B1E.tmp]- [targetUID: 00000000-00003772]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003772]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "anchor_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmYUtfBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla"- [targetUID: N/A]\n "~DF4104C3A156FD39C8.TMP" has type "data"- Location: [%TEMP%\\~DF4104C3A156FD39C8.TMP]- [targetUID: 00000000-00003756]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFB793AC7F13A190A4.TMP" has type "data"- Location: [%TEMP%\\~DFB793AC7F13A190A4.TMP]- [targetUID: 00000000-00003756]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003756]\n "~DFC3A186B09A1D8AC1.TMP" has type "data"- Location: [%TEMP%\\~DFC3A186B09A1D8AC1.TMP]- [targetUID: 00000000-00003756]\n "~DFA5A15892CE259FFA.TMP" has type "data"- Location: [%TEMP%\\~DFA5A15892CE259FFA.TMP]- [targetUID: 00000000-00003756]\n "~DFFFDE3D6507148FFE.TMP" has type "data"- Location: [%TEMP%\\~DFFFDE3D6507148FFE.TMP]- [targetUID: 00000000-00003756]\n "microsoft_PNG7_1_.png" has type "PNG image data 2096 x 771 8-bit colormap non-interlaced"- [targetUID: N/A]\n "_5F23AB45-DA89-11ED-AE70-080027198B7C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"www.google_1_.xml" has type "ASCII text with no line terminators"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fcopernicus.es%2Fdaniel.gomez%40copernicus.es"\n Pattern match: "https://llink.to"\n Pattern match: "https://www.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/recaptcha__en.js"\n Pattern match: "https://www.google.com/recaptcha/api2/\';(cfg[\'render\']=cfg[\'render\']||[]).push(\'onload\');w[\'__google_recaptcha_client\']=true;var"\n Pattern match: "MUID0E9D24B2F451684D29613641F5D56964msn.com/1025288302553631105309164827182731026838*"\n Pattern match: "fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf"\n Pattern match: "fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf"\n Pattern match: "fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf"\n Pattern match: "https://www.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/styles__ltr.css"\n Pattern match: "https://www.google.com/recaptcha/api2/"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "SUIDMmicrosoft.com/9216274053632031026955164499057731026838*MUID02215E7CD9936B0700024C8FD8DF6A54microsoft.com/1025287302553631105309164499057731026838*SRCHDAF=NOFORMmicr185.199.111.153
2023-05-12 02:54:13Netblock IPv6 MembershipNoCensys0040None2606:4700:3030::/482606:4700:3030::ac43:a8fc
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCORGI-2 (Net ID: 00:14:6C:7C:72:22)32.8608, -79.9746
2023-05-12 03:41:52HTTP HeadersNoCensys0030None{"Content_Length": ["315"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]}45.131.109.53
2023-05-12 03:24:50CountryNoCountry Name Extractor0040NoneGuernseyply.gg
2023-05-12 03:33:53Raw File Meta DataNoBinary String Extractor0040Nonehttp://ns.adobe.com/xap/1.0/ XPhotoshop 3.0 Photo Booth ICC_PROFILE mntrRGB XYZ acspAPPL -appl bdscm vcgt 0ndin >chad 8bTRC aagg desc Display 0daDK FnlNL bfiFI xitIT $viVN .skSK <zhCN $ruRU RenGB vfrFR vesXL "elGR 4svSE VtrTR fptPT zjaJP Dtext A l !H!u! "'"U" 'I'z' -A-v- /$/Z/ 050l0 676r6 7$7`7 :6:t: <'<e< > >`> ?!?a? B0BrB F"FgF P'PqP nmmod B`@$s eww<` FR'<c zR0f9 PFOPx 3nX7 U?.0H Xax9< z41jH @gc3nw9bq Kj @yS S`YdR pj2OL MZw'bp :'W9q 661:H SInxX \1<qXs\ mnMuV: TjO99 VgDer eA$tn: n3 3.y< y78$p o XfI \XYbs HmJ92 5m6s4W6 BMNnW Ye8-uc< -8-"z K1yeb WOCiB :sRWG p1A1w$ p!O9' 9_FTOO TNCaA pEz\3 '-fp? 7m9 z 6:WE: ?Ol<U $hpp@ K$_4e zDrA9 .>`x? \rKis zWGml NOAVR 9?S\. https://funny.battleb0t.xyz/images/jcqn.jpg
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneBug and issue tracking softwarecdn-185-199-111-153.github.com
2023-05-12 03:04:46Hosting ProviderNoHosting Provider Identifier0020NoneCloudflare Inc: https://www.cloudflare.com/104.21.6.166
2023-05-12 02:56:58Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:02:53 2023 GMT Not After : May 25 03:02:52 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2: 4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da: 27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc: 93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57: 82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a: 64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39: b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1: 1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e: 27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a: df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2: 6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86: a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d: 21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d: fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07: 24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34: 0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73: 29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b: 6b:f7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a3:c5:54:80:ec:15:48:8e:60:57:c2:56:21:02:dc:33:b2:67: 3c:b1:4d:e5:1f:de:da:ed:a7:e3:8d:b7:03:a3:f4:cc:b6:e1: 1e:b1:21:17:9e:36:0c:2a:fd:f3:0a:f5:98:b6:cc:3c:01:67: f2:0d:fc:88:12:e2:d6:83:96:22:f2:3a:bb:54:5e:67:b9:fa: 0b:ad:7a:8d:5d:db:b1:9d:a3:cb:38:99:91:47:54:50:04:49: 4c:4b:88:c5:e7:74:21:f3:ca:60:d8:72:6d:c3:a3:f9:c2:7e: 0b:52:23:2d:ac:85:06:0b:ad:5c:f7:db:13:07:0b:7b:6d:f5: 2f:d3:bc:b1:6b:2a:74:2f:9e:80:c3:aa:10:0b:63:bc:43:b6: 74:f7:8c:dd:83:d1:7d:5d:ba:58:70:ca:ea:2d:07:d9:a9:56: 60:b3:6e:29:b1:ee:a9:c9:ca:0f:33:89:8b:44:0b:de:d1:75: 1d:b7:8b:4c:86:7b:5b:32:c0:1e:15:9e:8b:ec:63:cf:99:d1: 62:4e:5a:85:07:ac:08:3d:a0:31:af:ac:50:c9:09:ed:b3:2e: 9f:e5:63:7d:b8:46:50:15:49:e6:16:2e:ad:ae:5c:d1:17:72: 04:af:52:88:b6:66:c9:13:ad:15:0a:c2:ba:2f:69:ae:eb:7a: 39:e4:67:40
2023-05-12 02:44:15Web TechnologyNoTool - Wappalyzer0020NoneExpressnwapi2.battleb0t.xyz
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007-liang.github.io] https://www.openphish.com/feed.txt007-liang.github.io
2023-05-12 02:55:02Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://pwn.college/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFDE0.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFE20.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "8.252.188.126:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_804_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2052"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_804_IESQMMUTEX_0_331"\n "IsoScope_804_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_804_IE_EarlyTabStart_0xf78_Mutex"\n "IsoScope_804_ConnHashTable<2052>_HashTable_Mutex"\n "IsoScope_804_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFE1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabFDDF.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003336]\n "~DFE21E09FE22C2FEB2.TMP" has type "data"- Location: [%TEMP%\\~DFE21E09FE22C2FEB2.TMP]- [targetUID: 00000000-00002052]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DFD99A0B0D863F67D1.TMP" has type "data"- Location: [%TEMP%\\~DFD99A0B0D863F67D1.TMP]- [targetUID: 00000000-00002052]\n "LHCS4QQD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LHCS4QQD.txt]- [targetUID: 00000000-00003336]\n "_1B7C6C58-B789-11ED-93A4-080027456658_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "O72WPLVL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O72WPLVL.txt]- [targetUID: 00000000-00002052]\n "favicon_6_.png" has type "PNG image data 32 x 32 8-bit colormap non-interlaced"- [targetUID: N/A]\n "RecoveryStore._1000B8DF-B789-11ED-93A4-080027456658_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF127C77FF0F1B432F.TMP" has type "data"- Location: [%TEMP%\\~DF127C77FF0F1B432F.TMP]- [targetUID: 00000000-00002052]\n "TarFDE0.tmp" has type "data"- Location: [%TEMP%\\TarFDE0.tmp]- [targetUID: 00000000-00003336]\n "CabFE1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFE1F.tmp]- [targetUID: 00000000-00003336]\n "JSJJ6FDH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JSJJ6FDH.txt]- [targetUID: 00000000-00002052]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bullet_1_.png" has type "PNG image data 24 x 10 16-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "NPYG33H2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NPYG33H2.txt]- [targetUID: 00000000-00003336]\n "VGWV1EI4.htm" has type "HTML document UTF-8 Unicode text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\VGWV1EI4.htm]- [targetUID: 00000000-00003336]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Alive"\n "ZrHl\\e+8Lny)lO\n"!IpRU[uItHN2[SEqtg{/>ITng1LRDNoGIYC[W^/"*/QbM+ekZer/B2HR/UyTD)X5?n97#z:?9y~<9>>~r\\=?<Ox\\>]CC(7\\q//?_\\zg{x:TM(BG\'\'b8qJ]j^\'J#u>L<j*WVt[b\\QXS([nfqs^zD^O\n?xrEI+%mN+%2Z>^$skV|=[ik?H;nzQ1f4.KeO#ipWe\'_SV/""I4OV6rQ292vMb-mf`@\nN}v_tpp~L_XD"cP_?sYcp&e%\nxjBk<tuNF1@6_D:>gx1I{cS~fk<\\~+?PqJ\nfAkU)e*VVJYrfr hta%6*mf\n\n.7*01Vx7s1EFTX2sHF%cR.fxy+bvtgi4ftV@\\vx%D"34cK `b5Z:Y%Iu)Gf(G\n`0mb2KV:,mg\nE<76W)@fRr)/JqaKq[B&.+(mJQ5?~\'5 v (8zhJs\n|(s3xG#a|1vUp,rpHyQ?AD^66C~obc*8\n\nE4seT<C&J:%:04h ]5B\'$^\'fj@tOd"6GC/sNYD\nl2rx}X-1ITlWJ;", "iLHE`*43\n&^$7b2i\n^_Cx(E F2EN,#?v7+wWSq5{w3m- NP_V3E11nS>>yVXS^]f`/T8n/`Tyl`f>.?rrt9}j5\\z}>~Q\\?/IN qVyZf-tYLegc"?6dM-\n$7@\nh2%kPm\nq4 5!,{z1%1(!.)j b`\np*##kL;ZD\nuvtK%IXKv|]#EKZVKw7CtK7Jcm<a")d&g#Z)xFGKcr=F^Mhs\nY@H9%cL\\Ys2[Q*t&]^tqu5x{sj2;;\'3jSn,J)/Z!DcP\nP[NF>fHXyIZCov(`@di\nk{\'\nUSW31N(38?Mv QboR#p|>1dP#l21bD.T #)uO =I BI7u.n`I9B6KWV+[OOM$DDP&tqxkGz4F+P2yjy`>9<.2Qd,4Lg-J>H<Qk7p-^l!fUd%\nXtby}QY{U(B,x\n+BZ\nNO%Ei7$\\+Jr:~f2&XzaF;rVV$`8$p<&HOrj.Pb\n/V;UCk\nD#o\n}9l2AM% `z VOa A1*)^6~7T/Cwk/ydSPHUIzY>y,sYZa( &ayX-1\n\'/wUr741c3f|k<D"\n "r`f5xJ+*4@icNg0V}b8\nB{J;e0Xvr`7"ywUA$?L*34r)?kXMD|\',"Da=bbXTG=x ^~xtV<1o,5|(u[Aw~IJ!.T.?[0IDY0~ng+m*GYz+v)iy0m(4%{hS/J!#J*8K\\[wk:-Q7S}v59\n~A0**ns\'ru~k@C)R)AAECg74~1m>Cb[Fxbo^Y"CwpgC\\lX%feH18 ,Z^.L87[RTzq-:=E-#k04"}}^^683Uzx73Ri|[.gfr6}rNO&jR5hulGjYhW64{c1~A A\n^P`P6 @OG;wdQV3Z0.yf!uw[\nTRb?Dp=F4\nNzBY*}j>h\\}UL20"(I7{IGx^0ta!)\n@9%O|grXu6drvt!)9v)|W0^*)h=|!e9w.//?lv\'pQ!YIgw/hcuHQ2(K*~4sEmn<1#L*<<M#>0%6wm&@MI:w.YW-]7.],d,^)E5y`>sVl[oNAp9![*/GTa<\'9leK1w@=->~Q05V8hv(xh@u_VOk6\'d\n2~rvH5}\n p;,Qj!zY U9Ra" V}ach\')&\'!Gm:", "mID#29Q\nLDlMUUw{W_[nH\nTO\nh7f*Ad4u|PV)Ko`n`rTtRBi$@FgarOu^)H~2\n\n%CnjT$UkEdTHQ}AS& IuwAnm}*-A=B?>9y%-\n3\\o|7at{B&N)Q%f|O(V\\m%|Oe[J1O<"G]bhw?-b*SMe*DIS_J2MU\\RYIIa JgI84,5=kM~\nI_~|-_Eo}dj?"}TL!)\\<2L6ccuZlL|>1eq=/I8_]u*.", "GET /assets/css/style.css?v=f0893638821a8444049e923a1938a171949f6fa9 HTTP/1.1\nAccept: text/css\n */*\nReferer: https://pwn.college/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Alive", "W[6~5!dySZl\n8AM="bxh+\\k8HH\\c/R@"\n4N;" u}#R;w50A`-IWr|Z% t :S C3i_}2\\:1si:|mk&$ReV4Vf\\@\\{#!SHMCd$NefD0{2kMf4q(LinJMB&#0},$g?(%KtJ\n{#tEcN=A9C1g*+)*D bPBR1YsvQPrJ*QL\'Vfz/,<cvr!!V7%*sF9O[u&slke}irZa A)=C}ws={:F\\(e;R"t[12:I{cn:>z\'=xQl}}\n,#YYIwz[+&H9Ra2:Q[Q1IQNQEpcA0Ey\';$R0"0IWX\nbSdT"j7k9p"9Q6s[HU)cv"d7B_[y@/@6*Nec`\\(_L6tGN2[)o{J\ny.*JHU\nsY6-\n#p5eoF$RQ*s6W!.G9WYN3lG\n]Kv)}}h{J[b[;i$sjP/jTHrV=fcc2tm4Muo6*Pm(M_bYnY9|7n/u?/i#9:wZU<K^Z;hux~}Zg?dLity"<ohfJk8;6FoDY\'AuT+"hU7Lb.8&Yp=L}uP"tc;7mLWol:??%n?1hG\'l5jTf\\pNeHn)a/23pg[\'?Q:tGZTrE+-T_C", "i", "GET /assets/images/bkg.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://pwn.college/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Alive", "GET /assets/images/bullet.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://pwn.college/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Aliv185.199.109.153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:02:DD:85:3E:34)33.617190550339146,-111.90827887019054
2023-05-12 02:46:49SSL Certificate - Issued toNoSSL Certificate Analyzer1030NoneC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app35.229.48.116
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:80104.21.6.166
2023-05-12 03:09:40Affiliate - Internet NameNoDNS Resolver0040None114.48.229.35.bc.googleusercontent.com35.229.48.114
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f605fb97f4259-EWR{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:20 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:20 GMT", "cf-ray": "7c5f605fb97f4259-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 02:57:23Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://kamekititamiko.com/favicon/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar38D6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3964.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003656) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3552 -s 132" (UID: 00000000-00003656)'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "DBWinMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f1c_IESQMMUTEX_0_519"\n "IsoScope_f1c_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f1c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3868"\n "IsoScope_f1c_IE_EarlyTabStart_0xfe8_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_f1c_ConnHashTable<3868>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3868"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3552 -s 132" (UID: 00000000-00003656)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"\n "52.155.62.95:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab38F6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab38D5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"~DFD25448FC7F6A6276.TMP" has type "data"- Location: [%TEMP%\\~DFD25448FC7F6A6276.TMP]- [targetUID: 00000000-00003868]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003576]\n "Cab38F6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab38F6.tmp]- [targetUID: 00000000-00003576]\n "725C371ABA02CD431C8DE4D18E4AA0CE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\725C371ABA02CD431C8DE4D18E4AA0CE]- [targetUID: 00000000-00003576]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003868]\n "~DF6FA7BF0440BF9C6E.TMP" has type "data"- Location: [%TEMP%\\~DF6FA7BF0440BF9C6E.TMP]- [targetUID: 00000000-00003868]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003868]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003868]\n "~DFC9E478F3FDB996C2.TMP" has type "data"- Location: [%TEMP%\\~DFC9E478F3FDB996C2.TMP]- [targetUID: 00000000-00003868]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003868]\n "NIC6QOUG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NIC6QOUG.txt]- [targetUID: 00000000-00003868]\n "Cab38D5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab38D5.tmp]- [targetUID: 00000000-00003576]\n "Tar38D6.tmp" has type "data"- Location: [%TEMP%\\Tar38D6.tmp]- [targetUID: 00000000-00003576]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003868]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003868]\n "J660SMBF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J660SMBF.txt]- [targetUID: 00000000-00003868]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003868]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003576]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00003576]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: kamekititamiko.com\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 287\nContent-Type: application/octet-stream\nDate: Thu, 04 Aug 2022 00:25:17 GMT\nEtag: "e6405d573aba92769e697fd5ae94bc9b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01G9K3W1TW651T5NWK91TD1HGM\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-96x96.png",\n "sizes": "96x96",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"- [Source: SSL_35.229.48.116]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: kamekititamiko.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "@}c%Av@^sp5xv=}K\n,]U+Dmr33I+\n\\;#s7o2&Tzo{]9k"- [Source: SSL_35.229.48.116]\n\n "ru:J{o#i@+)4BTi{o+[S"X=]4W*^!(*&\n75%v7$LF\nh"pW\'"z(V8!6Og\nZ6\'}9r[P4\'>h.\\\'Erfw\n{e9Gw)5{;!AZgi[<"- [Source: SSL_35.229.48.116]\n, " 8?~???y8?( @ `zv| {oTF&}*H~=858/AwL#3@_1*7IbeOG%a$|v&\n])RB!!-[?D&zHA\n4<O.mQ[\nh;_lrK/\'8m*AY/;nMY|?>( @W" ]@[e/Q&)*d"- [Source: SSL_35.229.48.116]\n, "DmNkK;/IwA"2#!dI!^Hz"5go1O\nyT>\'^xh)\ngc"- [Source: SSL_35.229.48.116]\n, "HTTP/35.229.48.116
2023-05-12 03:08:51Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12134.148.97.127
2023-05-12 02:44:28Co-Hosted Site - Domain NameNoDNS Resolver2020Nonecloudflaressl.comsni.cloudflaressl.com
2023-05-12 02:44:21SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1185.199.108.153
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.7734.74.170.74
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonereferrer-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneTrello (Category: social) https://trello.com/ayhuayhu
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.157): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:37Affiliate - Email AddressNoE-Mail Address Extractor0040Noneregistrar-abuse@cloudflare.com Domain Name: CLOUDFLARESSL.COM Registry Domain ID: 1877752347_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2023-03-17T11:06:38Z Creation Date: 2014-09-27T01:11:37Z Registry Expiry Date: 2032-09-27T01:11:37Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.CLOUDFLARESSL.COM Name Server: NS2.CLOUDFLARESSL.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 E6F95480B8B7B40CB784DEFF3DB68992C1A795554748DAB4CCE69FD298BD5F1F URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARESSL.COM Registry Domain ID: 1877752347_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2023-03-25T07:00:34Z Creation Date: 2014-09-27T01:11:37Z Registrar Registration Expiration Date: 2032-09-27T01:11:37Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com Name Server: ns1.cloudflaressl.com Name Server: ns2.cloudflaressl.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 02:54:22HTTP HeadersNoWeb Spider1020None{"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:22 GMT", "content-type": "text/html"}http://kekw.battleb0t.xyz/jar
2023-05-12 03:01:49Open TCP PortNoPulsedive0030None185.199.110.153:80185.199.110.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneArcorWirelessLAN3mKh (Net ID: 00:01:E3:57:D5:DD)50.1188, 8.6843
2023-05-12 02:44:26Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 26:cc:7f:01:c6:92:25:78:13:50:9e:48:80:75:15:57 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 Validity Not Before: Mar 23 22:37:05 2023 GMT Not After : Jun 21 22:37:04 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:aa:7b:81:42:e7:bb:ef:b8:0c:29:95:16:51:5f: 17:ef:12:01:ea:12:d1:38:f6:d6:ab:de:90:73:55: a4:af:cb:7c:f7:08:2e:7f:ec:c7:d3:07:5d:b2:f5: bb:41:e9:04:92:a8:3c:a4:cb:ef:73:55:b5:a9:bc: 5c:d1:be:26:4b:99:f3:8a:57:d8:c7:77:79:1d:0e: 70:31:81:bc:da:4a:73:41:e5:08:81:59:46:c7:d8: 68:74:56:c2:f6:64:23:af:1b:88:8f:72:bd:52:09: 2e:97:9b:f1:a4:cf:09:d8:89:91:91:ca:2e:06:41: a2:84:ad:0d:6a:df:00:95:f5:ec:e2:1e:49:48:18: 0a:3f:98:fa:06:a5:50:9f:7c:2c:20:19:c1:55:cd: 77:d2:89:47:dd:a9:ee:13:f6:2f:e2:48:87:26:a5: fd:85:17:06:37:b0:a9:d0:53:b4:4d:e3:4c:ec:0e: 83:60:b2:ad:ad:2d:44:08:30:33:b0:91:f7:b0:f8: 00:7f:d1:49:37:39:19:99:a3:59:5c:dc:4a:a0:c5: bd:ef:ae:e1:d6:c3:40:3c:f6:35:0e:db:7b:df:4f: 54:c4:bd:f6:3a:2c:2b:ff:c9:5b:e5:d2:e9:69:24: 02:0b:f7:c6:94:a2:a1:ed:73:64:15:f9:25:08:00: 3b:85 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E7:35:7E:35:FD:7B:BC:32:B5:C0:52:8C:76:D9:7D:F0:37:0A:7A:3D X509v3 Authority Key Identifier: keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8 Authority Information Access: OCSP - URI:http://ocsp.pki.goog/s/gts1p5/X4UdJFi-bqE CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.11129.2.5.3 X509v3 CRL Distribution Points: Full Name: URI:http://crls.pki.goog/gts1p5/QCTFvWRh6mE.crl CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 09:9f:cd:b5:43:3b:6a:2f:1d:c9:3b:c0:c8:50:40:4b:85:6c: a4:67:c0:ea:9c:ed:fa:82:03:5a:15:d9:da:e2:17:9e:f5:4d: 17:b3:27:61:b6:b3:76:a2:5c:3c:dc:1f:ca:d1:cf:2a:8c:c5: 9f:e1:42:b1:ce:4f:6c:8b:d7:5b:5d:4a:1a:37:bf:f7:48:1c: b0:1e:50:fd:1f:d7:83:b8:62:23:8e:ce:bc:13:38:47:cd:3d: 85:a8:0c:e6:2b:35:45:86:97:06:88:96:8f:aa:84:6c:ae:91: 25:1d:3c:c7:d6:f8:a1:4f:51:5e:ed:a9:fe:6b:22:98:84:a4: ef:b4:d3:2f:02:db:9e:b8:fb:29:cc:58:62:ad:6f:ac:48:dc: 16:46:0c:14:b4:34:7b:60:f1:ec:27:16:2b:4e:4a:c3:37:36: d0:34:81:c1:2b:54:8c:d5:17:57:ba:55:4c:71:58:26:4f:c6: 22:b8:65:ba:ad:e7:f5:f2:a8:04:c1:7d:df:11:ab:7d:f5:94: 7d:56:64:8a:41:7f:f4:d3:d7:1a:a0:c6:cc:e6:42:c8:ac:de: 6a:33:c1:21:70:bc:bd:6f:69:08:1f:8f:fa:9f:b7:aa:ca:2e: e6:b7:8f:15:ac:fb:89:0e:c0:5f:c0:b9:df:e8:c0:15:b9:87: ca:00:58:c5
2023-05-12 02:59:45Similar Domain - WhoisNoWhois1020NoneDomain Name: TAYHU.XYZ Registry Domain ID: D286586654-CNIC Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://cloudflare.com Updated Date: 2023-03-07T02:18:07.0Z Creation Date: 2022-03-31T20:18:56.0Z Registry Expiry Date: 2024-03-31T23:59:59.0Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Registrant State/Province: Hamburg Registrant Country: DE Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: PRANAB.NS.CLOUDFLARE.COM Name Server: JOCELYN.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: TAYHU.XYZ Registry Domain ID: D286586654-CNIC Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2023-03-09T21:53:06Z Creation Date: 2022-03-31T20:18:56Z Registrar Registration Expiration Date: 2024-03-31T23:59:59Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: Hamburg Registrant Postal Code: DATA REDACTED Registrant Country: DE Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Name Server: jocelyn.ns.cloudflare.com Name Server: pranab.ns.cloudflare.com DNSSEC: unsigned Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:45Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/ tayhu.xyz
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f8c5eeb1a42bf-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None6562 7451 (Net ID: 00:00:C5:D7:2F:EC)37.7813933,-122.3918002
2023-05-12 02:44:15Internet NameNoDNS Resolver2020Nonefluid.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneU+ACN (Net ID: 00:02:A8:81:E3:26)50.1188, 8.6843
2023-05-12 03:04:07Malicious IP on Same SubnetYesGreensnow0040Nonegreensnow.co [165.232.112.0/20] https://blocklist.greensnow.co/greensnow.txt165.232.112.0/20
2023-05-12 02:55:01HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5e4216390f2caf-ORD"]}188.114.96.1
2023-05-12 02:54:14Web Content TypeNoWeb Spider0020Nonetext/htmlkekw.battleb0t.xyz
2023-05-12 02:52:31SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 03:43:01 2023 GMT Not After : Jul 23 03:43:00 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78: 80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3: 3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f: 0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca: 83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd: bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e: 97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13: 69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39: 20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52: 01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51: 3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a: 29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0: 67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b: 4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11: bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06: 09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50: 68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25: 6b:ff Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 6e:83:25:66:25:1a:3d:8f:56:ff:c6:08:d8:7f:3e:06:71:b1: 38:70:e3:fc:72:2a:2d:17:39:ae:84:7f:28:90:6f:b9:3a:53: 70:c6:b9:f9:5c:8e:b6:f6:c9:24:b6:77:0f:70:91:82:5f:ac: 56:6c:08:4c:23:f5:3c:83:00:83:99:51:65:02:cf:77:c0:85: ba:ab:a0:9d:95:f2:a4:6b:60:04:68:4d:ab:64:a5:39:13:18: 4b:22:b6:3e:90:a8:e1:cb:6c:80:ed:eb:e8:db:09:6d:7d:c5: d7:7c:4e:0f:11:9f:9c:8c:8f:a2:2c:66:4c:ea:1f:42:07:c6: 45:55:f4:95:f7:e4:07:4c:aa:76:9c:20:37:d5:34:08:5d:ee: e2:cf:d2:d6:c0:28:79:06:9f:80:f2:b4:81:17:70:24:de:d7: df:3a:1c:d8:39:dc:4e:be:14:64:a2:ac:e4:0d:fd:e2:26:1c: 5b:a9:79:86:45:3c:74:3c:8d:5c:cc:03:b8:49:29:86:da:6b: 96:13:a0:71:5d:33:3b:08:b4:30:d2:63:d3:44:80:84:2e:62: 2f:23:c8:e2:cd:24:db:22:f1:8a:aa:49:97:34:12:ee:76:9f: d2:2b:73:15:a1:ca:90:11:c4:27:df:87:b0:88:a3:ea:c8:db: d6:03:72:a5 battleb0t.xyz
2023-05-12 02:56:57Internet NameNoDNS Resolver0040Nonekekw.battleb0t.xyz{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 02:48:16Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [{u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000001.68217.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000003.77575.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000000.66297.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000002.70138.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000000.66297.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000002.70138.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000001.68217.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000003.77575.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}], u'analysis_related_urls': [{u'url': u'https://pastebin.com/raw/tc6pk7rz', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 1, u'threat_score': 51, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': 4, u'submit_name': u'Yuzu Updater.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function addresses', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"YuzuUpdater.exe" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter DecodePointer (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter UrlIsW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter GetFileVersionInfoSizeW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter GetFileVersionInfoW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter VerQueryValueW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter FlsSetValue (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter LCMapStringEx (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter InitializeConditionVariable (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter SleepConditionVariableCS (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter WakeAllConditionVariable (UID: 00000000-00002400)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"YuzuUpdater.exe" failed to load missing module "api-ms-win-appmodel-runtime-l1-1-2.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-appmodel-runtime-l1-1-0.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-core-fibers-l1-1-1" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-core-localization-l1-2-1" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-core-quirks-l1-1-0.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\system32\\combase.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\uxtheme.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\iphlpapi.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\comctl32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\winhttp.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\psapi.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\rasapi32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\crypt32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\CRYPT32.dll" - [base:0; Status:c0000135]'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"YuzuUpdater.exe" loaded module "API-MS-WIN-APPMODEL-RUNTIME-L1-1-2.DLL" at base 0\n "YuzuUpdater.exe" loaded module "API-MS-WIN-APPMODEL-RUNTIME-L1-1-0.DLL" at base 0\n "YuzuUpdater.exe" loaded module "VERSION.DLL" at base 74880000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 72770000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 0\n "YuzuUpdater.exe" loaded module "KERNEL32" at base 760d0000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 0\n "YuzuUpdater.exe" loaded module "%WINDIR%\\MICROSOFT.NET\\FRAMEWORK\\V4.0.30319\\CLR.DLL" at base 68730000\n "YuzuUpdater.exe" loaded module "USER32.DLL" at base 75b10000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-QUIRKS-L1-1-0.DLL" at base 0\n "YuzuUpdater.exe" loaded module "%WINDIR%\\MICROSOFT.NET\\FRAMEWORK\\V4.0.30319\\MSCOREE.DLL" at base 0\n "YuzuUpdater.exe" loaded module "MSCOREE.DLL" at base 6caf0000\n "YuzuUpdater.exe" loaded module "%WINDIR%\\SYSTEM32\\COMBASE.DLL" at base 0\n "YuzuUpdater.exe" loaded module "PSAPI.DLL" at base 77550000\n "YuzuUpdater.exe" loaded module "RPCRT4.DLL" at base 75960000\n "YuzuUpdater.exe" loaded module "KERNEL32.DLL" at base 760d0000\n "YuzuUpdater.exe" loaded module "%WINDIR%\\ASSEMBLY\\NATIVEIMAGES_V4.0.30319_32\\MSCORLIB\\36EACC185.199.110.153
2023-05-12 02:44:17IPv6 AddressNoDNS Resolver0030None2606:50c0:8000::153www.battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneRowanLofts (Net ID: 00:02:2A:F0:3C:C7)34.0544, -118.244
2023-05-12 03:07:25Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.185.199.110.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonebinkyandwooby (Net ID: 00:01:24:F0:A5:3F)37.7642, -122.3993
2023-05-12 02:46:09Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://virtualvacation.us/private-room', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2036:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2036:120:WilError_01"\n "SM0:7152:120:WilError_01"\n "Local\\SM0:7152:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:7152:120:WilError_01"\n "Local\\SM0:2036:120:WilError_01"\n "SM0:2036:304:WilStaging_02"\n "Local\\SM0:2036:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2036:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2036:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.72.195:443"\n "104.18.11.207:443"\n "104.17.25.14:443"\n "192.229.173.207:443"\n "142.250.189.170:443"\n "142.251.46.170:443"\n "104.16.123.175:443"\n "172.64.133.15:443"\n "35.190.80.1:443"\n "172.217.164.104:443"\n "142.250.191.78:443"\n "107.22.57.98:443"\n "142.251.46.238:443"\n "142.250.101.156:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.nel.cloudflare.com"\n "maxcdn.bootstrapcdn.com"\n "secure-players.herokuapp.com"\n "use.fontawesome.com"\n "www.w3schools.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta property="twitter:card" content="summary_large_image">" (Indicator: "twitter")\n "<meta property="twitter:url" content="https://virtualvacation.us/private-room">" (Indicator: "twitter")\n "<meta property="twitter:title" content="Private Multiplayer Rooms - City Guesser">" (Indicator: "twitter")\n "<meta property="twitter:description" content="Multiplayer Video Guessing Game">" (Indicator: "twitter")\n "<a class="facebookBtn smGlobalBtn2" href="https://www.facebook.com/sharer/sharer.php?u=https://virtualvacation.us/multiplayer" ><i class="fab fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a class="twitterBtn smGlobalBtn2" href="https://twitter.com/intent/tweet?url=https://virtualvacation.us/multiplayer&text=Play City Guesser Multiplayer with me. You have to guess the location from the shown video!" ><i class="fab fa-twitter"></i></a>" (Indicator: "twitter")\n "<a class="googleplusBtn smGlobalBtn2" href="#" ><i class="fab fa-twitter"></i></a> -->" (Indicator: "twitter")\n "<a id="linkedin-id" class="linkedinBtn smGlobalBtn2" href="https://www.linkedin.com/shareArticle?mini=true&url=https://virtualvacation.us/multiplayer&title=&summary=Play City Guesser Multiplayer with me. You have to guess the location from the shown video!&source=" ><i class="fab fa-linkedin-in"></i></a>" (Indicator: "linkedin.com")\n "/* twitter button class*/" (Indicator: "twitter")\n ".twitterBtn{" (Indicator: "twitter")\n ".twitterBtn:before{" (Indicator: "twitter")\n "/* add twitter icon */" (Indicator: "twitter")\n ".twitterBtn:hover{" (Indicator: "twitter")\n "tag.src = "https://www.youtube.com/iframe_api";" (Indicator: "youtube")\n "// 3. This function creates an <iframe> (and YouTube player)" (Indicator: "youtube")\n "function onYouTubeIframeAPIReady() {" (Indicator: "youtube")\n "// history.pushState(null, null, \'https://twitter.com/hello\');" (Indicator: "twitter")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\MICROSOFT EDGE.LNK"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00002036]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2036_1795754548\\Filtering Rules]- [targetUID: 00000000-00002036]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00002036]\n "f_0004cd" has type "JPEG image data JFIF standard 1.01 aspect ratio density 96x96 segment length 16 Exif Standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Canva] baseline precision 8 3600x2027 components 3"- [targetUID: N/A]\n "f_0004d2" has type "data"- [targetUID: N/A]\n "f_0004d0" has type "Audio file with ID3 version 2.3.0"- [targetUID: N/A]\n "36053ad8-33ca-4cc8-ad02-1a6018f2deba.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 2259133"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002036]\n "f_0004d6" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d6]- [targetUID: 00000000-00003928]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00002036]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\2036_1795754548\\Filtering Rules-AA]- [targetUID: 00000000-00002036]\n "f_0004d3" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d3]- [targetUID: 00000000-00003928]\n "cbd129db-8abc-477a-bbc1-d1a29a1132a8.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 188574"- [targetUID: N/A]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\edge_autofill_field_data.json]- [targetUID: 00000000-00002036]\n "urlref_httpsvirtualvacation.usprivate-room" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00007152]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://virtualvacation.us/private-room"\n Pattern match: "https://virtualvacation.us"\n Heuristic match: "a.nel.cloudflare.com"\n Heuristic match: "maxcdn.bootstrapcdn.com"\n Heuristic match: "secure-players.herokuapp.com"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Heuristic match: "use.fontawesome.com"\n Pattern match: "www.w3schools.com"\n Pattern match: "https://maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css"\n Pattern match: "https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"\n Pattern match: "https://cdnjs.cloudflare.co185.199.111.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-nf-request-id: 01H06Y2WDQHNHJAAXWWVJBZZ5B{"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WDQHNHJAAXWWVJBZZ5B", "content-type": "text/html; charset=UTF-8", "age": "0"}
2023-05-12 02:44:18Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.111.153
2023-05-12 03:08:51Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.12234.148.97.127
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneZiggo13797 (Net ID: 00:04:E2:D8:5E:98)50.8897, 6.0563
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D"}],"group":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneORANJA (Net ID: 00:01:24:F4:53:15)52.3759, 4.8975
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None001cat.github.io185.199.111.153
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.208): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:22HTTP HeadersNoWeb Spider8030None{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}panel.battleb0t.xyz
2023-05-12 02:54:27Open TCP Port BannerNoCensys0040NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H05GB7HXKZRW69FWMYAA1JFJ Date: <REDACTED> Content-Length: 0 2600:1f18:2489:8202::c8
2023-05-12 02:46:40Malicious IP AddressYesFraudguard0120Noneabuse_tracker (risk level: 4) [185.199.108.153]185.199.108.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWTH (Net ID: 00:02:6F:21:EA:89)50.1188, 8.6843
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha1-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 03:08:52Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13034.148.97.127
2023-05-12 02:57:19Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lambent-longma-ea4632.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b44_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b44_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2884"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b44_IE_EarlyTabStart_0xb38_Mutex"\n "IsoScope_b44_ConnHashTable<2884>_HashTable_Mutex"\n "IsoScope_b44_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2884"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "_A767B09C-19C8-11ED-8BC0-0800274F5046_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._9C9A08CD-19C8-11ED-8BC0-0800274F5046_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002884]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003296]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003296]\n "DCANDC04.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DCANDC04.txt]- [targetUID: 00000000-00002884]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003296]\n "background_gradient_1_" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 1x800 frames 3"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003296]\n "~DF54FDA74F2C9D3CF9.TMP" has type "data"- Location: [%TEMP%\\~DF54FDA74F2C9D3CF9.TMP]- [targetUID: 00000000-00002884]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "_9C9A08CF-19C8-11ED-8BC0-0800274F5046_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF76A1EFBFA46D1AB7.TMP" has type "data"- Location: [%TEMP%\\~DF76A1EFBFA46D1AB7.TMP]- [targetUID: 00000000-00002884]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002884]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lambent-longma-ea4632.netlify.app\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 404 Not Found\nCache-Control: private, max-age=0\nContent-Type: text/plain; charset=utf-8\nServer: Netlify\nX-Nf-Request-Id: 01GA7RRDK6382CB4J0YXJRCNKG\nDate: Fri, 12 Aug 2022 00:55:07 GMT\nContent-Length: 50\n\nNot Found - Request ID: 01GA7RRDK6382CB4J0YXJRCNKG"- [Source: SSL_35.229.48.116]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://lambent-longma-ea4632.netlify.app/"- [Source: Input]\n Pattern match: "https://lambent-longma-ea4632.netlify.app"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: https://zippy-shortbread-03f361.netlify.app/ (AV positives: 15/88 scanned on 08/12/2022 00:18:47)\n URL: https://stalwart-kataifi-108318.netlify.app/?naps (AV positives: 3/89 scanned on 08/11/2022 23:01:34)\n URL: http://scintillating-bienenstitch-cd8159.netlify.app/ (AV positives: 11/88 scanned on 08/11/2022 21:54:42)\n URL: http://pommellsmarketing.com/ (AV positives: 1/88 scanned on 08/11/2022 21:21:03)\n URL: http://boblintown.wtf/ (AV positives: 1/88 scanned on 08/11/2022 21:01:09)\n File SHA256: b5e41d55aa954b191752a70e3034c91c20825af8b65fe2c709d28b25aa90f8ab (AV positives: 2/74 scanned on 07/30/2022 23:15:26)\n File SHA256: caf16699abb61a32fc60f7e822749eeb2f93bae1d29c037c3741a62e3b99d03f (AV positives: 8/73 scanned on 07/28/2022 23:29:37)\n File SHA256: 16d7a459dcc8bcdd8b62981852d62d7f7d70670ca2b0eb5e367e6ecce60181ac (AV positives: 23/75 scanned on 07/23/2022 23:08:28)\n File SHA256: ebc7b30a1d4892e47800a99f8e13bec72e1697e0c70b8c1627e1678256618653 (AV positives: 10/75 scanned on 07/23/2022 17:53:46)\n File SHA256: 1dd1a8dd4f876bac98671e060542cec1749a7375840690571f589e3a1279120e (AV positives: 1/73 scanned on 07/19/2022 11:55:41)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'3/88 Antivirus vendors marked sample as malicious (3% detection rate)'}], u'threat_level': 2, u'size': None, u'job_id': u'62f5a4518bfb7009a87660a0', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'35.229.48.116'], u'sha256': u'46e02f3d16603e5230418b021dd86036c13652e45ecaa2cdeb9280bcdefd5d71', u'sha512': u'8c7946178f9008752b8cb02de9fa8a5e2f645ad4bf11def9b4ec416f2f12c863a66b733014f11ca132740ee72a2c199873b07b0e8b670189d131649baa2d1aab', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://lambent-longma-ea4632.netlify.app/', u'35.229.48.116
2023-05-12 02:56:28Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [u'69.16.175.10', u'69.16.175.42', u'51.15.139.10', u'104.17.24.14', u'104.196.30.220', u'34.148.19.16'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://builder.zilliongigs.com/free/help56/mail?=17342', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"builder.zilliongigs.com"\n "www.upsitely.com"\n "ocsp.pki.goog"\n "code.jquery.com"\n "maindesk-userclient4.duckdns.org"\n "pxlme.me"\n "releases.jquery.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.33.83:80"\n "142.250.72.142:443"\n "172.217.14.244:443"\n "69.16.175.10:443"\n "142.251.211.225:443"\n "142.251.33.67:80"\n "69.16.175.42:443"\n "142.251.33.74:443"\n "51.15.139.10:443"\n "46.101.89.76:443"\n "104.17.24.14:443"\n "104.196.30.220:443"\n "34.148.19.16:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dd0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_dd0_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_dd0_IESQMMUTEX_0_303"\n "IsoScope_dd0_IESQMMUTEX_0_519"\n "IsoScope_dd0_ConnHashTable<3536>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_dd0_IE_EarlyTabStart_0xc38_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3536"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab26B4.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA]- [targetUID: 00000000-00003508]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003508]\n "css_5_.css" has type "ASCII text"- [targetUID: N/A]\n "spimeengine_1_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003508]\n "A16C6C16D94F76E0808C087DFC657D99_4B05E40FE390BF95A056D55633D1B46F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A16C6C16D94F76E0808C087DFC657D99_4B05E40FE390BF95A056D55633D1B46F]- [targetUID: 00000000-00003508]\n "unnamed_4_.png" has type "PNG image data 50 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "css_4_.css" has type "ASCII text"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003508]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003508]\n "TCASEBRB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TCASEBRB.txt]- [targetUID: 00000000-00003536]\n "xprs_helper_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "unnamed_1_.png" has type "PNG image data 50 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DF73B96DA26F860992.TMP" has type "data"- Location: [%TEMP%\\~DF73B96DA26F860992.TMP]- [targetUID: 00000000-00003536]\n "css_7_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._B2FE32CD-39EA-11ED-8CE8-0800273F99FE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab26B4.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab26B4.tmp]- [targetUID: 00000000-00003508]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /iframe_api HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://builder.zilliongigs.com/free/help56/mail?=17342\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.youtube.com\nDNT: 1\nConnection: Keep-Alive\nCookie: CONSENT=WP.2676ba" (Indicator: "youtube")\n "cess:function(y){if(d.onSuccess)d.onSuccess(y)},\nonError:function(y,z){if(d.onError)d.onError(z)},\nonFetchError:function(y){if(d.onError)d.onError(y)},\ntimeout:d.timeout,withCredentials:!0};g.headers["Content-Type"]||(g.headers["Content-Type"]="application/json");var h="";(f=a.config_.yb)&&(h=f);var k=a.config_.Ab||!1,l=Li(k,h,d);Object.assign(g.headers,l);(f=g.headers.Authorization)&&!h&&(g.headers["x-origin"]=window.location.origin);var m="/youtubei/"+a.config_.innertubeApiVersion+"/"+b,p={alt:"json"},u=a.config_.zb&&f;u=u&&f.startsWith(" (Indicator: "youtube")\n "bedCode=lo.prototype.getVideoEmbedCode;lo.prototype.getOptions=lo.prototype.getOptions;lo.prototype.getOption=lo.prototype.getOption;\nSn.push(function(a){var b=a;b||(b=document);a=gb(b.getElementsByTagName("yt:player"));var c=b||document;if(c.querySelectorAll&&c.querySelector)b=c.querySelectorAll(".yt-player");else{var d;c=document;b=b||c;if(b.querySelectorAll&&b.querySelector)b=b.querySelectorAll(".yt-player");else if(b.getElementsByClassName){var e=b.getElementsByClassName("yt-player");b=e}else{e=b.getElementsByTagName("*");var f={};for(c=d=0;b=e[c];c++){var g=b.className,h;if(h="function"==typeof g.split)h=0<=bb(g.split(/\\s+/),\n"yt-player");h&&(f[d++]=b)}f.length=d;b=f}}b=gb(b);E(fb(a,b),ro)});\n"undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Un();var so=A.onYTReady;so&&so();var to=A.onYouTubeIframeAPIReady;to&&to();var uo=A.onYouTubePlayerAPIReady;uo&&uo();}).call(this);" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://builder.zilliongigs.com/free/help56/mail?=17342"\n Pattern match: "http://builder.zilliongigs.com"\n Heuristic match: "builder.zilliongigs.com"\n Pattern match: "www.upsitely.com"\n Heuristic match: "code.jquery.com"\n Heuristic match: "maindesk-userclient4.duckdns.org"\n Heuristic match: "pxlme.me"\n Heuristic match: "releases.jquery.com"\n Heuristic match: "gth=e+f;for(var g=0;g<f;g++)a[e+g]=d[g]}else a.push(d)}}\n;function ib(a,b){for(var c in a)b.call(void 0,a[c],c,a)}\nfunction jb(a){var b=kb,c;for(c in b)if(a.call(void 0,b[c],c,b))return c}\nfunction lb(a,b){for(var c in a)if(!(c in b)||a[c]!==b[c])return!1;"\n Heuristic match: "f]=a[d],++f,++d,f==this.blockSize){vf(this,e);f=0;break}}this.j=f;this.m+=b}};\nuf.prototype.digest=function(){var a=[],b=8*this.m;56>this.j?this.update(this.l,56-this.j):this.update(this.l,this.blockSize-(this.j-56));for(var c=this.blockSiz104.196.30.220
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneStreamElements (Category: finance) https://streamelements.com/loginlogin
2023-05-12 02:54:21HTTP Status CodeNoWeb Spider0050None200http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 03:03:33Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io007us.github.io
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5b18b39c858117-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.71.14
2023-05-12 02:44:14IPv6 AddressNoDNS Resolver15010None2606:50c0:8001::153battleb0t.xyz
2023-05-12 03:13:04Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [000hen.github.io] https://www.openphish.com/feed.txt000hen.github.io
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCableWiFi (Net ID: 00:0D:67:65:A6:FC)32.8608, -79.9746
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneC=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.combattleb0t.xyz
2023-05-12 02:52:24Open TCP PortNoPulsedive0030None185.199.111.133:443185.199.111.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneAndrea Schwartz Gallery (Net ID: 00:01:9F:3D:4F:68)37.780462,-122.390564
2023-05-12 03:33:36Raw File Meta DataNoBinary String Extractor0040NonePLTE$ kyhNlC2D kShPAJ esyS_S@? txkST`ANdNO rXYuPYXHR XajGc dzvRt IDATx :7MV- '@crrX QK>@W vWP`Z tmv1q XEFi" 4@1hb a'c:3 2FRB> LHiiB YFI6D .f:9Lsy PDad6 k67iB 'phZQ _tJ/o8 qgd0 f D3f1c -\-u?V \e<<N X?YJa IDAT<mJ ISE>E >O$-' H T:1 g !A"B Ff<3Bz\ TQHocI Dp//> <U'Xk V M55j \T:x u>6N9z@ IDATB zt28zQ NL3:\m l?:6 _ycqP t1nT_ o !ABH FbaS\ d5hR8 sGr`G hFGxh\ \0.:H a$QEC o"5mw su<< f33Jt yNEEt IDATd 9LGKOA NwqWx s<N5xh dNHEJrV ?B v-zfB zX 9lkh 0cp/8 Pcwr` sP:\J> .H2Dy InIPC W$4n_ ?S5qq pRoh_ NsV`L XHhLy 1B 2"ND /U.m __OjA lcJE! Hyfoi Xlyfh/ rFtB6 `hPT/ c B/A ` a>A Zl>VEY Yq0Kxq4 Ye-wdW 3s7!B 4`0 V EwJ/.lsQ fyB0I0 Y"<XN/h C 3JE OLbC1 WhdHn l:ZLd Sq4RXv !4hgrhttps://pics.battleb0t.xyz/images/random_6.PNG
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHinaJasmin (Net ID: 00:01:E3:08:AE:FB)50.1188, 8.6843
2023-05-12 03:00:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.44): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030None3Com (Net ID: 00:14:7C:52:C6:E4)40.2024, 29.0398
2023-05-12 03:00:30Affiliate - Email AddressNoE-Mail Address Extractor0040Nonesntrup761x25519-sha512@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes128-gcm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 03:00:54Co-Hosted SiteNoHackerTarget2020None007ayong.github.io185.199.111.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneDNA (Net ID: 00:01:71:0B:C5:CC)52.3759, 4.8975
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneGitLab - GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmytro Zaporozhets and Dutch developer Sytse Sijbrandij.cdn-185-199-111-153.github.com
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonecpcontacts.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d
2023-05-12 02:54:30Software UsedYesCensys0030Nonenginx nginx64.226.81.43
2023-05-12 02:55:21Software UsedYesCensys0030NoneCaddyServer Caddy207.154.228.169
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}172.67.168.252
2023-05-12 03:09:26SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 09:6b:82:e9:73:99:94:ba:fd:55:b0:21:db:c7:c8:bf Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 Validity Not Before: Aug 3 00:00:00 2022 GMT Not After : Aug 2 23:59:59 2023 GMT Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:76:16:8f:f9:e3:b6:aa:dc:0b:91:40:d8:f1:ee: e8:7f:8e:97:0e:7d:bd:b0:c5:93:63:66:fa:7b:4f: 17:a1:09:ff:20:68:33:a3:45:37:1f:e8:4b:eb:77: 53:b6:57:60:ef:a1:af:f1:36:97:26:c7:fa:95:e9: 9a:ab:1a:dd:7d ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F X509v3 Subject Key Identifier: 18:B9:52:2C:13:17:3E:3A:39:88:53:5C:BD:9C:BE:05:0B:02:25:90 X509v3 Subject Alternative Name: DNS:cdnjs.cloudflare.com, DNS:*.cdnjs.cloudflare.com, DNS:sni.cloudflaressl.com X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl Full Name: URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt X509v3 Basic Constraints: critical CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Aug 3 19:12:00.178 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:35:9E:7D:1C:03:B8:4A:87:C0:13:01:D5: 28:AD:64:70:5B:10:FC:72:88:58:48:7A:E3:4C:D5:27: DB:76:00:22:02:20:12:E0:E2:34:44:22:24:C1:E5:7A: 25:12:AD:9E:F8:88:A1:A0:65:AF:1A:76:C9:03:41:4F: 8A:70:C8:E6:BA:DA Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB: B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C Timestamp : Aug 3 19:12:00.017 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:EE:6E:D3:CF:4A:8A:13:16:AB:6B:C2: F7:32:B6:2A:5B:13:45:7A:44:ED:3B:86:8B:85:F4:94: BA:E0:8C:12:60:02:21:00:8C:46:CA:E7:C6:A7:69:C8: 22:62:61:BA:E1:29:8F:BC:3C:BF:F4:A2:81:44:80:DA: F5:C9:B6:E6:AF:CD:A6:FB Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09: 4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A Timestamp : Aug 3 19:12:00.038 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:E5:0C:F6:4E:3C:40:01:1A:EC:D8:91: 2D:69:6A:1C:FF:4F:75:55:8C:D7:D2:38:86:36:36:FA: EE:4F:65:29:FC:02:21:00:9F:BC:3F:8A:93:C7:A2:ED: F5:94:99:85:01:90:F2:60:36:3B:2E:03:0E:E0:46:5E: 8C:3E:16:39:2B:64:D1:78 Signature Algorithm: ecdsa-with-SHA256 30:45:02:21:00:d8:35:e0:5c:fe:c9:39:b4:06:5a:95:36:1c: 73:f4:85:1c:c5:6e:6b:ef:48:76:d6:7f:a3:fe:55:ed:82:7f: c5:02:20:7f:8c:86:3a:6f:04:3e:0d:d7:cc:87:51:a8:0d:5c: ce:bc:93:88:aa:35:4a:5c:02:bb:47:5c:7c:87:7b:21:de 188.114.96.1
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneBlogspot (Category: blog) http://ayhu.blogspot.comayhu
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider0020Nonehttp://kekw.battleb0t.xyzkekw.battleb0t.xyz
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneDCO (Net ID: 00:0C:41:66:5E:C3)33.617190550339146,-111.90827887019054
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:01:24:F0:62:49)33.336199,-111.89446440830702
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneSobe5 (Net ID: 00:14:C1:15:47:B3)40.2024, 29.0398
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonexfinitywifi (Net ID: 00:0D:67:2F:5E:C6)39.0469, -77.4903
2023-05-12 03:03:30Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0066cc.github.io
2023-05-12 03:38:37Blacklisted Affiliate IP AddressYesUCEPROTECT0040NoneUCEPROTECT - Level 2 (some false positives) (207.154.228.159)207.154.228.159
2023-05-12 02:45:35Affiliate - Internet NameNoDNS Raw Records1010Nonebrett.ns.cloudflare.comayhu.xyz
2023-05-12 03:03:22Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0.crimson-perch.github.io
2023-05-12 02:54:44Open TCP PortNoCensys0030None35.229.48.116:8035.229.48.116
2023-05-12 02:54:17Open TCP PortNoCensys0040None2606:4700:3037::6815:470e:4432606:4700:3037::6815:470e
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX55157320C (Net ID: 00:01:E3:57:32:0C)52.3759, 4.8975
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNet55FA (Net ID: 00:01:36:59:55:F8)37.7813933,-122.3918002
2023-05-12 02:58:40Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://sprk.art/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_688_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_688_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1672"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_688_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_688_IESQMMUTEX_0_303"\n "IsoScope_688_ConnHashTable<1672>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_688_IE_EarlyTabStart_0xb80_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar6E6E.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar6E5E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab6C48.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "Cab6D92.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "E74NBAN0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E74NBAN0.txt]- [targetUID: 00000000-00001672]\n Dropped file: "LMADHRH0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LMADHRH0.txt]- [targetUID: 00000000-00001672]\n Dropped file: "H0X2P6A4.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H0X2P6A4.txt]- [targetUID: 00000000-00003496]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001672]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003496]\n "RecoveryStore._FBA2F861-49C5-11ED-8C32-0800274FC8E2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar6E6E.tmp" has type "data"- Location: [%TEMP%\\Tar6E6E.tmp]- [targetUID: 00000000-00003496]\n "~DF86C9B3E24D11C32F.TMP" has type "data"- Location: [%TEMP%\\~DF86C9B3E24D11C32F.TMP]- [targetUID: 00000000-00001672]\n "A5E781EB8B970D49C10F5404D22E5FD7" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A5E781EB8B970D49C10F5404D22E5FD7]- [targetUID: 00000000-00003496]\n "E74NBAN0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E74NBAN0.txt]- [targetUID: 00000000-00001672]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001672]\n "LMADHRH0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LMADHRH0.txt]- [targetUID: 00000000-00001672]\n "Tar6E5E.tmp" has type "data"- Location: [%TEMP%\\Tar6E5E.tmp]- [targetUID: 00000000-00003496]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003496]\n "Cab6C48.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"- Location: [%TEMP%\\Cab6C48.tmp]- [targetUID: 00000000-00003496]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001672]\n "~DF5FC6F40784D161C2.TMP" has type "data"- Location: [%TEMP%\\~DF5FC6F40784D161C2.TMP]- [targetUID: 00000000-00001672]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00001672]\n "H0X2P6A4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H0X2P6A4.txt]- [targetUID: 00000000-00003496]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sprk.art\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 426\nContent-Type: application/octet-stream\nDate: Wed, 12 Oct 2022 02:27:31 GMT\nEtag: "ed0b712b25ea3f6f62eb5eaeffcc657b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GF509F5VPQVTCDTRVY512617\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-192x192.png",\n "sizes": "192x192",\n "type": "image/png"\n },\n {\n "src": "/android-chrome-512x512.png",\n "sizes": "512x512",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: sprk.art\nDNT: 1\nConnection: Keep-Alive"\n "Wk(Ak(j)4FFB".....g}n~le.g\ng\ng\n)F F F!..I....Dt9vvvvvwxiuNG!<F%>F$_4b1xc0c0c01F$F$F$[.....imnnnnon\'KF\'sE)E\'F&[8^6p_5_4_4_4,E(E(E(.o....e9ffffgkG\'DE-E\nE+^E)X;Z:Z9[9[9[9Z9)E\nE\nE\n-+.... ] ^ ^ ^_bF.WE1E0E/QT?$V>V=V=V=V=V=E?C1E0E0E0<a^.... !S!U!V!V!VRF0<E4E4E4rA&PC3RBRARARARARARAsE5EE4E4E4_-{...\'"M"M"M"M!NMM\nE9E8E8E7LG\'NFNFNFNFNFNFNFNE#E9E8E8E8g *H...\'#E%#E#E#FE<VE<E<E<\\GMIJJJJJJJJJJJJJJIkD=1E=E<E<E;<: %---", "$=&$=$=#=dDAD@D@D@EO3ENENENENENENFNBL\n;BDAD@D@D@F7R\n---%5%5%5#0/G4DEDEDDDCASkASASASASASBRBPDEdDEDEDEDD%c---&.&-&-EFFDIDIDH=W=W=W=W=W>Vi>TDJJDIDIDIDHDH/Wk~-~-&)\'%\'%DLjDMDMDM8\\9[9[9[9[:ZQ.WDNJDMDMDMDMDLQj}-}-W\'"w\'"DQDQDQDQ}4`4`4`5_6^P@TDRZDQDQDQDQDPDO$7_|-|-%\'">\'"CUCUCUCU0c0d0d1cl@WCVlCUCUCUCUCUDT^J|-||-\'"\'"[CYCYCYCY-e/e/e+f\nXCZlCYCYCYCYCYCXCTd.%\'|-B\'"\'"C]C]C]C]C^/e/eIC^LC]C]C]C]C]C\\C[9*$|-CaCaCaCaCa/e#e\n@bCaCaCaCaCaC`C_+/v~+|-CeyCeCeCeCe<CevCeCeCeCeCeCc:z|}}}}~]Ci]CiCiCiCiCjCiCiCiCiCiChDlvvwwwwwxBm<BmBmBmBmBnBmbBmBmBmBmBljoKpqpppqBpBqBqBqBqBqyBvBqBqBqBqBqBohjjjjjjl/BsBuBuBuBuBuBvSBuBuBuBuBtU VcddddddnByaByByByByByByByByByBx \\) ] ] ] ] ] ^_\'B|B}B}B}B}B}B}B}B}B}!Vo W W W W W XoBAAAAAAABh"N!P!Q!Q!Q!Q!Q!SA%AAAAAAAAF"J"J"J"J"J"J"LAAkAAAAAAA2#D#D#D#D#D#D"KA\nAAAAAAA)$>$=$=$=$>#>9A#AAAAAA&$8$7$7$7$7$9\nA3AAAAA)%6%1%1%1%1A4AAAA3&+b&*&*&*A\'AAAD\'&\'$\'$\'$AAAK\'"z\'"\n "w|;fB69?0.#$=##>APH>eBPENJLFBCDWw8+%&)4nCNVPR6[?XzHPwDK7|Zp=Y\' 0N1CYT\\Y-dbG\\zCYCVr8!AmCeDfnKg<CeDa"Z|~sCaBpBrBrBo/@hko&B{XB}B}Cz Tt W ZyAAAAf"@#E"JA.AB`$-%1A+C1& <\'#y\'"\'"?\'"_WW/_??", "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 1\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 15086\nContent-Type: image/vnd.microsoft.icon\nDate: Wed, 12 Oct 2022 02:27:34 GMT\nEtag: "832bb1c355ca71f3a980bf4134.74.170.74
2023-05-12 02:45:54Physical CoordinatesNoAbstractAPI94040None39.0469, -77.49032600:1f18:2489:8200::c8
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.35): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:12:12Co-Hosted Site - Domain WhoisNoWhois3040NoneDomain Name: scoop.sh Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS Registrar WHOIS Server: whois.gandi.net Registrar URL: https://www.gandi.net Updated Date: 2022-05-25T08:13:34Z Creation Date: 2013-06-20T11:02:06Z Registry Expiry Date: 2023-06-20T11:02:06Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: QLD Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: ns-1530.awsdns-63.org Name Server: ns-604.awsdns-11.net Name Server: ns-308.awsdns-38.com Name Server: ns-1776.awsdns-30.co.uk DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain Name: scoop.sh Registry Domain ID: UNDEF-ROID Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2023-04-21T08:07:40Z Creation Date: 2013-06-20T09:02:06Z Registrar Registration Expiration Date: 2023-06-20T11:02:06Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Name Server: NS-604.AWSDNS-11.NET Name Server: NS-1776.AWSDNS-30.CO.UK Name Server: NS-308.AWSDNS-38.COM Name Server: NS-1530.AWSDNS-63.ORG Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/ scoop.sh
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.231): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:27Raw Data from RIRsNoURLScan.io1010None[{u'sort': [1679937961810, u'be713cda-cf3f-49bd-91b6-e8517dc017bf'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'tags': [u'falconsandbox'], u'url': u'http://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-27T17:26:01.810Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 0, u'encodedDataLength': 0, u'requests': 1, u'dataLength': 0}, u'screenshot': u'https://urlscan.io/screenshots/be713cda-cf3f-49bd-91b6-e8517dc017bf.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/be713cda-cf3f-49bd-91b6-e8517dc017bf/', u'_id': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'page': {u'url': u'http://kekw.battleb0t.xyz/jar', u'domain': u'kekw.battleb0t.xyz', u'apexDomain': u'battleb0t.xyz'}}, {u'sort': [1679768811151, u'4b027c18-4e16-4bfc-8793-6295946cceb7'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'https://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-25T18:26:51.151Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 84, u'requests': 1, u'dataLength': 11}, u'screenshot': u'https://urlscan.io/screenshots/4b027c18-4e16-4bfc-8793-6295946cceb7.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/4b027c18-4e16-4bfc-8793-6295946cceb7/', u'_id': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'page': {u'mimeType': u'text/plain', u'status': u'502', u'domain': u'kekw.battleb0t.xyz', u'url': u'https://kekw.battleb0t.xyz/jar', u'country': u'DE', u'tlsValidFrom': u'2023-03-23T21:24:09.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'tlsIssuer': u'Easypanel', u'tlsValidDays': 3650, u'ip': u'64.226.81.43', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 1, u'asn': u'AS14061'}}, {u'sort': [1678573216685, u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:20:16.685Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea/', u'_id': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}, {u'sort': [1678573191537, u'd8289b22-dbac-48d2-856a-e99fe632406b'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:19:51.537Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/d8289b22-dbac-48d2-856a-e99fe632406b.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/d8289b22-dbac-48d2-856a-e99fe632406b/', u'_id': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}]battleb0t.xyz
2023-05-12 03:31:30Affiliate - Email AddressNoE-Mail Address Extractor0060Noneabuse@nicproxy.com Domain Name: KEYUBU.COM Registry Domain ID: 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registry Expiry Date: 2023-07-31T21:39:32Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: KEYUBU.COM Registry Domain ID : 2292564494_DOMAIN_COM-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2022-07-15T17:58:33Z Creation Date: 2018-07-31T21:39:32Z Registrar Registration Expiration Date: 2023-07-31T21:39:32Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: ADANA Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: LLOYD.NS.CLOUDFLARE.COM Name Server: MOLLY.NS.CLOUDFLARE.COM DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 03:00:29Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes128-gcm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}}
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:02:2D:00:21:01)37.780462,-122.390564
2023-05-12 02:55:11Software UsedYesCensys0020NonePHP 7.4.3387.248.157.102
2023-05-12 03:09:44Affiliate - Internet NameNoDNS Resolver0040None129.97.148.34.bc.googleusercontent.com34.148.97.129
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.120): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.207): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NoneInformation technology companies of Englandbaffin.netcraft.com
2023-05-12 03:11:19Raw Data from RIRsNoAbstractAPI0020None{u'city': u'Bursa', u'security': {u'is_vpn': False}, u'city_geoname_id': 750269, u'region_geoname_id': 750268, u'country': u'Turkey', u'region': u'Bursa', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'Dgn Teknoloji A.s.', u'isp_name': u'Shiraz-University', u'organization_name': u'Shiraz University', u'autonomous_system_number': 43260}, u'continent_code': u'AS', u'currency': {u'currency_name': u'Lira', u'currency_code': u'TRY'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/TR_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/TR_flag.png', u'unicode': u'U+1F1F9 U+1F1F7', u'emoji': u'\U0001f1f9\U0001f1f7'}, u'postal_code': u'16350', u'longitude': 29.0398, u'country_code': u'TR', u'timezone': {u'abbreviation': u'+03', u'gmt_offset': 3, u'is_dst': False, u'name': u'Europe/Istanbul', u'current_time': u'06:11:18'}, u'latitude': 40.2024, u'country_geoname_id': 298795, u'continent_geoname_id': 6255147, u'country_is_eu': False, u'ip_address': u'87.248.157.102', u'continent': u'Asia', u'region_iso_code': u'16'}87.248.157.102
2023-05-12 02:44:15IPv6 AddressNoDNS Resolver0030None2606:4700:3037::6815:470efluid.battleb0t.xyz
2023-05-12 02:54:27BGP AS MembershipNoCensys0040None146182600:1f18:2489:8202::c8
2023-05-12 02:55:15Software UsedYesCensys0030Nonenginx nginx 1.18.0165.232.113.85
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCableWiFi (Net ID: 00:0D:67:37:7A:7B)39.0469, -77.4903
2023-05-12 03:02:26Software UsedYesTool - Wappalyzer0020NoneCloudflarewww.ayhu.xyz
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneBIGO Live (Category: gaming) https://www.bigo.tv/user/ayshooayshoo
2023-05-12 02:54:44Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H06KNWSV7RTZ7MSA7BNCK843 Date: <REDACTED> Content-Length: 0 35.229.48.116
2023-05-12 02:50:27Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.activestate.com/products/perl/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6456:304:WilStaging_02"\n "Local\\SM0:6456:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6456:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"13.227.74.81:443"\n "138.91.254.96:443"\n "13.227.74.26:443"\n "142.250.189.174:443"\n "104.16.184.65:443"\n "185.199.108.153:443"\n "104.17.211.243:443"\n "142.251.32.34:443"\n "104.17.212.243:443"\n "23.55.103.97:443"\n "13.227.74.25:443"\n "13.227.74.111:443"\n "151.101.1.131:443"\n "104.18.135.59:443"\n "13.227.74.121:443"\n "157.240.22.25:443"\n "142.250.101.156:443"\n "216.239.38.181:443"\n "54.219.220.207:443"\n "13.227.74.73:443"\n "13.227.74.69:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"59e3fd97d0784951aaf980d5dbb23a79.events.ubembed.com"\n "59e3fd97d0784951aaf980d5dbb23a79.js.ubembed.com"\n "59e3fd97d0784951aaf980d5dbb23a79.pages.ubembed.com"\n "activestate.github.io"\n "ajax.googleapis.com"\n "analytics.google.com"\n "api.edgeoffer.microsoft.com"\n "api.hubspot.com"\n "assets.ubembed.com"\n "builder-assets.unbounce.com"\n "cdn.activestate.com"\n "cdn.heapanalytics.com"\n "cdn.linkedin.oribi.io"\n "connect.facebook.net"\n "d2xxq4ijfwetlm.cloudfront.net"\n "epsilon.6sense.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms-na1.hsforms.com"\n "forms.hscollectedforms.net"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "heapanalytics.com"\n "js.hs-analytics.net"\n "js.hs-banner.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "px.ads.linkedin.com" (Indicator: "dir "; File: "PCAP")\n Found string "www.facebook.com" (Indicator: "dir "; File: "PCAP")\n Found string "www.linkedin.com" (Indicator: "dir "; File: "PCAP")\n Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00005804]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005804]\n "wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\\5804_613645668\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00005804]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\5804_613645668\\wallet.bundle.js]- [targetUID: 00000000-00005804]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\5804_345640691\\Filtering Rules]- [targetUID: 00000000-00005804]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\5804_613645668\\edge_driver.js]- [targetUID: 00000000-00005804]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5804_613645668\\vendor.bundle.js]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00005804]\n "c4f2a21b-1d0c-4869-a5c9-82d03712e897.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 52082"- Location: [%TEMP%\\c4f2a21b-1d0c-4869-a5c9-82d03712e897.tmp]- [targetUID: 00000000-00005804]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5804_613645668\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00005804]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00005804]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00005804]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5804_613645668\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00005804]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5804_613645668\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00005804]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5804_613645668\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00005804]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5804_613645668\\Notification\\notification.bundle.js]- [targetUID: 00000000-00005804]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00005804]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\5804_345640691\\Filtering Rules-AA]- [targetUID: 00000000-00005804]\n "000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000014.ldb]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft185.199.108.153
2023-05-12 02:44:12SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CAkekw.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneadrilankha (Net ID: 00:06:25:66:F5:F2)33.336199,-111.89446440830702
2023-05-12 03:09:43Affiliate - Internet NameNoDNS Resolver0040None125.97.148.34.bc.googleusercontent.com34.148.97.125
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget1020None0.church185.199.111.153
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [01001101ck.github.io] https://www.openphish.com/feed.txt01001101ck.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneCarlsJr_Wireless (Net ID: 00:0C:42:6B:5A:82)33.6170672,-111.90564645297056
2023-05-12 02:58:30Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://southgate.ai/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_8a8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_8a8_IESQMMUTEX_0_519"\n "IsoScope_8a8_IE_EarlyTabStart_0xb94_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8a8_ConnHashTable<2216>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2216"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_8a8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8a8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1513.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar14E2.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.164.10:443"\n "142.250.31.95:443"\n "104.16.87.20:443"\n "142.250.188.200:443"\n "34.74.170.74:443"\n "142.251.163.94:443"\n "172.253.122.155:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "ACP1XSAW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ACP1XSAW.txt]- [targetUID: 00000000-00002216]\n Dropped file: "E1RPTRSJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E1RPTRSJ.txt]- [targetUID: 00000000-00003504]\n Dropped file: "6SDWGML8.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6SDWGML8.txt]- [targetUID: 00000000-00003504]\n Dropped file: "TOQ8R1LZ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TOQ8R1LZ.txt]- [targetUID: 00000000-00003504]\n Dropped file: "8AFC20ZQ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8AFC20ZQ.txt]- [targetUID: 00000000-00003504]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1512.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab14E1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "latex.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003504]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "vendor-bundle.min.c7b8d9abd591ba2253ea42747e3ac3f5_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "instantsearch.production.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "~DF4ED835C2140DC3C0.TMP" has type "data"- Location: [%TEMP%\\~DF4ED835C2140DC3C0.TMP]- [targetUID: 00000000-00002216]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._5E4C1B7D-7577-11ED-BDC3-080027DA0E36_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF52C41F7A5B885E2E.TMP" has type "data"- Location: [%TEMP%\\~DF52C41F7A5B885E2E.TMP]- [targetUID: 00000000-00002216]\n "JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM70w9_1_.woff" has type "Web Open Font Format TrueType length 51152 version 1.1"- [targetUID: N/A]\n "_692F3876-7577-11ED-BDC3-080027DA0E36_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "GC2JP03J.htm" has type "HTML document UTF-8 Unicode text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\GC2JP03J.htm]- [targetUID: 00000000-00003504]\n "logo_hud805459e1585bd759bb2db1da4556ab3_12226_0x70_resize_lanczos_3_1_.png" has type "PNG image data 560 x 70 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DF58E90E44EE511DCA.TMP" has type "data"- Location: [%TEMP%\\~DF58E90E44EE511DCA.TMP]- [targetUID: 00000000-00002216]\n "netlify-identity-widget_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "saioutcome1-poster_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 1248x702 components 3"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "cookieconsent.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://southgate.ai/"\n Pattern match: "https://southgate.ai"\n Heuristic match: "cdn.jsdelivr.net"'}], u'threat_level': 0, u'size': None, u'job_id': u'638f679fb1d2070160672c24', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'172.67.164.10', u'142.250.31.95', u'104.16.87.20', u'142.250.188.200', u'34.74.170.74', u'142.251.163.94', u'172.253.122.155'], u'sha256': u'c4919dc5ebcf054490c8ebabbb453b631c7d016ba87624dd98df4535c94ee593', u'sha512': u'416295b19343a55ad008e5d040d557f23faa8f3f408a08b705180cabac4cc0f2c7ac041b85ea2bfe88c7898028eba01fbc354b9a3a5a87f71af169b394978ae3', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://southgate.ai/', u'submission_id': u'638f679fb1d2070160672c25', u'created_at': u'2022-12-06T16:02:39+00:00', u'filename': None}], u'analysis_start_time': u'2022-12-06T16:02:39+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 7, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'5ee7036b0ff5a48e7c65fdf244332b48', u'network_mode': u'default', u'processes': [], u'sha1': u'db6bec1322306bff607b711410ce9b65d4a08a9d', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None,34.74.170.74
2023-05-12 02:44:08Internet NameNoCertSpotter33010Nonefunny.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:00:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.28): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:25Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.109.153
2023-05-12 02:54:20HTTP HeadersNoWeb Spider2020None{"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:53:07 GMT", "x-nf-request-id": "01H06Y2Y8V02FJ2S9V869KY74K", "content-type": "text/html; charset=UTF-8", "age": "73"}funny.battleb0t.xyz
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5eb92eaeff3814-FRA Content-Encoding: gzip 104.21.71.14
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Nonersi (Category: gaming) https://robertsspaceindustries.com/citizens/ayhuayhu
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonemail.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d
2023-05-12 03:01:26Raw Data from RIRsNoTool - WhatWeb1020None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi2.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi2.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}]nwapi2.battleb0t.xyz
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneSnapchat Stories (Category: social) https://story.snapchat.com/s/battleb0tbattleb0t
2023-05-12 02:44:09SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Google Trust Services LLC,CN=GTS CA 1P5ayhu.xyz
2023-05-12 03:24:22HTTP Status CodeNoWeb Spider0040None403https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0020Nonepermissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(){"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:44:12Software UsedYesTool - Wappalyzer0020NoneNginxkekw.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneAOSS-DESKTOP1-47290 (Net ID: 00:00:5C:81:7F:C0)33.336199,-111.89446440830702
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.244): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMaingau (Net ID: 00:02:2D:66:97:3D)50.1188, 8.6843
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5913389a552a51-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.97.1
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.253): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:56:30Physical LocationNoFraudguard0030NoneGermany, Hesse, Frankfurt am Main46.101.229.70
2023-05-12 02:44:13Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonegithubusercontent.comwww.battleb0t.xyz
2023-05-12 03:33:45Raw File Meta DataNoBinary String Extractor0040NoneIDATx ? `sm b"0N9 3@N:vn yj4BZu:- pqmVU hEC0s c@ h' 6FcPkh4 2:Eu` IDAT nfwPH jniEDkf 9uCGxN MWFGv '!hXQf 6WoW' hRoWW 68ZQ$ 8Ro7Tr 2j3yrN nkumI'N rVKjW icsI3 dc:YL JU5sF O::vH BlH_0 xHnU6 :9sGc LB7R1 \T.sL T.TM` /kyyE NjttD Z \$@ _495P trtT'cq yf4:6 5?O@nY .LRMj9o dx.>_ "P/9l 1i5b> d<'uj JG077/ 4NmT4 2 2d9L B?mju VWom <F0b-R PMc7d6d? Z`sX10 tXB0Zn blFM! FpL3K 0o!Sc 6DfD0 IDATG` D2Yi2e wgxsu. sx<C3 P?AF5 N1dcyzL 6dT\D xTPT' " mE\ DpW-Q 8NZeS SIc@x oJj'sN?? ``xvl BR8Jtu waVm' 8 Jkd 55j1T i5Vn heH_> yy60A j1ENS uHcBj VCAKa v-v7i T/T.lF IDAT> 5zqxE? dUJ77 8_seE "gJs5UxZ p9Rn: f2`q? r4SvF 05sFG- 7mecE `tNP6 ><HQT s9v54 !c>0 MRmC" Pp@e9_https://pics.battleb0t.xyz/images/ein_2.png
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5b59d17bc80231-ORD Content-Encoding: gzip 188.114.97.1
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneDONNYMC (Net ID: 00:09:5B:CF:7C:14)39.0469, -77.4903
2023-05-12 02:44:44Software UsedYesTool - Wappalyzer0030NoneCloudflarevscode.battleb0t.xyz
2023-05-12 03:01:20Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.177): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:14Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.133): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.224): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneTacklebox AirNet (Net ID: 00:02:2D:0D:4F:2B)37.7642, -122.3993
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonehollyhome (Net ID: 00:04:5A:FD:2E:C9)33.336199,-111.89446440830702
2023-05-12 03:08:47Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.219104.196.30.220
2023-05-12 03:03:34Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00d2.github.io
2023-05-12 02:54:15Linked URL - ExternalNoWeb Spider2030Nonehttps://github.com/Altpapier/SkyHelperAPI/tree/master/exampleshttps://nwapi2.battleb0t.xyz/
2023-05-12 02:44:10Co-Hosted Site - Domain NameNoSSL Certificate Analyzer2110Nonegithubusercontent.combattleb0t.xyz
2023-05-12 02:55:11Software UsedYesCensys0020NoneMariaDB MariaDB 10.5.1987.248.157.102
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneGettr (Category: social) https://gettr.com/user/loginlogin
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx BYOD (Net ID: 00:01:21:26:42:61)41.8781, -87.6298
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneP2d8T7f2d$ (Net ID: 00:18:0A:DF:7D:60)32.8608, -79.9746
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.216): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:04:E2:FB:95:10)39.0469, -77.4903
2023-05-12 02:53:23Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fhome-docs.webflow.io%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:7648:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7648:304:WilStaging_02"\n "Local\\SM0:7648:120:WilError_01"\n "SM0:7648:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "138.91.254.96:443"\n "172.66.43.150:443"\n "151.101.2.132:443"\n "35.186.254.174:443"\n "65.8.158.125:443"\n "65.8.165.43:443"\n "20.50.201.201:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.salesflare.com"\n "d3e54v103j8qbb.cloudfront.net"\n "home-docs.webflow.io"\n "llink.to"\n "self.events.data.microsoft.com"\n "track.salesflare.com"\n "uploads-ssl.webflow.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.148.664.8402708624568094443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000148]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\148_306407055\\edge_driver.js]- [targetUID: 00000000-00000148]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00000148]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00000148]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00000148]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\148_306407055\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00000148]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\148_306407055\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00000148]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00000148]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00000148]\n "000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000014.ldb]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00000148]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\148_431447688\\edge_autofill_field_data.json]- [targetUID: 00000000-00000148]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00000148]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00000148]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\\148_306407055\\json\\wallet\\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00000148]\n "Web Data" has type "SQLi185.199.109.153
2023-05-12 02:56:18Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://keyzstoreoracle.org/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dbc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dbc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_dbc_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "IsoScope_dbc_IE_EarlyTabStart_0xf74_Mutex"\n "IsoScope_dbc_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3516"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_dbc_ConnHashTable<3516>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"keyzstoreoracle.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:80"\n "96.6.31.32:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"keyzstoreoracle.org"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "GNHNKDR2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GNHNKDR2.txt]- [targetUID: 00000000-00003516]\n Dropped file: "872UMPTE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\872UMPTE.txt]- [targetUID: 00000000-00003516]\n Dropped file: "P1JMAX91.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1JMAX91.txt]- [targetUID: 00000000-00003516]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DFD0369D8D88B34BD1.TMP" has type "data"- Location: [%TEMP%\\~DFD0369D8D88B34BD1.TMP]- [targetUID: 00000000-00003516]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003516]\n "_E5961C44-4C47-11ED-BAE3-080027B2FD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "GNHNKDR2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GNHNKDR2.txt]- [targetUID: 00000000-00003516]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "background_gradient_1_" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 1x800 frames 3"- [targetUID: N/A]\n "ErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003516]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003516]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003516]\n "~DF4BEE67FCFB6399A9.TMP" has type "data"- Location: [%TEMP%\\~DF4BEE67FCFB6399A9.TMP]- [targetUID: 00000000-00003516]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003516]\n "872UMPTE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\872UMPTE.txt]- [targetUID: 00000000-00003516]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF2DD02FB8845D7E5E.TMP" has type "data"- Location: [%TEMP%\\~DF2DD02FB8845D7E5E.TMP]- [targetUID: 00000000-00003516]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://keyzstoreoracle.org/"\n Pattern match: "http://keyzstoreoracle.org"\n Heuristic match: "keyzstoreoracle.org"\n Pattern match: "https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:26ef1154-5995-4d24-ad78-ef0b04f11587\nX-Response-Cache-Status: True\nExpires: Sat, 15 Oct 2022 06:47:48 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Sat, 15 Oct 2022 06:47:48 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'16/88 reputation engines marked "http://keyzstoreoracle.org/" as malicious (18% detection rate)\n 16/88 reputation engines marked "http://keyzstoreoracle.org" as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'16/88 Antivirus vendors marked sample as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-3', u'name': u'Sample was identified as malicious by a large number of Antivirus engines', u'attck_104.196.30.220
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonelogitec-a197d9 (Net ID: 00:01:8E:A1:97:D8)37.7813933,-122.3918002
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.19): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:03:41Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01039402468.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneTSMD 5 (Net ID: 00:02:6F:FD:8B:6F)33.336199,-111.89446440830702
2023-05-12 03:32:21Open TCP PortNoPulsedive0030None188.114.97.11:8443188.114.97.0/24
2023-05-12 03:01:31Raw Data from RIRsNoTool - WhatWeb1020None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://funny.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'Netlify']}, u'RedirectLocation': {u'string': [u'https://funny.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'x-nf-request-id']}, u'IP': {u'string': [u'34.148.147.18']}}}, {}]funny.battleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-cache: MISS{"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"}
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNet4862 (Net ID: 00:01:36:5B:48:60)37.7813933,-122.3918002
2023-05-12 03:09:30Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.ioakashpmani.github.io
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:12:55Raw Data from RIRsNonumverify0030None{u'international_format': u'+14806242598', u'local_format': u'4806242598', u'number': u'14806242598', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'}+14806242598
2023-05-12 03:24:30Affiliate - Company NameNoCompany Name Extractor0070NoneNetwork Solutions, LLC Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:40:26Z Creation Date: 2018-06-27T20:51:35Z Registry Expiry Date: 2024-06-27T20:51:35Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:41:04Z Creation Date: 2018-06-27T20:51:35Z Registrar Registration Expiration Date: 2024-06-27T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32256 Registrant Country: US Registrant Phone: +1.5707088622 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Admin ID: Admin Name: PERFECT PRIVACY, LLC Admin Organization: Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Admin City: Jacksonville Admin State/Province: FL Admin Postal Code: 32256 Admin Country: US Admin Phone: +1.5707088622 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Tech ID: Tech Name: PERFECT PRIVACY, LLC Tech Organization: Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Tech City: Jacksonville Tech State/Province: FL Tech Postal Code: 32256 Tech Country: US Tech Phone: +1.5707088622 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned Registrar Abuse Contact Email: domain.operations@web.com Registrar Abuse Contact Phone: +1.8777228662 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en This listing is a Network Solutions Private Registration. Mail correspondence to this address must be sent via USPS Express Mail(TM) or USPS Certified Mail(R); all other mail will not be processed. Be sure to include the registrant's domain name in the address. The data in Networksolutions.com's WHOIS database is provided to you by Networksolutions.com for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. Networksolutions.com makes this information available "as is," and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; or (2) enable high volume, automated, electronic processes that apply to Networksolutions.com (or its systems). The compilation, repackaging, dissemination or other use of this data is expressly prohibited without the prior written consent of Networksolutions.com. Networksolutions.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:A1:42:A6)39.0469, -77.4903
2023-05-12 02:58:21Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://hui-zhou.netlify.app/index.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_638_ConnHashTable<1592>_HashTable_Mutex"\n "IsoScope_638_IESQMMUTEX_0_303"\n "IsoScope_638_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_638_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_638_IE_EarlyTabStart_0xf34_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1592"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_638_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\_!SHMSFTHISTORY!_"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "TCKAJPB5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TCKAJPB5.txt]- [targetUID: 00000000-00001592]\n Dropped file: "36ZSW8Z3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\36ZSW8Z3.txt]- [targetUID: 00000000-00001592]\n Dropped file: "MRKVEKYP.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MRKVEKYP.txt]- [targetUID: 00000000-00001592]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DFA8153985C10DD229.TMP" has type "data"- Location: [%TEMP%\\~DFA8153985C10DD229.TMP]- [targetUID: 00000000-00001592]\n "~DF0435E689B517C6FA.TMP" has type "data"- Location: [%TEMP%\\~DF0435E689B517C6FA.TMP]- [targetUID: 00000000-00001592]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "TCKAJPB5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TCKAJPB5.txt]- [targetUID: 00000000-00001592]\n "_A8449244-8194-11ED-8425-080027616BD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D7364101-8192-11ED-8425-080027616BD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "36ZSW8Z3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\36ZSW8Z3.txt]- [targetUID: 00000000-00001592]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFD5A898F84D577C98.TMP" has type "data"- Location: [%TEMP%\\~DFD5A898F84D577C98.TMP]- [targetUID: 00000000-00001592]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001592]\n "~DF4601B0A7A8A27A0A.TMP" has type "data"- Location: [%TEMP%\\~DF4601B0A7A8A27A0A.TMP]- [targetUID: 00000000-00001592]\n "MRKVEKYP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MRKVEKYP.txt]- [targetUID: 00000000-00001592]\n "index_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D73640FF-8192-11ED-8425-080027616BD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 548\nContent-Type: application/octet-stream\nDate: Thu, 22 Dec 2022 01:42:19 GMT\nEtag: "4ee59b3d2e9da012cec25867fea8b48f-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\nX-Nf-Request-Id: 01GMVQXQJ1YFJJ3B3XD9AQHCH0\n\n{\n "name": "Job Candidate",\n "short_name": "Job Candidate",\n "lang": "en-us",\n "theme_color": "#2962ff",\n "background_color": "#2962ff",\n "icons": [{\n "src": "/images/icon_hu0b7a4cb9992c9ac0e91bd28ffd38dd00_9727_192x192_fill_lanczos_center_2.png",\n "sizes": "192x192",\n "type": "image/png"\n }, {\n "src": "/images/icon_hu0b7a4cb9992c9ac0e91bd28ffd38dd00_9727_512x512_fill_lanczos_center_2.png",\n "sizes": "512x512",\n "type": "image/png"\n }],\n "display": "standalone",\n "start_url": "/?utm_source=web_app_manifest"\n}"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 404 Not Found\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Type: text/html; charset=utf-8\nDate: Thu, 22 Dec 2022 01:42:22 GMT\nEtag: 1655429792-ssl-df\nServer: Netlify\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GMVQXTEARV5HP7YS58XJPHJZ\nTransfer-Encoding: chunked"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hui-zhou.netlify.app/index.webmanifest"\n Pattern match: "https://hui-zhou.netlify.app"'}], u'threat_level': 0, u'size': None, u'job_id': u'63a3b3d1ddf29718d50a1530', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'suspicious_identifiers': [], u'attck_id': u'T1071.001', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Web Protocols', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers'34.74.170.74
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.164): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:53:02Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://nwapi.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]nwapi.battleb0t.xyz
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Noneakashpmani.github.io185.199.109.153
2023-05-12 02:54:22HTTP HeadersNoWeb Spider10020None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}www.ayhu.xyz
2023-05-12 02:54:15Linked URL - ExternalNoWeb Spider0030Nonehttps://www.patreon.com/skyhelperhttps://nwapi2.battleb0t.xyz/
2023-05-12 02:54:54Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-11T12:33:03.766Z", "ip": "2a06:98c1:3121::1", "location_updated_at": "2023-05-06T23:05:13.627091Z", "autonomous_system_updated_at": "2023-05-06T23:05:13.627138Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"karriere-job-booster.com": {"record_type": "AAAA", "resolved_at": "2023-03-23T15:40:36.428770073Z"}, "uncoveryourconfidence.org": {"record_type": "AAAA", "resolved_at": "2023-03-24T20:43:37.500409594Z"}, "question-orthographe.net": {"record_type": "AAAA", "resolved_at": "2022-12-25T11:23:33.248567488Z"}, "kfplastics.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:37.294872821Z"}, "ozvi.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:04:48.328410124Z"}, "romainebrain.dev": {"record_type": "AAAA", "resolved_at": "2023-02-18T04:11:46.139927410Z"}, "static.sampledu.com": {"record_type": "AAAA", "resolved_at": "2023-02-01T22:23:03.363402875Z"}, "cpcontacts.madares.app": {"record_type": "AAAA", "resolved_at": "2023-04-16T12:14:57.712576745Z"}, "vadyba.lt": {"record_type": "AAAA", "resolved_at": "2023-03-19T16:29:40.486687881Z"}, "openspeedtest.ovride.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:05:02.904720123Z"}, "www.3e-wellness.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:03:48.794666765Z"}, "405.hjs.my.id": {"record_type": "AAAA", "resolved_at": "2023-04-12T11:14:59.074372516Z"}, "mail.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "dusfer.com": {"record_type": "AAAA", "resolved_at": "2022-12-29T13:18:33.050196113Z"}, "beautybeyondhair.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T18:46:00.761081322Z"}, "beautybeyondhair.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "askapkmod.com": {"record_type": "AAAA", "resolved_at": "2022-12-26T12:52:46.077237913Z"}, "gbdfdm.cn": {"record_type": "AAAA", "resolved_at": "2023-02-17T02:28:21.988085793Z"}, "www.cylindermowers.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:39.710895641Z"}, "karriere-job-booster.at": {"record_type": "AAAA", "resolved_at": "2023-04-30T12:17:10.484433310Z"}, "www.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-16T17:06:44.448663582Z"}}, "names": ["www.cylindermowers.com.au", "dusfer.com", "www.wolny.poker", "question-orthographe.net", "kfplastics.com.au", "wolny.poker", "beautybeyondhair.net", "uncoveryourconfidence.org", "romainebrain.dev", "karriere-job-booster.at", "karriere-job-booster.com", "static.sampledu.com", "ozvi.net", "vadyba.lt", "beautybeyondhair.buzz", "cpcontacts.madares.app", "openspeedtest.ovride.net", "405.hjs.my.id", "www.3e-wellness.com", "gbdfdm.cn", "askapkmod.com", "mail.wolny.poker"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://[2a06:98c1:3121::1]/"}, "response": {"body": "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js ie7 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 8]> <html class=\"no-js ie8 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if gt IE 8]><!--> <html class=\"no-js\" lang=\"en-US\"> <!--<![endif]-->\n<head>\n<title>Direct IP access not allowed | Cloudflare</title>\n<meta charset=\"UTF-8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"robots\" content=\"noindex, nofollow\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\" />\n<link rel=\"stylesheet\" id=\"cf_styles-css\" href=\"/cdn-cgi/styles/main.css\" />\n\n\n<script>\n(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){var c=document.getElementById(\"error-feedback-survey\"),d=document.getElementById(\"error-feedback-success\"),b=new XMLHttpRequest;a={event:\"feedback clicked\",properties:{errorCode:1003,helpful:a,version:1}};b.open(\"POST\",\"https://sparrow.cloudflare.com/api/v1/event\");b.setRequestHeader(\"Content-Type\",\"application/json\");b.setRequestHeader(\"Sparrow-Source-Key\",\"c771f0e4b54944bebf4261d44bd79a1e\");\nb.send(JSON.stringify(a));c.classList.add(\"feedback-hidden\");d.classList.remove(\"feedback-hidden\")};document.addEventListener(\"DOMContentLoaded\",function(){var a=document.getElementById(\"error-feedback\"),c=document.getElementById(\"feedback-button-yes\"),d=document.getElementById(\"feedback-button-no\");\"classList\"in a&&(a.classList.remove(\"feedback-hidden\"),c.addEventListener(\"click\",function(){e(!0)}),d.addEventListener(\"click\",function(){e(!1)}))})}})();\n</script>\n\n<script defer src=\"https://performance.radar.cloudflare.com/beacon.js\"></script>\n</head>\n<body>\n <div id=\"cf-wrapper\">\n <div class=\"cf-alert cf-alert-error cf-cookie-error hidden\" id=\"cookie-alert\" data-translate=\"enable_cookies\">Please enable cookies.</div>\n <div id=\"cf-error-details\" class=\"p-0\">\n <header class=\"mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased\">\n <h1 class=\"inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight\">\n <span data-translate=\"error\">Error</span>\n <span>1003</span>\n </h1>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">Ray ID: 7c552e7289ff8729 &bull;</span>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">2023-05-10 21:12:37 UTC</span>\n <h2 class=\"text-gray-600 leading-1.3 text-3xl lg:text-2xl font-light\">Direct IP access not allowed</h2>\n </header>\n\n <section class=\"w-240 lg:w-full mx-auto mb-8 lg:px-8\">\n <div id=\"what-happened-section\" class=\"w-1/2 md:w-full\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_happened\">What happened?</h2>\n <p>You've requested an IP address that is part of the <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">Cloudflare</a> network. A valid Host header must be supplied to reach the desired website.</p>\n \n </div>\n\n \n <div id=\"resolution-copy-section\" class=\"w-1/2 mt-6 text-15 leading-normal\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_can_i_do\">What can I do?</h2>\n <p>If you are interested in learning more about Cloudflare, please <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">visit our website</a>.</p>\n </div>\n \n </section>\n\n <div class=\"feedback-hidden py-8 text-center\" id=\"error-feedback\">\n <div id=\"error-feedback-survey\" class=\"footer-line-wrapper\">\n Was this page helpful?\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-yes\" type=\"button\">Yes</button>\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-no\" type=\"button\">No</button>\n </div>\n <div class=\"feedback-success feedback-hidden\" id=\"error-feedback-success\">\n Thank you for your feedback!\n </div>\n</div>\n\n\n <div class=\"cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300\">\n <p class=\"text-13\">\n <span class=\"cf-footer-item sm:block sm:mb-1\">Cloudflare Ray ID: <strong class=\"font-semibold\">7c552e7289ff8729</strong></span>\n <span class=\"cf-footer-separator sm:hidden\">&bull;</span>\n <span id=\"cf-footer-item-ip\" class=\"cf-footer-item hidden sm:block sm:mb-1\">\n Your IP:\n <button type=\"button\" id=\"cf-footer-ip-reveal\" class=\"cf-footer-ip-reveal-btn\">Click to reveal</button>\n <span class=\"hidden\" id=\"cf-footer-ip\">2620:96:e000:b0cc:e:2:2:7</span>\n <span class=\"cf-footer-separator sm:hidden\">&bull;</span>\n </span>\n <span class=\"cf-footer-item sm:block sm:mb-1\"><span>Performance &amp; security by</span> <a rel=\"noopener noreferrer\" href=\"https://www.cloudflare.com/5xx-error-landing\" id=\"brand_link\" target=\"_blank\">Cloudflare</a></span>\n \n </p>\n <script>(function(){function d(){var b=a.getElementById(\"cf-footer-item-ip\"),c=a.getElementById(\"cf-footer-ip-reveal\");b&&\"classList\"in b&&(b.classList.remove(\"hidden\"),c.addEventListener(\"click\",function(){c.classList.add(\"hidden\");a.getElementById(\"cf-footer-ip\").classList.remove(\"hidden\")}))}var a=document;document.addEventListener&&a.addEventListener(\"DOMContentLoaded\",d)})();</script>\n</div><!-- /.error-footer -->\n\n\n </div><!-- /#cf-error-details -->\n </div><!-- /#cf-wrapper -->\n\n <script>\n window._cf_translation = {};\n \n \n</script>\n\n</body>\n</html>\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "Direct IP access not allowed | Cloudflare", "protocol": "HTTP/1.1", "body_size": 5906, "body_hashes": ["sha256:81e65e93698a020fe49192d7c9ffa42bda061fb7e5c8ea99e88fffab1636b9d8", "sha1:7d09f1dbda6b2258121e4b32e473c157ec6c1012"], "status_code": 403, "body_hash": "sha1:7d09f1dbda6b2258121e4b32e473c157ec6c1012", "headers": {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "S2a06:98c1:3121::1
2023-05-12 02:53:06Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://nuke.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nuke.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]nuke.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonelichess (Category: gaming) https://lichess.org/@/loginlogin
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}172.67.168.252
2023-05-12 02:45:59Physical LocationNoAbstractAPI0030NoneChicago, Illinois, 60666, United States, North America104.21.71.14
2023-05-12 02:54:15Web ContentNoWeb Spider4020None<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" /> <meta property="og:title" content="SkyHelper API - Documentation" /> <meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" /> <meta property="oh.theme-color" content="#3585d0" /> <meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." /> <title>SkyHelper API - Documentation</title> <link rel="stylesheet" href="https://stackedit.io/style.css" /> </head> <body class="stackedit"> <div class="stackedit__html"> <h1 id="skyhelper-api">SkyHelper API</h1> <h1 id="authentication">Authentication</h1> <p> The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper <a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br /> You can either use the key query parameter by adding a <code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API token. </p> <h1 id="responses">Responses</h1> <p> All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a <code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests. </p> <table> <thead> <tr> <th>Status Code</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>Successful request</td> </tr> <tr> <td>400</td> <td> The request is missing an authentication method (valid <code>key</code> query parameter or an <code>Authentication</code> header) </td> </tr> <tr> <td>403</td> <td>The provided token does not exist</td> </tr> <tr> <td>404</td> <td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td> </tr> <tr> <td>429</td> <td> The Hypixel API rate-limit was reached (The API will return <code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers) </td> </tr> <tr> <td>500</td> <td> There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on <a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a> </td> </tr> <tr> <td>502</td> <td>Hypixels API is experiencing some technical issues or is unavailable</td> </tr> <tr> <td>503</td> <td>Hypixels API is in maintenance mode</td> </tr> <tr> <td>504</td> <td>Hypixels API returned a <code>Gateway Time-out</code> error</td> </tr> </tbody> </table> <h1 id="endpoints">Endpoints</h1> <h3 id="get-v2networth"><code>POST</code> /v2/networth</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>profileData</td> <td>Object</td> <td>The profile player data from the Hypixel API (profile.members[uuid])</td> </tr> <tr> <td>bankBalance</td> <td>Number</td> <td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td> </tr> <tr> <td>onlyNetworth</td> <td>Boolean</td> <td>(default: false) If true, only the networth will be returned</td> </tr> </tbody> </table> <h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3> <table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>itemData</td> <td>Object</td> <td>The parsed item data of an item from the profiles endpoint</td> </tr> </tbody> </table> <h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3> <h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3> <h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3> <h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3> <h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3> <h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3> <h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3> <table> <thead> <tr> <th>Parameter</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>user</td> <td>This can be the UUID of a user or the name</td> </tr> <tr> <td>profile</td> <td>This can be the users profile id or name</td> </tr> </tbody> </table> <h1 id="networthcalculationtypes">Networth Calculation Types</h1> <p>Types that are used to describe an item's calculation</p> <table> <thead> <tr> <th>Type</th> </tr> </thead> <tbody> <tr> <td>essence</td> </tr> <tr> <td>prestige</td> </tr> <tr> <td>shens_auction</td> </tr> <tr> <td>winning_bid</td> </tr> <tr> <td>enchant</td> </tr> <tr> <td>silex</td> </tr> <tr> <td>wood_singularity</td> </tr> <tr> <td>tuned_transmission</td> </tr> <tr> <td>thunder_charge</td> </tr> <tr> <td>rune</td> </tr> <tr> <td>fuming_potato_book</td> </tr> <tr> <td>hot_potato_book</td> </tr> <tr> <td>dye</td> </tr> <tr> <td>the_art_of_war</td> </tr> <tr> <td>the_art_of_peace</td> </tr> <tr> <td>farming_for_dummies</td> </tr> <tr> <td>recombobulator_3000</td> </tr> <tr> <td>gemstone</td> </tr> <tr> <td>reforge</td> </tr> <tr> <td>master_star</td> </tr> <tr> <td>necron_scroll</td> </tr> <tr> <td>gemstone_chamber</td> </tr> <tr> <td>drill_part</td> </tr> <tr> <td>etherwarp_conduit</td> </tr> <tr> <td>pet_item</td> </tr> nwapi2.battleb0t.xyz
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneBIGO Live (Category: gaming) https://www.bigo.tv/user/ayhuayhu
2023-05-12 03:32:23Open TCP PortNoPulsedive0030None188.114.97.12:443188.114.97.0/24
2023-05-12 03:15:36Physical LocationNoipstack0030NoneUnited States165.232.113.85
2023-05-12 02:50:50Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://nitishapiplani.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c64_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c64_ConnHashTable<3172>_HashTable_Mutex"\n "IsoScope_c64_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c64_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3172"\n "IsoScope_c64_IESQMMUTEX_0_303"\n "IsoScope_c64_IE_EarlyTabStart_0x8c8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3172"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"\n "104.194.8.120:443"\n "172.64.101.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "nitishapiplani.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "urlref_httpsnitishapiplani.github.ionetflix")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "CabBBE4.tmp" has type "data"- Location: [%TEMP%\\CabBBE4.tmp]- [targetUID: 00000000-00002512]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003172]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF955EB99FAEC0BF81.TMP" has type "data"- Location: [%TEMP%\\~DF955EB99FAEC0BF81.TMP]- [targetUID: 00000000-00003172]\n "~DFAB59786306F8443C.TMP" has type "data"- Location: [%TEMP%\\~DFAB59786306F8443C.TMP]- [targetUID: 00000000-00003172]\n "~DF840616A128F2225A.TMP" has type "data"- Location: [%TEMP%\\~DF840616A128F2225A.TMP]- [targetUID: 00000000-00003172]\n "~DF104C60AD25A48D28.TMP" has type "data"- Location: [%TEMP%\\~DF104C60AD25A48D28.TMP]- [targetUID: 00000000-00003172]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._A51A8CAF-EF99-11ED-8979-0800270D69EC_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_A51A8CB1-EF99-11ED-8979-0800270D69EC_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AF4FEC1E-EF99-11ED-8979-0800270D69EC_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002512]\n "free-v4-font-face.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "L27GVFRH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L27GVFRH.txt]- [targetUID: 00000000-00002512]\n "IZ4OJTMX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IZ4OJTMX.txt]- [targetUID: 00000000-00003172]\n "300YVMPQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\300YVMPQ.txt]- [targetUID: 00000000-00003172]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002512]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "PMD3JQRI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PMD3JQRI.txt]- [targetUID: 00000000-00002512]\n "19VOQME2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\19VOQME2.txt]- [targetUID: 00000000-00003172]\n "IDOH18CO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IDOH18CO.txt]- [targetUID: 00000000-00003172]\n "U464YG0T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U464YG0T.txt]- [targetUID: 00000000-00003172]\n "CabC43B.tmp" has type "data"- Location: [%TEMP%\\CabC43B.tmp]- [targetUID: 00000000-00002512]\n "CabBCD4.tmp" has type "data"- Location: [%TEMP%\\CabBCD4.tmp]- [targetUID: 00000000-00002512]\n "CabD5B4.tmp" has type "data"- Location: [%TEMP%\\CabD5B4.tmp]- [targetUID: 00000000-00002512]\n "CabBCC3.tmp" has type "data"- Location: [%TEMP%\\CabBCC3.tmp]- [targetUID: 00000000-00002512]\n "CabD5C8.tmp" has type "data"- Location: [%TEMP%\\CabD5C8.tmp]- [targetUID: 00000000-00002512]\n "CabD5B6.tmp" has type "data"- Location: [%TEMP%\\CabD5B6.tmp]- [targetUID: 00000000-00002512]\n "CabBCE4.tmp" has type "data"- Location: [%TEMP%\\CabBCE4.tmp]- [targetUID: 00000000-00002512]\n "CabBCB0.tmp" has type "data"- Location: [%TEMP%\\CabBCB0.tmp]- [targetUID: 00000000-00002512]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002512]\n "CabC48B.tmp" has type "data"- Location: [%TEMP%\\CabC48B.tmp]- [targetUID: 00000000-00002512]\n "CabD5F8.tmp" has type "data"- Location: [%TEMP%\\CabD5F8.tmp]- [targetUID: 00000000-00002512]\n "urlref_httpsnitishapiplani.github.ionetflix" has type "HTML185.199.108.153
2023-05-12 03:09:49Affiliate - Internet NameNoDNS Resolver0040None78.170.74.34.bc.googleusercontent.com34.74.170.78
2023-05-12 02:55:28BGP AS MembershipNoURLScan.io0020None14061kekw.battleb0t.xyz
2023-05-12 03:00:32Affiliate - Email AddressNoE-Mail Address Extractor0040Nonecontact@millcityloans.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'54.196.16.164'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://hilarious-kelpie-473db1.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd"\n "www.herokucdn.com"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d00_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_d00_ConnHashTable<3328>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d00_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d00_IESQMMUTEX_0_519"\n "IsoScope_d00_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3328"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d00_IE_EarlyTabStart_0x424_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "54.196.16.164:80"\n "99.84.238.168:80"\n "99.84.238.168:443"\n "99.84.224.224:80"\n "99.84.224.90:80"\n "99.84.224.108:80"\n "99.84.224.214:80"\n "99.84.224.3:80"\n "99.84.224.217:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"TR7K5OKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TR7K5OKT.txt]- [targetUID: 00000000-00003328]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00001732]\n "~DFC7FE55AAA15340B0.TMP" has type "data"- Location: [%TEMP%\\~DFC7FE55AAA15340B0.TMP]- [targetUID: 00000000-00003328]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003328]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003328]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00001732]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00001732]\n "2C9HMCBU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2C9HMCBU.txt]- [targetUID: 00000000-00003328]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003328]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00001732]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00001732]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003328]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003328]\n "BCB67D7ECB470284AF35679F339E879F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BCB67D7ECB470284AF35679F339E879F]- [targetUID: 00000000-00001732]\n "~DF9154BC8BBA72FEBA.TMP" has type "data"- Location: [%TEMP%\\~DF9154BC8BBA72FEBA.TMP]- [targetUID: 00000000-00003328]\n "FVK5E2PX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FVK5E2PX.txt]- [targetUID: 00000000-00003328]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003328]\n "~DF4D25D5B6C6F1C182.TMP" has type "data"- Location: [%TEMP%\\~DF4D25D5B6C6F1C182.TMP]- [targetUID: 00000000-00003328]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd" seems to be random\n "www.herokucdn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hilarious-kelpie-473db1.netlify.app/"- [Source: Input]\n Pattern match: "https://hilarious-kelpie-473db1.netlify.app"- [Source: Input]\n Pattern match: "www.herokucdn.com"- [Source: PCAP]\n Pattern match: "http://unsub1.cfd/"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootg2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootca1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA11CXliCX0s5ZbPbTWItcU%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /sca1b-1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.sca1b.amazontrust.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_
2023-05-12 02:54:16Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8oldfluid.battleb0t.xyz
2023-05-12 03:03:36Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00root.github.io
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneConnectionPoint (Net ID: 00:01:E3:0B:31:F9)50.1188, 8.6843
2023-05-12 03:28:39Open TCP PortNoPulsedive0030None188.114.96.160:443188.114.96.0/24
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneUnited Statesdontkillmyapp.com
2023-05-12 03:12:12Co-Hosted Site - Domain WhoisNoWhois0040NoneDomain: ply.gg Domain Status: Active Transfer Prohibited by Registrar Registrant: Developed Methods LLC Registrar: NameCheap, Inc (https://www.namecheap.com) Relevant dates: Registered on 21st August 2022 at 15:10:11.713 Registry fee due on 21st August each year Registration status: Registered until cancelled Name servers: ns1.playit-dns.com ns2.playit-dns.com WHOIS lookup made on Fri, 12 May 2023 at 4:12:12 BST This WHOIS information is provided for free by CIDR, operator of the backend registry for domain names ending in GG, JE, and AS. Copyright (c) and database right Island Networks 1996 - 2023. You may not access this WHOIS server or use any data from it except as permitted by our Terms and Conditions which are published at http://www.channelisles.net/legal/whoisterms They include restrictions and prohibitions on - using or re-using the data for advertising; - using or re-using the service for commercial purposes without a licence; - repackaging, recompilation, redistribution or reuse; - obscuring, removing or hiding any or all of this notice; - exceeding query rate or volume limits. The data is provided on an 'as-is' basis and may lag behind the register. Access may be withdrawn or restricted at any time. ply.gg
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneCapsmanagement (Net ID: 00:01:21:1C:AD:50)41.8781, -87.6298
2023-05-12 03:33:13Web Content LanguageNoLanguage Detector0040NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c59d97743e3')"></div> <form id="challenge-form" action="/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="IzWcLwqG74V5tV1nWv6NwCgv19x6fOKHH9bpAKGqFvs-1683861861-0-AaT1IDJ8zL-HPKAcS5jW_S_lOAZThpdmCpakWJJZLTdl-YC7YmW7x0R3Esq2ci5pRxETFrXUoScSBrwB5quPRe1171zsRq5FO5HvSBsT8wSH48d6cjZBcafhFd-gYMgKn5vz-FkJUPQ0nF10-q2ubdvcw8hKSSRUsAC4C2bgwDMz0kRykTgIN5O-4hUEH_aIMPUl85RgiecFAuvX8Ivy5H7CWHsXJNLmrFihUW3yur5y4mznmwIt6LoJGKtAduIhk1MMkrSy06zOCVQNVecBCYfPFg-LQUxzu01zND8kx6XIr4D_Z7JCVLT2xHDvC0QW8SVEpEQxyz1_6w4Q_kXekAKzWUv6f2WQc9reLDcoidSiSGME_E1JbznCGlu2Qcv2UxBiUp3ZaVMVnVkjfbD8tvqsMpOiPHRoL0QGNOvZC9IWd3DmNkLVl0o7A7gZ6X6XvmxN8FN6zQ5MuokY1veB1HzJur_7DeYGkiQKi-0P2vRxvm4WDXUmU4f2tq7Esl4HSqC16vv9LBLaBAi8Z_5ASfDKC4_Qtwk5ocpapPABdtQe_KyihhYQ0p3PsebP3qabKmLOkD2fDvF3lYLd3qMvC4RgGh-YX8l7PTUCq3wEfd8Mi9e6YReBeIzcGw5PwaoMHFYsP5RhUMwk71xYoONoQnXtJO45ecOy75oe90Gm07DUOsZsURI3qtJbwRlmpa7xW_oJhMCvGoxCaFBmv4Tj_3i4JWKOMf7hpKtp919xj-jQIAWQmSIDBw3LhMZPRePjKwSZV17PsqlmFxhMjxxo_oGcprk2tlsBrXLDx9NJVWy2DHDR-TPwL1u1-c5lRkjOzwwNIlsSIltqwOI6w4aVA6MdRM9LQlE6JVGhJTOkyMSmOGg0b-gPtNYSVQZ4M0bbvY5ZejvC-622MlBNpTcTQgj-Hr5BRzvJOQNVBtKeZNEcL0V-HlUOqjgsgCuZ0n-_DmccPSp6yXjib7zziw0VsFZ51VNwFMiyAJLSoQVd1OjGuw3fSFPRsqIT0NzkM6LJJ9oyKVkZXep7mdpjCvm52q0byqZXvzL2VDAtJAJmAXjedpHk-ixt-DqOfzQw9GqcICnOaIAwGCalMfoPOf8GPEND9RClu9LRyO_FDNt75C01Varldc5Ftwg8k-rAHBToDSA8_BQdwA01UognhxgoBkv5pTU2f0H6TbryBj0d8lUJpXsYh3CtyN0y8DOT_kz_DjrrzIT964Pdi7AsCCs8mo2IE6lrD73n8Izje7P97pkFkPjlBN2jtfhSvPURw_vpTJ5ZaaFdYA9KK-YFF68xMCw6ewAMK1rkYSoe1oqSv02a9QAvlbxHhD_COD3weHDV-tI_xq_UVBQKGO4fDKE5ZB_Li_qQJ1UU8CLWZeL01WBdYpUyqwj8DSDtW_hWLGQxeKSnHsjkNN44s8ztTjWQa0EOv111zkoc_jo1-AKbBfegf0gXFbeefPUQPApaVp0ZSh976fXDUBkg-u9zIFuO8PmOpT12qOluulzM3HAWuIXPfFdKdkuM_0Ju0J2nYUnPnIIPw7-X0VlO10ISCMaRppc2X6T6WN3Me0ur-AgpXQrtaOHERtZpzl81diItC7rlhoi2hcwlyknYz9uG6Jvt4vO7CVGEkxo64WkJUYfdQcxWDVfCj5P8OtigH5bAFPrPlThHqTc5vpPnWpu_04hxNRR1-yz89uQ30xUpmEOd55phY60kcWBwhTfKO_t_0MJs_4gMTnO_VQemTQRtnrcmjKY2pn8nAizQEc0LX-nJ_4sW5z-DGM44AAFGVM5-U7o0Y7m1jXwg99HdEmqr2iPndrQh3ksnfvVAApgCg0pbwWbA71pkVfyO8vPpUv_GruozMnSwm3sFOR28jhXLHljB6WOMjmilFX-I80iAeT78A5CMWmca6g1quxd5xHVTMFnl-Ys3ieqarC7YmJ7eytJNcbcsYSdnciNL21ndjddEi22yCTG9No7nWap74I3S-XDZ5j0YJh9aMipl2sHc0u1U-Vx2vJmPYYV1MWTS_cbbT2ub5ALyjMgyaSA96qpG_Ooy4cFCkf0E0RRynEWRVadMZE1Vz5bBogaFEOjsc334EAR0zTIX8_4nnRO5mOvEVRo4ZTcKeicbfVjehihRxW1wdSDJAbbGCjjkZj3DldP4NK0vlhWlD9UbhT6NEC6tNcCjkKUECuinurOI-oV4Cegh-51bGD-UpvxqLsfIQd9QODY03eyCxUur045Y22aLoD51JCbhy39Jp0fS35dbrG4QIggvUdxGVolRMemldY1hGoUkHPtE8nB2YB7L2z90pSQRrkz2F1mucH6C2aK0d1BE2f04Z7nAiGFk7bERb053H4pvO-fGR73M06TI9KFQDNVYHk7iyF8yJ8kA23l9FgJhokSfUX3_PYhrtNIdVilfmf2nfkSfGzPgsBbAL-1WUlksPvUQq7Tut8_2gnISEhXjovKigslLYWTdPYupiAliABg3BLe_WNuc41K408YYwipU-2SdiixQBhgUVLS8Sh615rA"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '89417', cRay: '7c5f8c59d97743e3', cHash: 'd514be865123f26', cUPMDTk: "\/lol.html?__cf_chl_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'FoAd4lVBdR3won9Rs2Jfak+tQjzXxPoSuo1RDbLWoBgbDtG4sbp6dJPVY2yPACeJPMILVDmGpWRL5p83JUdrP8nuVYCG+5vbYX8rd53MVZ5kJ9wlfWFmCqWwQJUw/8TZawBHID/u/30DQeOeSeUTm1hqzmleggywIwf6pMg+ibTI90WBrTuW9wSkueaL3qTaSW+A5NmE5a98IBe6uITwE7298cOlvN5xe0V0Y44L/7J794Ti/d2obzW0EWmpSj68DzdMrP78juCknmUCL5iCtrWXrfhdXXjruJCYgBsuVR5T1HoPLAY8ZaUH61xukMd5qVzPRfNIIlhcoowZA1Eh2PMRByvPcFpdrPeDKOY1J+M5l4lk4/TNmiDkgCFAka0tLoM1HisA+wo47P0wfWILTScPL+M3MhFjnCEsQgVWbbbcu7ppiHsxevxnn0ypjrb3lrjH9FQcH522PtO7okA/1k5zFXRELcMaZ1PaWlYYxUzZ0lEDuGD8W2uAABd3Zqr48isKkErgxdWRypRiannuzpfhTo9gXIVZgjYXWZqPwNgKEtOvG48uUqTLWAhuTpBS', t: 'MTY4Mzg2MTg2MS40MTQwMDA=', m: 'cETLdgv65AVfRnLUKPe0Cd6r3wJgEhjfW5wAN2YKd/o=', i1: 'w+O5Ul3LVrlFQJyL4ELS5Q==', i2: 'eUom9RfWfCbkQbM7K2vx8A==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c59d97743e3'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c59d97743e3'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:44:14Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0120Nonegithub.comwww.battleb0t.xyz
2023-05-12 02:55:05Software UsedYesCensys0020NoneCloudFlare CloudFlare Load Balancer188.114.97.1
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonezoom1330 (Net ID: 00:01:38:92:E5:07)37.7813933,-122.3918002
2023-05-12 03:31:33Affiliate - Email AddressNoE-Mail Address Extractor0030Nonepw-55286b4dad8e2523890cab5484722bf1@privacyguardian.orgDomain Name: AAHU.XYZ Registry Domain ID: D289905874-CNIC Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com Updated Date: 2022-06-06T11:23:48.0Z Creation Date: 2022-04-10T16:51:06.0Z Registry Expiry Date: 2024-04-10T23:59:59.0Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Registrant Organization: See PrivacyGuardian.org Registrant State/Province: AZ Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: LINDA.NS.GIANTPANDA.COM Name Server: VIVIAN.NS.GIANTPANDA.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namesilo.com Registrar Abuse Contact Phone: +1.4805240066 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:36.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: aahu.xyz Registry Domain ID: D289905874-CNIC Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com/ Updated Date: 2023-04-10T07:00:00Z Creation Date: 2022-04-10T07:00:00Z Registrar Registration Expiration Date: 2023-04-10T07:00:00Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Registrar Abuse Contact Email: abuse@namesilo.com Registrar Abuse Contact Phone: +1.4805240066 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: REDACTED FOR PRIVACY Registrant Organization: See PrivacyGuardian.org Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Registrant City: Phoenix Registrant State/Province: AZ Registrant Postal Code: 85016 Registrant Country: US Registrant Phone: +1.3478717726 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Registry Admin ID: Admin Name: Domain Administrator Admin Organization: See PrivacyGuardian.org Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Admin City: Phoenix Admin State/Province: AZ Admin Postal Code: 85016 Admin Country: US Admin Phone: +1.3478717726 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Registry Tech ID: Tech Name: Domain Administrator Tech Organization: See PrivacyGuardian.org Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Tech City: Phoenix Tech State/Province: AZ Tech Postal Code: 85016 Tech Country: US Tech Phone: +1.3478717726 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org Name Server: hugh.ns.cloudflare.com Name Server: ryleigh.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:00:00Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of high-volume, automated, electronic processes. The Data in our WHOIS database is provided for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. We do not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to us (or our computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without our prior written consent. We reserve the right to terminate your access to the WHOIS database at our sole discretion, including without limitation, for excessive querying of the WHOIS database or for failure to otherwise abide by this policy. We reserve the right to modify these terms at any time. Domains - cheap, easy, and secure at NameSilo.com https://www.namesilo.com Register your domain now at www.NameSilo.com - Domains. Cheap, Fast and Secure
2023-05-12 02:51:26Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://basil0303.github.io/newnetflix', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://basil0303.github.io/newnetflix', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://basil0303.github.io/newnetflix/', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://basil0303.github.io/newnetflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c2c_ConnHashTable<3116>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3116"\n "IsoScope_c2c_IESQMMUTEX_0_519"\n "IsoScope_c2c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c2c_IE_EarlyTabStart_0x890_Mutex"\n "IsoScope_c2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "156.146.53.12:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"basil0303.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "basil0303.github.io"\n "maxst.icons8.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "WhatsApp%20Image%202023-01-17%20at%206.19.38%20PM_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1280x537 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "la-solid-900_1_.eot" has type "Embedded OpenType (EOT) la-solid-900 family"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "WhatsApp%20Image%202023-01-17%20at%206.19.38%20PM_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1280x537 components 3"- [targetUID: N/A]\n "Cab187D.tmp" has type "data"- Location: [%TEMP%\\Cab187D.tmp]- [targetUID: 00000000-00002120]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "la-regular-400_1_.eot" has type "Embedded OpenType (EOT) la-regular-400 family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003116]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFEC2B4905E636D1C9.TMP" has type "data"- Location: [%TEMP%\\~DFEC2B4905E636D1C9.TMP]- [targetUID: 00000000-00003116]\n "~DF1E82426D8EB745CF.TMP" has type "data"- Location: [%TEMP%\\~DF1E82426D8EB745CF.TMP]- [targetUID: 00000000-00003116]\n "~DF00957C9CFA6C262C.TMP" has type "data"- Location: [%TEMP%\\~DF00957C9CFA6C262C.TMP]- [targetUID: 00000000-00003116]\n "~DF674FC84F11F06B63.TMP" has type "data"- Location: [%TEMP%\\~DF674FC84F11F06B63.TMP]- [targetUID: 00000000-00003116]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "urlref_httpbasil0303.github.ionewnetflix" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "_66210599-EEAE-11ED-B4CC-080027622CB1_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._66210597-EEAE-11ED-B4CC-080027622CB1_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E36CCDE-EEAE-11ED-B4CC-080027622CB1_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "index_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002120]\n "N7NVH73N.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N7NVH73N.txt]- [targetUID: 00000000-00003116]\n "90L3ZCW8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90L3ZCW8.txt]- [targetUID: 00000000-00003116]\n "4AL0ERRY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4AL0ERRY.txt]- [targetUID: 00000000-00003116]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002120]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "newnetflix_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "J560SO9O.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J560SO9O.txt]- [targetUID: 00000000-00003116]\n "3ZQ8QH57.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3ZQ8QH57.txt]- [targetUID: 00000000-00003116]\n "CTU372RB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CTU372RB.txt]- [targetUID: 00000000-00003116]\n "CKP14N3S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CKP14N3S.txt]- [targetUID: 00000000-00003116]\n "Cab1D81.tmp" has type "data"- Location: [%TEMP%\\Cab1D81.tmp]- [targetUID: 00000000-00002120]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002120]\n "Cab186C.tmp" has type "data"- Location: [%TEMP%\\Cab186C.tmp]- [targetUID: 00000000-00002120]\n "newnetflix_2_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /newnetflix/"'}, 185.199.108.153
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Nonehmac-sha2-512-etm@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneGeocaching (Category: social) https://www.geocaching.com/p/?u=loginlogin
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneBJNPSETUP (Net ID: 00:00:85:F4:1C:9A)37.7813933,-122.3918002
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneArmorGames (Category: gaming) https://armorgames.com/user/loginlogin
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneart_vacation2.4 (Net ID: 00:01:9F:30:06:78)33.6170672,-111.90564645297056
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneCollaborative projectscdn-185-199-111-153.github.com
2023-05-12 02:46:38BGP AS MembershipNoRIPE0040None13335172.67.160.0/20
2023-05-12 03:08:47Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.223104.196.30.220
2023-05-12 02:45:10Linked URL - InternalNoHybrid Analysis4010Nonehttp://kekw.battleb0t.xyz/jarbattleb0t.xyz
2023-05-12 03:27:33Open TCP PortNoPulsedive0030None188.114.96.128:8443188.114.96.0/24
2023-05-12 03:00:32Affiliate - Email AddressNoE-Mail Address Extractor0040Nonejcorrea@mottomortgage.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'54.196.16.164'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://hilarious-kelpie-473db1.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd"\n "www.herokucdn.com"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d00_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_d00_ConnHashTable<3328>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d00_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d00_IESQMMUTEX_0_519"\n "IsoScope_d00_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3328"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d00_IE_EarlyTabStart_0x424_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "54.196.16.164:80"\n "99.84.238.168:80"\n "99.84.238.168:443"\n "99.84.224.224:80"\n "99.84.224.90:80"\n "99.84.224.108:80"\n "99.84.224.214:80"\n "99.84.224.3:80"\n "99.84.224.217:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"TR7K5OKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TR7K5OKT.txt]- [targetUID: 00000000-00003328]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00001732]\n "~DFC7FE55AAA15340B0.TMP" has type "data"- Location: [%TEMP%\\~DFC7FE55AAA15340B0.TMP]- [targetUID: 00000000-00003328]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003328]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003328]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00001732]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00001732]\n "2C9HMCBU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2C9HMCBU.txt]- [targetUID: 00000000-00003328]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003328]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00001732]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00001732]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003328]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003328]\n "BCB67D7ECB470284AF35679F339E879F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BCB67D7ECB470284AF35679F339E879F]- [targetUID: 00000000-00001732]\n "~DF9154BC8BBA72FEBA.TMP" has type "data"- Location: [%TEMP%\\~DF9154BC8BBA72FEBA.TMP]- [targetUID: 00000000-00003328]\n "FVK5E2PX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FVK5E2PX.txt]- [targetUID: 00000000-00003328]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003328]\n "~DF4D25D5B6C6F1C182.TMP" has type "data"- Location: [%TEMP%\\~DF4D25D5B6C6F1C182.TMP]- [targetUID: 00000000-00003328]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd" seems to be random\n "www.herokucdn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hilarious-kelpie-473db1.netlify.app/"- [Source: Input]\n Pattern match: "https://hilarious-kelpie-473db1.netlify.app"- [Source: Input]\n Pattern match: "www.herokucdn.com"- [Source: PCAP]\n Pattern match: "http://unsub1.cfd/"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootg2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootca1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA11CXliCX0s5ZbPbTWItcU%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /sca1b-1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.sca1b.amazontrust.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_
2023-05-12 02:57:57SSL Certificate - Raw DataNoCertificate Transparency7010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d ayhu.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneWLAN (Net ID: 00:01:24:F0:8C:65)37.7642, -122.3993
2023-05-12 02:44:14Open TCP PortNoSSL Certificate Analyzer0020Nonepics.battleb0t.xyz:443pics.battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:01:24:F0:49:B4)34.0544, -118.244
2023-05-12 03:10:24Blacklisted IP AddressYesThreat Jammer0120NoneThreat Jammer - Risk score: 40 (MEDIUM) https://threatjammer.com/info/188.114.97.1188.114.97.1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePoshmark (Category: shopping) https://poshmark.com/closet/loginlogin
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx Guest (Net ID: 00:01:21:26:54:B0)41.8781, -87.6298
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050None6dgs-guest (Net ID: 00:06:B1:28:66:5F)33.617190550339146,-111.90827887019054
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonewavelan network (Net ID: 00:02:2D:0E:29:C9)34.0544, -118.244
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/ein_1.pnghttps://funny.battleb0t.xyz/
2023-05-12 03:00:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.11): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneXVIDEOS-profiles (Category: XXXPORNXXX) https://www.xvideos.com/profiles/loginlogin
2023-05-12 03:32:00Open TCP PortNoPulsedive0030None188.114.97.1:8443188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:0C:41:D7:22:4A)39.0469, -77.4903
2023-05-12 03:09:30Co-Hosted Site - Domain NameNoDNS Resolver2030Nonerathook.ccrathook.cc
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Nonedefault (Net ID: 00:00:94:CB:58:1E)41.8781, -87.6298
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonedilara (Net ID: 00:12:BF:56:97:E9)40.2024, 29.0398
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneWikipedia (Category: news) https://en.wikipedia.org/wiki/User:AltpapierAltpapier
2023-05-12 03:22:52Open TCP PortNoPulsedive0020None188.114.96.1:443188.114.96.1
2023-05-12 03:41:52BGP AS MembershipNoCensys0030None4448645.131.109.53
2023-05-12 03:00:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.20): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:13:03Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0000magda0000.github.io] https://www.openphish.com/feed.txt0000magda0000.github.io
2023-05-12 02:46:04Raw Data from RIRsNoAbstractAPI0030None{u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Google LLC', u'organization_name': u'Google LLC', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:03'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'34.74.170.74', u'continent': u'North America', u'region_iso_code': u'SC'}34.74.170.74
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:07:40:61:40:4D)33.617190550339146,-111.90827887019054
2023-05-12 02:45:47Physical CoordinatesNoAbstractAPI0020None37.751, -97.8222606:50c0:8001::153
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneTenor (Category: images) https://tenor.com/users/ayhuayhu
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneHangar6 (Net ID: 00:02:6F:E9:36:AC)33.6170672,-111.90564645297056
2023-05-12 03:18:53Raw File Meta DataNoFile Metadata Extractor0040None{'Image ExifOffset': (0x8769) Long=90 @ 66, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 112, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 54, 'Image XResolution': (0x011A) Ratio=72 @ 74, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 124, 'Image YResolution': (0x011B) Ratio=72 @ 82, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 136, 'EXIF ExifImageLength': (0xA003) Long=3088 @ 160, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 100, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 42, 'EXIF ExifImageWidth': (0xA002) Long=2316 @ 148, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 172}https://funny.battleb0t.xyz/images/carti_3.JPG
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneopensource (Category: tech) https://opensource.com/users/loginlogin
2023-05-12 03:03:59Co-Hosted SiteNoThreatMiner0020Nonejames-gamboa.github.io185.199.109.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030None6565 7241 (Net ID: 00:00:C5:D7:5E:64)41.8781, -87.6298
2023-05-12 02:44:49Company NameNoCompany Name Extractor0030NoneNetlify\, IncC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.156): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneConnectionPoint (Net ID: 00:01:E3:05:13:41)50.1188, 8.6843
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None^E^W^B^H^Y^B^I^L^G^R^_^W^H^S^^ (Net ID: 00:02:2D:6D:79:1B)37.7642, -122.3993
2023-05-12 02:47:44Open TCP PortNoPulsedive0030None34.148.97.127:44334.148.97.127
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom (Net ID: 00:0C:F6:43:34:F0)50.8897, 6.0563
2023-05-12 03:01:24Raw Data from RIRsNoTool - WhatWeb0010None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://ayhu.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://ayhu.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}]ayhu.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:07:56:EF)52.3759, 4.8975
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-F7C2 (Net ID: 00:1D:D2:C6:F7:C0)32.8608, -79.9746
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneBlogspot (Category: blog) http://ayshoo.blogspot.comayshoo
2023-05-12 03:18:06URL (Form)NoPage Information0050Nonehttps://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '15631', cRay: '7c5f6071cb5443bc', cHash: '381065269fdd378', cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv', t: 'MTY4Mzg2MDA2My4wMDEwMDA=', m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=', i1: 'MsbaNnnSVdv9s0jxu/qFPg==', i2: 'D5L567ziFL3S1185dlxV3g==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 02:45:34Email Gateway (DNS MX Records)NoDNS Raw Records0010Noneroute3.mx.cloudflare.netbattleb0t.xyz
2023-05-12 03:24:49CountryNoCountry Name Extractor0040NoneUnited States00rz.com
2023-05-12 02:54:00Netblock MembershipNoCensys0020None104.21.0.0/20104.21.6.166
2023-05-12 02:54:19HTTP HeadersNoWeb Spider6040None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"}https://fluid.battleb0t.xyz/./script.js
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:05:05)50.8897, 6.0563
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.219): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:48:43SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:9d:c5:27:de:ee:41:17:4e:89:34:e6:9d:87:79:d7:50:31 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:19:20 2022 GMT Not After : Mar 27 01:19:19 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 76:7f:d6:14:76:9a:00:79:07:de:19:f4:d2:24:0d:10:47:8b: ae:3f:f8:44:9a:f2:ec:c1:7b:c5:a8:3e:1b:21:6a:d3:13:ea: fb:6d:d3:d4:7a:d8:73:24:57:b7:c5:32:e7:93:1d:78:bc:d7: ff:72:e3:d1:10:bf:79:59:e7:40:ad:5a:05:ec:c7:2b:28:99: c1:ed:47:65:dd:b0:d9:8c:b9:fb:52:82:bf:aa:6b:d6:2b:5e: 26:b8:19:68:1f:cb:f7:83:5a:85:54:9b:67:dd:1c:c3:b5:19: 95:44:b2:10:39:c6:5d:ba:f4:dc:bd:f5:47:7d:2d:c3:7e:75: c6:d5:af:d7:0f:c4:c8:38:03:fd:af:d2:65:d9:5e:49:76:fd: fc:3f:85:65:96:12:92:30:76:19:b8:49:b0:4a:94:4c:bc:06: 3b:8d:29:dd:72:8b:b9:8f:94:30:a1:c6:0f:29:e6:44:ca:bb: c4:7f:aa:99:ae:85:ab:60:ff:84:01:2b:19:b0:9f:0e:b2:bf: 6b:d8:54:fa:34:98:8f:4f:47:e3:d1:ce:6a:1c:59:12:82:39: ad:8d:bb:d3:2e:49:4d:cc:e1:b9:78:44:ac:dd:a7:b9:87:43: 8d:e0:bd:42:23:b6:31:55:24:cd:a7:94:4c:30:87:24:49:6c: 3c:79:fe:30 battleb0t.xyz
2023-05-12 03:00:57Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.95): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:28Affiliate - Internet NameNoDNS Resolver0020Nonefrabjous-lebkuchen-324004.netlify.appfunny.battleb0t.xyz
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}172.67.135.9
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneBeens Gast (Net ID: 00:01:21:1F:B1:A1)52.3759, 4.8975
2023-05-12 02:55:01Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5e66a4c91910fb-ORD Content-Encoding: gzip 188.114.96.1
2023-05-12 02:59:54Affiliate - Email AddressNoE-Mail Address Extractor0030Nonerobert@broofa.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': 50, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.scca.com/vdesk/urlfilter_blocked.php3?errorcode=23&v=v2', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IE_EarlyTabStart_0xa48_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_ConnHashTable<3508>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_db4_IESQMMUTEX_0_519"\n "IsoScope_db4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.235.135.6:443"\n "169.150.221.147:443"\n "142.250.189.162:443"\n "142.250.72.194:443"\n "142.251.214.136:443"\n "185.199.110.153:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "108.139.1.13:443"\n "184.168.104.171:443"\n "142.250.189.226:443"\n "142.250.191.78:443"\n "18.155.202.90:443"\n "172.217.164.99:443"\n "142.251.46.162:443"\n "142.250.189.194:443"\n "142.250.141.156:443"\n "142.250.72.193:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"object.fm"\n "www.scca.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "* Copyright 2012 Twitter, Inc" (Indicator: "twitter")\n "* Designed and built with all the love in the world @twitter by @mdo and @fat." (Indicator: "twitter")\n "function $E(a){var b=a.state.wpc;if(null!==b&&""!==b)var c=b;else{b=a.state;a=a.win;if(a.google_ad_client)var d=String(a.google_ad_client);else{var e,f,g;if(null!=(g=null!=(f=null==(d=DE(a).head_tag_slot_vars)?void 0:d.google_ad_client)?f:null==(e=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:e.getAttribute("data-ad-client")))d=g;else{c:{d=a.document.getElementsByTagName("script");e=a.navigator&&a.navigator.userAgent||"";e=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")\n "function hn(a){switch(a){case "true":return!0;case "false":return!1;case "null":return null;case "undefined":break;default:try{var b=a.match(/^(?:\'(.*)\'|"(.*)")$/);if(b)return b[1]||b[2]||"";if(/^[-+]?\\d*(\\.\\d+)?$/.test(a)){var c=parseFloat(a);return c===c?c:void 0}}catch(d){}}};function jn(a){if(a.google_ad_client)return String(a.google_ad_client);var b,c,d,e,f;if(null!=(e=null!=(d=null==(b=X(a).head_tag_slot_vars)?void 0:b.google_ad_client)?d:null==(c=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:c.getAttribute("data-ad-client")))b=e;else{b:{b=a.document.getElementsByTagName("script");a=a.navigator&&a.navigator.userAgent||"";a=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2469.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2A0D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23C6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2B27.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2A0C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab27F6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab26EB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D8.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "J5LMIWI0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J5LMIWI0.txt]- [targetUID: 00000000-00003508]\n "original_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "f_3_.txt" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SGRF2RQT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SGRF2RQT.txt]- [targetUID: 00000000-00003444]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003444]\n "Tar2469.tmp" has type "data"- Location: [%TEMP%\\Tar2469.tmp]- [targetUID: 00000000-00003444]\n "f_5_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "original_2_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "aframe_1_.htm" has type "HTML document ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SQF88PWE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SQF88PWE.txt]- [targetUID: 00000000-00003508]\n "hotjar-1689630_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "modules.6af44455668b675aade1_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_CA5A6E9A-C9CD-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88F42E2F-C9CC-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2468.tmp]- [targetUID: 00000000-00003444]\n "panzoom_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "IZGPZZYD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IZGPZZYD.txt]- [targetUID: 00000000-00003508]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF7EB16B1E041EF79D.TMP" has type "data"- Location: [%TEMP%\\~DF7EB16B1E041EF79D.TMP]- [targetUID: 00000000-00003
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneL1NKSYS (Net ID: 00:0C:41:F6:2E:FE)39.0469, -77.4903
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:8080172.67.168.252
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-14n.github.io] https://www.openphish.com/feed.txt0-14n.github.io
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneAPC (Net ID: 00:09:5B:4F:F1:CA)33.6170672,-111.90564645297056
2023-05-12 02:44:22Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.108.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneCWhite-Aireconsole (Net ID: 00:02:0C:09:99:E0)37.7813933,-122.3918002
2023-05-12 03:03:16Internet Name - UnresolvedNoDNS Resolver0020Nonewebmail.ayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneDestructoid (Category: social) https://www.destructoid.com/?name=ayhuayhu
2023-05-12 02:54:23Web Content TypeNoWeb Spider0040Nonetext/html;charset=utf-8https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU
2023-05-12 02:54:22Linked URL - InternalNoWeb Spider0020Nonehttp://www.ayhu.xyzwww.ayhu.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-1AA2 (Net ID: 00:1D:D2:1B:1A:A0)32.8608, -79.9746
2023-05-12 03:10:19Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0030NoneVOIPBL Publicly Accessible PBX List [188.114.96.0/24] http://www.voipbl.org/update188.114.96.0/24
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneXVIDEOS-profiles (Category: XXXPORNXXX) https://www.xvideos.com/profiles/ayhuayhu
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/kappi_1.pnghttps://pics.battleb0t.xyz/
2023-05-12 03:10:04Affiliate - Internet NameNoDNS Resolver1040Nonebeatrixhaller.at207.154.228.167
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None55 2nd PMO (Net ID: 00:01:21:10:61:00)37.7813933,-122.3918002
2023-05-12 02:44:53SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 18:58:42 2023 GMT Not After : Apr 2 18:58:41 2023 GMT Subject: CN=teamcity.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14: 5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b: 41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b: 33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24: ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01: 86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a: 0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a: 65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c: 6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17: e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6: 98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8: 23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab: 09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a: c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d: d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98: 24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6: 92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04: 34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91: 0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09: 06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a: 1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f: 89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff: 51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d: f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98: 01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0: 57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e: ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11: 80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a: 7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03: 7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47: 4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d: bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d: be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33: 70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58: 32:f9:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:teamcity.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Jan 2 19:58:42.072 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:C3:06:C6:C9:50:41:7A:D7:6C:70:98: 51:7B:09:5D:89:5F:4F:70:26:E1:F3:55:05:EB:4B:EB: 4E:9B:F0:F2:88:02:20:0D:25:66:1C:2B:B5:DD:05:53: 30:99:F3:B4:0E:BD:C7:CD:B0:F0:5C:10:43:36:86:5F: 33:1B:1F:4F:B8:11:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 2 19:58:42.586 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:B0:57:94:1E:8F:52:58:AA:CA:03:15: 81:F7:97:21:F9:28:45:54:DF:F1:77:F6:A5:EC:58:76: D4:E4:12:AD:72:02:20:01:EE:79:67:15:46:B5:E0:30: 01:5F:EC:EA:1F:02:05:AC:32:1E:71:83:9E:36:A7:78: 3E:88:36:4C:5A:59:65 Signature Algorithm: sha256WithRSAEncryption 00:08:62:12:2d:66:22:5c:b5:95:b3:65:a0:38:13:b2:e8:94: fc:c1:f0:43:eb:c7:1d:b0:f8:81:fa:e3:8a:ff:5b:71:ba:c9: f0:8c:f7:2d:1c:f7:06:60:a9:cc:2b:a3:6a:74:56:5c:cc:ee: dd:59:f1:89:1a:b3:64:77:7a:c3:42:25:ce:6f:ac:00:39:8c: a8:ce:ab:de:74:9d:af:21:0a:8f:b8:da:c8:3a:34:04:13:53: 15:9a:a4:d4:ed:01:76:22:4f:b2:ec:9f:6d:03:d3:fa:18:6c: 67:6c:d6:b6:ce:7c:21:a4:1d:31:9c:0b:67:28:45:a7:ef:50: 97:79:ef:ba:a7:08:97:43:77:c8:c9:14:ff:92:90:23:36:be: 38:39:aa:a3:93:44:43:ea:01:c8:6f:d8:16:59:02:23:ab:26: 37:6a:12:88:93:b7:fe:c2:0d:03:0c:53:22:d8:37:25:ad:01: bc:05:a2:c1:63:10:a5:01:dc:4e:2b:3f:07:57:03:2b:c0:d6: 50:e4:e1:65:6d:4b:fd:e0:d9:56:40:77:bf:53:f8:f8:15:43: 95:2f:e5:cc:d5:7e:3a:08:ae:5e:a2:25:e0:3f:95:7a:61:d1: 0e:7f:79:5b:19:24:0a:bf:5f:bd:78:ba:c9:ea:6b:b8:bc:16: 32:d8:03:9b battleb0t.xyz
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelogitec-99596f (Net ID: 00:01:8E:99:59:6E)50.1188, 8.6843
2023-05-12 02:50:26Legal Entity IdentifierNoGLEIF0030None5493007DY18BGNLDWU14Cloudflare\, Inc.
2023-05-12 02:53:17IP AddressNoMnemonic PassiveDNS117010None87.248.157.102ayhu.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneMy Wireless Network B (Net ID: 00:02:2D:2C:6D:7E)34.0544, -118.244
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneCloud computing providerscdn-185-199-111-153.github.com
2023-05-12 02:50:17Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:32:07 2022 GMT Not After : Mar 27 01:32:06 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 33:08:c1:7e:b3:24:8e:6e:4d:f7:51:42:26:15:9a:55:38:a0: 00:54:bb:bf:aa:57:22:d3:f8:51:d0:9b:b6:f7:48:0e:01:fc: 20:eb:f8:09:fe:e5:12:c5:27:1a:bc:14:2c:c8:47:50:c4:fe: 3b:82:e2:94:1e:ea:46:71:f7:de:cb:93:8d:d3:d6:0e:2f:57: cf:7c:ae:9d:b7:80:a0:8c:70:81:89:7b:49:c0:84:74:4f:69: 72:bc:41:cd:36:95:5b:ed:7b:a9:03:f4:8f:4c:84:5d:66:e9: 62:45:a8:88:57:2d:42:3b:84:55:29:dc:10:ee:9a:ff:95:59: 7c:96:dc:e9:0f:e7:15:2b:2e:77:02:54:6b:c0:2f:7c:2a:2b: db:82:1c:6f:b4:a2:5b:f7:1a:91:dc:f4:e2:0e:55:aa:62:5d: ea:10:a0:10:94:4c:43:5d:24:37:b8:7d:e2:3c:f4:71:74:02: 76:90:40:10:c2:a1:be:28:fb:60:72:80:4c:c5:16:2d:8f:d6: 56:41:19:5e:15:ac:ce:da:7c:e0:18:25:f8:1f:66:f3:f8:f8: 6e:35:dd:10:1a:29:03:23:f7:24:0b:53:2d:1f:94:96:bc:7f: 53:53:c0:38:4a:f1:89:9a:26:af:b7:ac:c3:a2:4f:e2:bf:5c: 17:23:7a:07
2023-05-12 03:08:48Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.228104.196.30.220
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Nonerathook.cc185.199.110.153
2023-05-12 02:44:14Co-Hosted Site - Domain NameNoSSL Certificate Analyzer1120Nonenetlify.apppics.battleb0t.xyz
2023-05-12 02:53:32Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-11T22:16:53.020Z", "ip": "185.199.111.153", "location_updated_at": "2023-05-05T15:17:56.721305Z", "autonomous_system_updated_at": "2023-05-10T21:17:43.350798Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "pypandas.com": {"record_type": "A", "resolved_at": "2023-05-08T15:50:05.581014840Z"}, "www.yapengtian.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T00:52:52.132177648Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "beta.ahanbama.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:55:52.485481874Z"}, "navi.kane.ren": {"record_type": "CNAME", "resolved_at": "2023-03-19T02:48:51.057736107Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.dolevoper.io": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:51:53.604722811Z"}, "yosoy.engineer": {"record_type": "A", "resolved_at": "2023-04-22T16:29:55.150359190Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "wrapwijzer.nl": {"record_type": "A", "resolved_at": "2023-03-28T21:17:50.530330652Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "examples.allegro.oss.symphony.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:02:00.213340439Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "kahoneconcept.github.io": {"record_type": "A", "resolved_at": "2023-03-22T08:07:48.854244117Z"}, "emilyhem.com": {"record_type": "A", "resolved_at": "2023-03-10T13:30:54.344324871Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "status.surit.com.au": {"record_type": "CNAME", "resolved_at": "2023-04-09T12:20:38.969193291Z"}, "blog.zantop.cn": {"record_type": "CNAME", "resolved_at": "2023-03-20T19:23:21.566189428Z"}, "levistmimarlik.com": {"record_type": "A", "resolved_at": "2023-02-27T14:19:09.002141799Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "arpi.io": {"record_type": "A", "resolved_at": "2023-03-11T16:23:03.250015076Z"}, "scavision.alu.moe": {"record_type": "CNAME", "resolved_at": "2023-03-07T16:55:09.796012045Z"}, "www.traveltopakistan.site": {"record_type": "CNAME", "resolved_at": "2022-10-25T17:20:31.527625724Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "xzmygit.github.io": {"record_type": "A", "resolved_at": "2023-03-14T00:28:28.871779687Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "southseaadventure.tesujimath.org": {"record_type": "CNAME", "resolved_at": "2023-02-19T19:08:50.812715230Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "preapprove.manta.network": {"record_type": "CNAME", "resolved_at": "2023-03-12T17:39:58.377068988Z"}, "thelostyerejm.com": {"record_type": "A", "resolved_at": "2023-04-05T16:10:23.558053412Z"}, "codepug.com": {"record_type": "A", "resolved_at": "2023-03-09T13:42:42.963246076Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "biolitika.si": {"record_type": "A", "resolved_at": "2023-03-30T18:58:50.575231531Z"}, "okady.app": {"record_type": "A", "resolved_at": "2023-03-19T21:38:20.632143680Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "datatok.github.io": {"record_type": "A", "resolved_at": "2023-02-26T16:03:58.541083128Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "www.innerpeacecoaching.org": {"record_type": "CNAME", "resolved_at": "2023-03-08T19:15:24.222075275Z"}, "www.pernillainigo.com": {"record_type": "A", "resolved_at": "2023-03-23T16:17:46.423692220Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "www.stevenduran.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T21:13:59.455922519Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "spiderchart.gh.front.no": {"record_type": "CNAME", "resolved_at": "2023-03-21T05:43:05.685681504Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "docs.simplefoc.com": {"record_type": "A", "resolved_at": "2023-03-14T14:41:53.344432790Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "www.ricardoribeiro.eu": {"record_type": "CNAME", "resolved_at": "2023-03-16T22:42:59.722157973Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "www.bioverse.it": {"record_type": "CNAME", "resolved_at": "2023-03-31T04:01:30.849144854Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "www.michaelvp.com": {"record_type": "CNAME", "resolved_at": "2023-03-15T19:23:13.222921108Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "www.premuae.com": {"record_type": "CNAME", "resolved_at": "2023-03-10T14:10:02.816237661Z"}, "vshow.dooomi.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:19:42.781491876Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "jarrodboone.info": {"record_type": "A", "resolved_at": "2023-03-06T16:41:45.613039480Z"}, "biogithub.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T14:40:32.334881323Z"}, "mil-an.co.uk": {"record_type": "A", "resolved_at": "2023-02-20T19:05:13.323207565Z"}, "www.jeffreymeadows.com": {"record_type": "CNAME", "resolved_at": "2023-03-06T14:24:12.721239336Z"}, "www.matejrefka.me": {"record_type": "CNAME", "resolved_at": "2023-03-19T00:27:35.419634749Z"}, "2020.conference.techexeter.uk": {"record_type": "CNAME", "resolved_at": "2023-04-18T19:00:49.390765915Z"}, "tristandubbeld.nl": {"record_type": "A", "resolved_at": "2023-04-02T20:10:50.241306304Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-03-20T01:51:46.610716547Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "cardnial.com": {"record_type": "A", "resolved_at": "2022-11-26T14:04:18.340308324Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "safecards.github.io": {"record_type": "A", "resolved_at": "2023-03-08T16:27:35.612127241Z"}, "www.openwaterlogger.org": {"record_type": "CNAME", "resolved_at": "2023-03-12T17:49:34.982246600Z"}, "www.myrapspace.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T13:56:27.569305996Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "g.yiru.me": {"record_type": "CNAME", "resolved_at": "2023-01-04T15:18:51.493730778Z"}, "cv.bdrnglm.com": {"record_type": "CNAME", "resolved_at": "2023-03-13T21:40:10.046805409Z"}, "www.mariesophiesonnleithner.de": {"record_type": "A", "resolved_at": "2022-11-01T14:23:19.970766830Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}, "iiif.nt.dcodex.net": {"record_type": "CNAME", "resolved_at": "2023-04-27T20:54:36.107031481Z"}, "www.hoolean.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:30:34.757049567Z"}}, "names": ["cyberfriendscircle.io", "www.wise.fitness", "kleinsplayground.com", "www.jeffreymeadows.com", "www.agitator.com", "maxkross.github.io", "codepug.com", "www.michaelvp.com", "www.myrapspace.com", "blog.zantop.cn", "pypandas.com", "wrapwijzer.nl", "safecards.github.io", "www.ricardoribeiro.eu", "intersolarnft.github.io", 185.199.111.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonefansly (Category: XXXPORNXXX) https://fansly.com/login/postslogin
2023-05-12 02:45:17Raw Data from RIRsNoipapi.co0040None{u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3037::6815:470e', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3036::/47', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'}2606:4700:3037::6815:470e
2023-05-12 03:03:33Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00cybermonk00.github.io
2023-05-12 02:53:45Netblock IPv6 MembershipNoCensys0020None2606:50c0:8002::/482606:50c0:8002::153
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Nonechacha20-poly1305@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 02:53:09Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://window.innerwidth/window.innerheight:n.offsetwidth/n.offsetheight;if(r', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=http%3A%2F%2Funbouncepages.com%2Fcls-net%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3084"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_IE_EarlyTabStart_0x958_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_ConnHashTable<3084>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c0c_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3084"\n "IsoScope_c0c_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.43.150:443"\n "13.56.128.144:80"\n "35.186.254.174:443"\n "13.227.74.44:80"\n "13.227.74.106:443"\n "13.227.21.59:80"\n "3.211.201.163:80"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unbouncepages.com"\n "builder-assets.unbounce.com"\n "d9hhrg4mnvzow.cloudfront.net"\n "events.ub-analytics.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: unbouncepages.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ubvs=01bb35f8-2101-4e87-9fbd-ba8ddc5ca5a4; ubvt=v2%7C01bb35f8-2101-4e87-9fbd-ba8ddc5ca5a4%7C990a4ebc-68cf-4901-9b31-101d12c7742a%3Aa%3Asingle"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "builder-assets.unbounce.com"\n "d34qb8suadcc4g.cloudfront.net"\n "d9hhrg4mnvzow.cloudfront.net"\n "events.ub-analytics.com"\n "llink.to"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "track.salesflare.com"\n "unbouncepages.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarE2C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarECA.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "CabEC9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabEC9.tmp]- [targetUID: 00000000-00002800]\n "CabDEC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabDEC.tmp]- [targetUID: 00000000-00002800]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"4e220573-sharepoint_105d01m000000000000028_1_.png" has type "PNG image data 193 x 58 8-bit colormap non-interlaced" and extension "png"\n "i_1_.gif" has type "GIF image data version 89a 1 x 1" and extension "gif"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{794b00a9-ee19-11ed-abee-080027e07993}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2ef0821423d1780e.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2ef0821423d1780e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{794b00a9-ee19-11ed-abee-080027e07993}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe11e6a056823bfb0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{794b00ab-ee19-11ed-abee-080027e07993}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "TarE2C.tmp" has type "data"- Location: [%TEMP%\\TarE2C.tmp]- [targetUID: 00000000-00002800]\n "main.bundle-85a7477.z_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "sp-2.14.0_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DF3CF6403DBD3E6A11.TMP" has type "data"- Location: [%TEMP%\\~DF3CF6403DBD3E6A11.TMP]- [targetUID: 00000000-00003084]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003084]\n "~DF2EF0821423D1780E.TMP" has type "data"- Location: [%TEMP%\\~DF2EF0821423D1780E.TMP]- [targetUID: 00000000-00003084]\n "~DF10A6C578EF604E9D.TMP" has type "data"- Location: [%TEMP%\\~DF10A6C578EF604E9D.TMP]- [targetUID: 00000000-00003084]\n "~DFACE34BBDF9ACCA3C.TMP" has type "data"- Location: [%TEMP%\\~DFACE34BBDF9ACCA3C.TMP]- [targetUID: 00000000-00003084]\n "~DFE11E6A056823BFB0.TMP" has type "data"- Location: [%TEMP%\\~DFE11E6A056823BFB0.TMP]- [targetUID: 00000000-00003084]\n "main-7b78720.z_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._794B00A9185.199.109.153
2023-05-12 02:55:27Linked URL - InternalNoURLScan.io0010Nonehttp://kekw.battleb0t.xyz/battleb0t.xyz
2023-05-12 02:54:17Open TCP Port BannerNoCensys0040NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5e062258aa2252-ORD Content-Encoding: gzip 2606:4700:3037::6815:470e
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.211): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:48:00Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fmelissa.whalen%40atimetals.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6908:120:WilError_01"\n "Local\\SM0:6908:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6908:120:WilError_01"\n "SM0:6908:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "138.91.254.96:443"\n "172.66.40.106:443"\n "35.186.254.174:443"\n "162.241.219.194:443"\n "191.101.3.40:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.salesflare.com"\n "llink.to"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fmelissa.whalen%40atimetals.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fmelissa.whalen%40atimetals.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006904]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6904_1667563466\\Ruleset Data]- [targetUID: 00000000-00006904]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6904_501582631\\Filtering Rules]- [targetUID: 00000000-00006904]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6904_1776893622\\edge_driver.js]- [targetUID: 00000000-00006904]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6904_1776893622\\vendor.bundle.js]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006904]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6904_1776893622\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00006904]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6904_1776893622\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00006904]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00006904]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6904_501582631\\Filtering Rules-AA]- [targetUID: 00000000-00006904]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006904]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006904]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006904]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006904]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006904]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006904]\n "Tabs_13328191914569285" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13328191914569285]- [targetUID: 00000000-00006904]\n "f42c05eb-7c48-4ba6-b5ad-2a6667a882dc.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\f42c05eb-7c48-4ba6-b5ad-2a6667a882dc.tmp]- [targetUID: 00000000-00006904]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data185.199.110.153
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneMy Passport (2.4 GHz) - 070B31 (Net ID: 00:00:C0:07:0B:31)52.3759, 4.8975
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys_SES_31322 (Net ID: 00:1C:10:8D:00:CA)32.8608, -79.9746
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:AB:38)50.1188, 8.6843
2023-05-12 03:09:02Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10087.248.157.102
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:9E:09:9A)34.0544, -118.244
2023-05-12 02:45:04CountryNoCountry Name Extractor0030NoneUnited StatesSan Francisco, California, CA, United States, US
2023-05-12 02:44:12SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1www.battleb0t.xyz
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0060NoneEnglish<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '64193', cRay: '7c5f60726fad1912', cHash: '710742417ab72e7', cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE', t: 'MTY4Mzg2MDA2My4xMDMwMDA=', m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=', i1: 'WdeoMAtxqx1knlB7AiLouA==', i2: 'PLvf+P/FOv6sb4wuUck9Eg==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html>
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneFlipboard (Category: tech) https://flipboard.com/@ayhuayhu
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:64:DA:1A)33.6170672,-111.90564645297056
2023-05-12 03:32:40Open TCP PortNoPulsedive0030None188.114.97.20:443188.114.97.0/24
2023-05-12 03:00:57Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.94): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:53:45Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: C1F8:9B05:D303FE:F3CF12:645CF509 Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-gig2250041-GIG X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683813642.858818,VS0,VE273 Vary: Accept-Encoding X-Fastly-Request-ID: df03515606cb10d86a4e0fd793a1bc65b6eaa2df 2606:50c0:8002::153
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneBoingo Colubris (Net ID: 00:02:2D:0B:A5:B3)34.0544, -118.244
2023-05-12 02:53:20IP AddressNoMnemonic PassiveDNS25020None46.101.229.70kekw.battleb0t.xyz
2023-05-12 03:11:19Physical CoordinatesNoAbstractAPI100020None40.2024, 29.039887.248.157.102
2023-05-12 03:16:24Physical LocationNoipapi.co0020NoneAmsterdam, North Holland, NH, Netherlands, NL188.114.97.1
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonelogitec-a53131 (Net ID: 00:01:8E:A5:31:30)37.7813933,-122.3918002
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5e4de1db49291f-ORD Content-Encoding: gzip 104.21.6.166
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:0C:41:D2:4D:0D)39.0469, -77.4903
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneRevolut (Category: finance) https://revolut.me/loginlogin
2023-05-12 02:53:52Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 80B6:49F3:235A56C:358722C:645CDF0C Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-kigq8000067-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683808012.126331,VS0,VE23 Vary: Accept-Encoding X-Fastly-Request-ID: 68f03409faf68cb6eb3782ac00da0088b30b8906 2606:50c0:8003::153
2023-05-12 02:55:11Software UsedYesCensys0020NoneOpenBSD OpenSSH 7.487.248.157.102
2023-05-12 03:09:28SSL Certificate - Issued toNoSSL Certificate Analyzer0020NoneCN=acilacikveteriner.com87.248.157.102
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.159): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:10:35Open TCP PortNoPulsedive0030None185.199.108.153:443185.199.108.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneCableWiFi (Net ID: 00:0D:67:47:D4:F4)32.8608, -79.9746
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:E4:40)50.1188, 8.6843
2023-05-12 02:55:00Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'MSG-993046.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "IsoScope_3fc_IE_EarlyTabStart_0x9c4_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "104.17.25.14:443"\n "172.67.30.148:443"\n "65.8.158.55:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1189.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1178.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00001020]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002584]\n "Tar1189.tmp" has type "data"- Location: [%TEMP%\\Tar1189.tmp]- [targetUID: 00000000-00002584]\n "HTTJFRWH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HTTJFRWH.txt]- [targetUID: 00000000-00001020]\n "_172C582D-B9D2-11ED-B010-08002708D069_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00001020]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00001020]\n "52H103H9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\52H103H9.txt]- [targetUID: 00000000-00001020]\n "RYIH22IO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RYIH22IO.txt]- [targetUID: 00000000-00001020]\n "~DFD0DF213BBF0CD101.TMP" has type "data"- Location: [%TEMP%\\~DFD0DF213BBF0CD101.TMP]- [targetUID: 00000000-00001020]\n "Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1177.tmp]- [targetUID: 00000000-00002584]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "floating-labels_1_.css" has type "ASCII text"- [targetUID: 00000000-00001020]\n "K4HM6RP3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K4HM6RP3.txt]- [targetUID: 00000000-00001020]\n "Tar1178.tmp" has type "data"- Location: [%TEMP%\\Tar1178.tmp]- [targetUID: 00000000-00002584]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: 00000000-00001020]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "GXM745UA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GXM745UA.txt]- [targetUID: 00000000-00001020]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "core.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00001020]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001020]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive"\n "}iwH+H0S/qyn[vT]I6PEF.H=D7"#O{u]nNgI_^)-rK\n8K2d/7N<q}4\nb}[4x(e)`Di%)e{OYoe_|*\'YF+fvTdD?\no|Q69wb!/$(97M^w7rdd,/qMrS>ud~U_{i.We{O~.^R=9nO8D|a3?%zZ&)9ql>O0Y{2uSVRd.(:4Ioa~\'iLONx].:gw?zD)u3q6(}}{yYz>=mSjay^O@XFrueeKM&W$.(XbqB|:{\'_>\n\\Zl#}oVD{/2\\\'%U{Fh*n\\e33ao3%5G\nT+x9,4ATdmRt~Xf5HQ4rQ,2,HROF|$5EgKoh%/&grNm"%!\n eE~K)n`lhPO?~|8("CE>r\\BOLZ4M_QDl},YSU{>5{IxTj\'\n4UYRUg+pFc5C<SaOpP]5=r>i=y$e?<_ae\\N.a-+:jJ%~fFn~7SQ%`fD01,k6ln-pDA|B]u\nA,E1@n9q:~EYGb^t*{EO[^]/#qtmu2O{|rDY!KQX_VOm?bXP2xG//O_l\'b?}DvVn3[Is.j$-MD\n|ryVWvHuT\'MyWE.]M?N6]j+Kuo*x$JS`", "zIbIJ*SdIo:>)&a0+\n\n\n%wX|1au&kdAMsFBz#E=>9Ik*|\'\\xM=Of3"#O^T[)gO;-=z|,~s~^--e=J$K.9+,#_%up%YVvh6N9gwFdR$]}}b}W1`tKm*n2~U#NQGj=dtDAbe-fVR5!jA^02\n;a0u&|HO#R:>vzY%6Mg%.WXO!*z,f!q,;\'A@ eT7#^<{\n9iM0D{Jk7?A$4\\_{riP&4K4$\n"2)V\n9UW7-8:W*,0!XyPWwN)@BVu2*yRarH*UO9MN|\nSPv5Q#I<2#T%$jgnr/a${NT`q=JQcc00C$\n:XMdb;<kf-TdL&F:]>OH\n\nxVOw^`FQwh{=5V$. a\'vbx&w\\nw?,loBn4Fm0i;hRQ[y+?]$W?77%5%>h#Ou\n\nje5`D#3ZUl4+22OO!\n3;:~3rq)VTM_v\\Q{sd2/.GaRCn0bea]0!\\%\n#HJA@N]\n=/RqqADMV(k@P,uX7mFHsa9B`2d>7d1lvPta75%QP;AJnX[q7];VlJ;P9%?{ATtK` f0qc^SSS33KakB=Sk,"\n "6uFRyl8xyC94{.>b$+hl "R4Qa$>+\\RzFz?|A!]9&4sd42P9\\nJ.p^~WjKN$Q~~@%4!Uk;LKdkbP9imKvlK+$RV;j=Zd< SkROuT_cAKi@r\nQ8(6R.4kE(oHK7CCMn TyQ<~\n~O[njWWvC2i9`igdP*kAQPc3F(\\)=)\n-p[nI]\\:sb:yV|\na :5T\'WgG+Gfj\nj71j28X+5` i;v&]|g\'Lyyp(.OSVdh4yVTXUx&v=$nlPDR a" 95@GA\nSp*\n.X3Km6x0[6ek)kX"Z0W8?Zs?64_Q(YER(Zp>]OU,#)_z<[\\![;34S[5+\'/p*1A_kU" :lrb^HXO3K9> Dn=VT\'TOd$IDLL7Y{a.R1a"q%\'A@uVh}n$AAM+/z5:RqaSR+?UFNaTQXNMl*?8`l3&!</i\'{.g^URVmquGy|hi1l4nc8[Sph]NV+-6v+yJ|BSC{t]u`mqu,ZoVp"Uv4pH%\nzdFV9NJl!</a~ICZOE$ul97;o)FZz:^{Y3d(\n=:hO`q\'&q3+OJ", "i$M/jD6:~QWk\n31X\'Pz:=tI}O V(#ol~[yjGMq7H_{~y9h`}r*\\\nqFWNGA]k%WQeby1P iYSDv44kOEl>j>~qRQ"sTnD2$yE*`764W,AM/deo~^[8o[6}+]%Dd7jAJH|B9xJ$Pi_u:D:,QD}gw?_aYO>MSnZ4Iuhp]awc1b"q)NU^ht{O\'1b_9*N6pj!EHJ}58RCiHk7|iJ\\0hVP]B^X.)5:hat^=-]\n;"%W*&zKJT-XsF[hMimjBTh3aZF?>v,#/u/R;|;x}SZFc@NWP/q}]gBn)JuCdV[_w&4\\"tk\'j^Yv\nnl&usOrk=4G78!o7%4;o(;ho\nrpjw<|xPj@9FcB*F44RH[O6@-a(CfYN#@KTPhCgg5l+\nEG*TbHW\'n[.Jw;=?$1p*[:f`@R\nOnUh-dM|Zb\\=&6q*":9fRJyi}&;&{F9eN:,~fdlQP%%Y5)iT!=M\\u8gj\n~azFM>UY/%HM4\'ZX}>apT|rQSwnl6}iQo&XZy)j<\nh$.yI*CS{kHb-oG89mWm\n3m<64[DN911jb]w>^x}7|[p"\n ":$V\nyrUJX&d+Q=CIkqs\n7FN/F02cXOcpALsD8h>o#=,$5&YEShDkTPX\nK$|D$vs.81bCDk|?!G/<*PyLP5YDi!UB9GJ^YEPLB!G8T3y#ed#\\/86&Qq~.*I 9|G9f:#3C3mq=GyLt=#T9~,>((A#oN"lXq*~y@YRi\nit7f;.lEvG+]v&- 7T9ZmwNTv`ij(~X".Od;\'0R2W3.I97u"NO4\n\nbGRnV1m\' C27^k"J%{h<AO0\nY|>.|a}NS)o4C8k\n57hZ5?*zGOj:3"qNS9rD:rwbX+y^\'5Z#-]q\n`c[LF}f.!F ExhVZy(l$y^IT~1gw.$SKKl1u|VgII9jUY^/I~U:y&YM_MU$A_X?f2&FSs9qA8<o{<!asBe6;{lyTt\\5zv8^ k\n@_QZ8f4IV[dmT_-Z }=y%~>v\\@YH&UE\n,:B9ji6f17;YOYr//NliJb6JdO@t)8Swd23Iu@+sjC9iV&T~iG>[+lUyF2|&2q#.Iu\\`^/ n\'a9nu!Q"8Qg/H%\nY\nI63j!T-2auX"`ODv`P2,H\\w"\n ">xoJ\nEFWMKc 8`{&+!jg<p5e{RS#^Lg&Sl1L,fRLUr#t8sdu64d<-CN\\yw|bavBQ@L*t4}-/h}Bg>\nsuiOaOwx(s#[2ui))^?4Kc}=!b0pgpzpBw)Waos"bOz\n4Y3^|z$X>{~I#U^\']\nBfowrt7[G\n-g>a#\nOFia|):&o2YypQ(?1g5\'Na;1GW7h{asC^S)i*bd5br;2p7epKL1i? o#aIkC\\w6\'&ECfjX;\'^=VNJ)N$X&"QQ)Z(Xs#\'z&Z/[F-%$;7^IG|"C*[WcnZllK.R5W~zcjE-SsZtUyO=w$yd7aL|y9>UN0w:$RwixC7Xxcw9DlMgaHVLddU:<7>kRMWXg8skw0)I"!@MG\nO^Q)L7q~h`9gOIp[oo7b;\'Poxi7NJBb oA~y"hCvW;41PA\\)\ny<=\nf//gO_sN6I*Q]Kpd^<}_|Kc^O6rJ`t^eQ1IsN\n7<LPgjpHg"bEy[!Zd#m185.199.109.153
2023-05-12 02:44:03Internet NameNoSpiderFoot UI73000Noneayhu.xyz"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.190): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5ad981cbd3140a-ORD Content-Encoding: gzip 172.67.135.9
2023-05-12 03:08:49Affiliate - IP AddressNoDNS Look-aside1030None35.229.48.10935.229.48.116
2023-05-12 02:47:30SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 13:22:33 2023 GMT Not After : Jun 25 13:22:32 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad: 5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc: c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08: 31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f: 84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21: 8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e: 21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93: 90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad: 4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19: 7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0: a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5: 3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9: 5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97: a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98: 3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36: a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1: bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43: d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0: bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb: b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6: 8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5: ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57: a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f: 9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20: 00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5: d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62: 96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3: 1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d: 32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e: 25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2: 4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec: 53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2: 37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df: 2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57: 1c:e4:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Mar 27 14:22:33.221 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:4F:44:FF:23:78:0C:0A:43:E7:DD:21:00: C4:D1:3F:C3:F1:0D:AC:F3:42:E5:53:7F:E9:12:DC:C9: 41:E7:31:AA:02:20:29:7B:10:84:21:42:A6:BE:66:D5: B5:62:0E:26:B3:36:1B:B2:1F:F3:F6:F2:FA:99:68:0E: 07:72:EE:35:ED:D1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 27 14:22:33.315 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:42:E7:DB:8E:AD:39:D9:72:0F:22:03:49: 17:50:EA:AF:42:B9:A0:A7:C7:8A:2E:5E:9D:4B:70:15: 12:36:C9:8C:02:20:70:3E:22:0D:CB:C1:8E:23:7B:D4: 20:A7:55:2C:92:70:7B:00:76:E5:77:1A:32:2B:D4:BB: A7:E5:BA:F4:CD:50 Signature Algorithm: sha256WithRSAEncryption 57:fc:9c:cc:34:05:33:b1:85:6f:05:be:91:2e:7e:dc:3a:5c: d5:70:d3:bc:68:4c:e5:a6:0e:93:49:4c:b2:24:ea:22:6c:53: 1d:7b:22:13:3e:ae:d1:e9:17:1e:71:5b:5a:e3:c7:59:55:db: f6:e5:0f:f7:75:49:45:9c:0b:d7:10:90:aa:9f:57:81:e1:bd: 95:72:69:1a:6a:68:d7:6f:63:d3:d0:c5:74:e1:f6:05:01:8e: de:8a:f2:cc:6b:66:ed:6a:cf:b9:08:1c:41:e7:01:36:39:29: 3c:ce:b9:d5:71:4f:4a:e1:92:00:38:14:85:83:1b:78:d3:52: 4d:9c:dc:62:c1:ff:3e:c9:3b:f4:1b:55:62:89:22:10:52:f5: 2f:09:06:3f:72:98:2a:6c:4f:3e:41:69:f0:90:3d:75:67:0f: 5f:95:04:35:0b:5e:5e:d4:29:7e:f0:df:9c:7f:86:0a:bf:f4: 66:2a:ad:8c:e5:22:e0:2d:ff:f7:04:45:a4:bb:31:8c:99:a5: 16:da:1d:eb:c6:c4:fa:e4:70:84:9c:c6:93:f8:76:5a:3a:48: 95:d4:c6:4d:4c:36:eb:b7:e5:52:69:e6:7d:0f:b5:d1:ab:44: b8:82:08:6c:6a:ef:3e:4f:de:99:6f:c7:4e:1e:39:17:26:6f: a6:80:e5:c2 battleb0t.xyz
2023-05-12 02:55:15Software UsedYesCensys0030NoneOpenBSD OpenSSH 8.9p1165.232.113.85
2023-05-12 03:00:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.54): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneS-lan (Net ID: 00:01:24:F1:91:41)37.7813933,-122.3918002
2023-05-12 02:47:44Open TCP PortNoPulsedive0030None34.148.97.127:8034.148.97.127
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonecozyhome (Net ID: 00:06:25:B4:2A:03)33.336199,-111.89446440830702
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:03:2F:04:BB:BC)33.617190550339146,-111.90827887019054
2023-05-12 03:10:33Blacklisted IP AddressYesThreat Jammer0130NoneThreat Jammer - Risk score: 50 (MEDIUM) https://threatjammer.com/info/46.101.229.7046.101.229.70
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneMicrosoft subsidiariesbattleb0t.github.io
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonedvdbeyond (Net ID: 00:01:24:F2:B3:12)37.7813933,-122.3918002
2023-05-12 02:49:20Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fotmanmarzouki.github.io%2FOtmans-Portfolio.github.io%2F&data=05%7C01%7Cmthiele%40merentis.com%7C299f2bd8deee47ffe3d608db19275c5b%7Ccf9329a22e9a41bebe5cca40f384186d%7C0%7C1%7C638131429069465359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pgeJVhV%2BRZasovsRpk6OiFgUM9uQNEWW2WY87NVwEIw%3D&reserved=0', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2852"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_IE_EarlyTabStart_0xd98_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_ConnHashTable<2852>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_b24_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.47.11.28:443"\n "185.199.110.153:443"\n "142.251.32.42:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"eur02.safelinks.protection.outlook.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2015 Twitter, Inc." (Indicator: "twitter")\n ".icon-paypal:before {" (Indicator: "paypal")\n ".icon-social-twitter-circular:before {" (Indicator: "twitter")\n ".icon-social-twitter:before {" (Indicator: "twitter")\n ".icon-twitter2:before {" (Indicator: "twitter")\n ".icon-youtube2:before {" (Indicator: "youtube")\n ".icon-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "MPBOXG78.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MPBOXG78.txt]- [targetUID: 00000000-00002852]\n "RecoveryStore._243EC491-BE5E-11ED-ADB6-080027BE1525_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "otmanmarzouki.github_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "V45LK95K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V45LK95K.txt]- [targetUID: 00000000-00002852]\n "IIHN9FBJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IIHN9FBJ.txt]- [targetUID: 00000000-00002852]\n "icomoon_1_.css" has type "ASCII text"- [targetUID: N/A]\n "Otmans-Portfolio.github_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "~DF82FC8B03F5CB359A.TMP" has type "data"- Location: [%TEMP%\\~DF82FC8B03F5CB359A.TMP]- [targetUID: 00000000-00002852]\n "6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkBgv58a-xA_1_.woff" has type "Web Open Font Format TrueType length 16440 version 1.1"- [targetUID: N/A]\n "~DF0C1A02793FB6D845.TMP" has type "data"- Location: [%TEMP%\\~DF0C1A02793FB6D845.TMP]- [targetUID: 00000000-00002852]\n "animate_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "css_2_.css" has type "ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "OTIZE8VE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OTIZE8VE.txt]- [targetUID: 00000000-00002852]\n "jquery.easing.1.3_1_.js" has type "UTF-8 Unicode text"- [targetUID: N/A]\n "~DFC4D5F15611D45BBD.TMP" has type "data"- Location: [%TEMP%\\~DFC4D5F15611D45BBD.TMP]- [targetUID: 00000000-00002852]\n "nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtU_1_.woff" has type "Web Open Font Format TrueType length 23764 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.iec.chIEC"\n Pattern match: "http://getbootstrap.com"\n Pattern match: "http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-hsla-multiplebgs-opacity-rgba-textshadow-cssanimations-csscolumns-generatedcontent-cssgradients-cssreflections-csstransforms-csstransforms3d-csstransitions-a"\n Pattern match: "http://gsgd.co.uk/sandbox/jquery/easing/"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "https://github.com/nickpettit/glide"\n Pattern match: "https://github.com/imakewebthings/waypoints/blog/master/licenses.txt*/!function(){use"\n Pattern match: "jquery.org/license"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css"\n Pattern match: "http://www.w3.org/2000/svg},s={},t={},u={},v=[],w=v.slice,x,y=function(a,c,d,e){var"\n Pattern match: "https://fonts.googleapis.com/css?family=Quicksand:300,400,500,700"\n Pattern match: "https://github.com/Otmanmarzouki/ReactNativeAPP"\n Pattern match: "https://fonts.googleapis.com/css?family=Playfair+Display:400,400i,700"\n Pattern match: "http://daneden.me/animateLicensed"\n Pattern match: "https://fonts.gstatic.com/s/playfairdisplay/v30/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA_w.woff"\n Pattern match: "https://fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkKEo58a-xA.woff"\n Pattern match: "MUID14C9D52949456EC70EC6C7E648096F31msn.com/10258419353603109809065333609631019627*"\n Pattern match: "http://daneden.me/animate"\n Heuristic match: "eur02.safelinks.protection.outlook.com"\n Pattern match: "https://otmanmarzouki.github.io/Otmans-Portfolio.github.io/Accept-Language"\n Heuristic match: "GET /Otmans-Portfolio.github.io/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: otmanmarzou"\n Pattern match: "Otmans-Portfolio.github.io/css/animate.css"\n Pattern match: "Otmans-Portfolio.github.io/css/bootstrap.css"\n Pattern match: "Otmans-Portfolio.github.io/css/fonts/icomoon.eot?6py85u"\n Pattern match: "Otmans-Portfolio.github.io/css/fonts/icomoon.ttf?6py85u"\n Pattern match: "Otmans-Portfolio.github.io/css/fonts/icomoon.woff?6py85u"\n Pattern match: "Otmans-Portfolio.github.io/css/icomoon.css"\n Pattern match: "Otmans-Portfolio.github.io/css/style.css"\n Pattern match: "Otmans-Portfolio.github.io/fonts/flaticon/font/flaticon.css"\n Pattern match: "Otmans-Portfolio.github.io/fonts/icomoon/icomoon.eot?srf3rx"\n Pattern match: "Otmans-Portfolio.github.io/images/AppMobile.jpg"\n Pattern match: "Otmans-Portfolio.github.io/images/otman.jpg"\n Pattern match: "Otmans-Portfolio.github.io/js/bootstrap.min.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.countTo.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.easing.1.3.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.min.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.waypoints.min.js"\n Pattern match: "Otmans-Portfolio.github.io/js/main.js"\n Pattern match: "Otmans-Portfolio.github.io/js/modernizr-2.6.2.min.js"\n Pattern match: "https://csp.withgoogle.com/csp/apps-theme185.199.110.153
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None1#########123x&&56########12X4& (Net ID: 00:02:2D:BC:46:55)34.0544, -118.244
2023-05-12 02:54:23Web ContentNoWeb Spider3050None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'www.ayhu.xyz', cType: 'managed', cNounce: '64193', cRay: '7c5f60726fad1912', cHash: '710742417ab72e7', cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE', t: 'MTY4Mzg2MDA2My4xMDMwMDA=', m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=', i1: 'WdeoMAtxqx1knlB7AiLouA==', i2: 'PLvf+P/FOv6sb4wuUck9Eg==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU
2023-05-12 03:25:40Similar Domain - WhoisNoWhois0020None% Restricted rights. % % Terms and Conditions of Use % % The above data may only be used within the scope of technical or % administrative necessities of Internet operation or to remedy legal % problems. % The use for other purposes, in particular for advertising, is not permitted. % % The DENIC whois service on port 43 doesn't disclose any information concerning % the domain holder, general request and abuse contact. % This information can be obtained through use of our web-based whois service % available at the DENIC website: % http://www.denic.de/en/domains/whois-service/web-whois.html % % Domain: ayhu.de Nserver: sl1.sedo.com Nserver: sl2.sedo.com Status: connect Changed: 2022-11-14T12:13:16+01:00 ayhu.de
2023-05-12 03:23:25Open TCP PortNoPulsedive0030None188.114.96.8:80188.114.96.0/24
2023-05-12 02:50:15Internet Name - UnresolvedNoDNS Resolver0020Nonefiles.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 19:07:11 2023 GMT Not After : Apr 2 19:07:10 2023 GMT Subject: CN=files.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64: a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73: 63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50: e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72: aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77: e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11: 32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7: 52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7: 67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df: 54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae: 0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50: ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52: 06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8: 47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d: cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a: c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59: da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43: 38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40: b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4: 82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71: 31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33: 62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9: 68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0: ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21: 2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f: e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f: 58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3: bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f: 4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33: 84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f: 42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce: 0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c: ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df: 19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4: 12:1c:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:files.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a4:32:cf:fb:d0:39:6f:82:9d:3d:67:37:3f:48:f2:83:df:47: 98:e5:77:f3:9a:cd:58:51:2e:5a:16:d2:ce:bc:15:65:21:f4: b5:cd:b9:a9:fc:60:96:b4:37:b9:74:53:b0:08:d4:20:ed:ae: 46:30:5b:a1:40:1f:06:63:e8:b7:fd:a2:ae:46:43:12:c8:ec: 2c:fa:7e:4b:40:c3:e4:67:1b:d3:d7:35:70:63:9c:ea:59:e2: 5e:8f:9c:90:71:11:63:91:74:8d:0a:52:eb:ba:46:9f:f2:39: 5e:39:b2:09:76:41:0d:cb:d5:f3:3a:f2:81:99:14:13:be:9e: 11:ee:36:84:20:eb:dd:4f:6f:09:26:c0:62:74:10:aa:4d:74: 78:55:cd:0b:48:ce:19:77:6a:83:ea:d3:9f:49:7a:b9:c9:a9: 5b:95:9e:95:d8:54:4a:32:2e:c5:80:7d:32:ed:ad:ce:47:be: 97:bd:cb:d5:bd:1a:9f:ae:43:9a:14:6a:a0:5c:07:02:ab:55: 27:d1:6c:76:e5:b8:24:cd:b9:7c:e4:e2:4c:26:e7:40:31:8a: 19:ba:6f:75:c4:40:35:3a:93:76:52:b7:ca:0b:0f:f0:2a:8f: ea:7f:1f:0f:0d:e6:80:25:29:5f:a8:34:cc:8b:fd:62:68:85: 22:2f:1a:a7
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0060Nonecross-origin-opener-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:55:27Web ServerNoURLScan.io0010Nonecloudflareayhu.xyz
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneSoundCloud (Category: music) https://soundcloud.com/ayhuayhu
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-cache-status: DYNAMIC{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"}
2023-05-12 02:44:42SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:05:11 2023 GMT Not After : May 25 03:05:10 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9: ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69: 7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2: 36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91: 79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82: ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50: 74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b: 60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89: 0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee: c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e: 24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b: 96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4: 80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45: 12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93: 2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb: f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1: ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68: ca:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 24 04:05:12.050 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:25:A0:69:FB:7F:3E:63:7D:A0:82:F0:BD: 99:FA:FF:84:20:AF:C5:86:81:24:4B:F7:CB:AB:FB:5E: BD:6B:87:56:02:21:00:8A:56:44:28:2B:0B:E5:D6:3A: F4:15:7E:0A:3C:BA:80:47:38:D3:13:65:D6:8E:A8:E5: 01:04:D3:ED:D7:28:24 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 24 04:05:12.068 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:48:50:77:27:A7:8D:E9:4E:44:5B:E4:B4: 56:50:FB:20:FC:C8:FD:0F:4B:DC:68:08:A4:56:A5:4B: F5:A5:47:B3:02:20:41:B4:A0:0F:22:1C:69:E8:F3:FB: 60:B2:81:61:62:E0:DD:28:37:13:7E:74:2B:26:74:E1: FD:E5:4D:29:61:E7 Signature Algorithm: sha256WithRSAEncryption 61:b4:ef:73:fc:3c:d6:36:f5:75:80:0c:33:8b:9a:05:0b:c4: ef:72:1d:69:74:95:fd:0a:84:bd:b8:b9:3c:12:87:d3:eb:2d: b5:d2:63:2a:29:60:59:c4:11:1c:0f:c3:fb:79:2f:8a:43:57: 38:62:d8:2e:68:34:bb:6c:0e:7a:e3:f8:3d:f5:c1:05:a5:6d: 93:b9:b3:48:22:8e:a3:39:66:e6:a5:9e:dc:e2:98:35:7e:b3: e1:c7:b2:16:b7:b0:2e:70:50:4e:ea:93:d0:f8:5c:69:6c:1b: d2:3e:ee:da:64:1f:ad:97:c8:be:17:38:a6:ed:92:9e:3b:db: 67:c8:b0:5f:e6:af:fd:f7:57:92:7b:87:3d:bf:c4:c1:21:13: ba:c4:d8:85:a3:63:dc:90:ee:df:3d:2a:bc:03:4e:ba:1b:8c: 0c:16:7e:58:e3:ac:7f:dc:3b:40:18:1f:74:98:d5:c4:fa:32: 99:95:a0:64:1e:5b:4d:a8:f5:79:33:2e:3f:43:dc:8d:0e:7d: 28:25:74:7a:93:27:53:2e:6b:ae:4d:81:c1:3c:e0:cd:42:02: 6d:fc:da:f3:52:57:d5:b1:70:8e:1a:91:15:c8:1b:93:cd:40: b8:ff:29:e7:c6:05:ad:63:8c:c8:ec:d7:e9:88:33:a3:5d:43: a1:d5:b9:20 battleb0t.xyz
2023-05-12 03:23:25Open TCP PortNoPulsedive0030None188.114.96.8:443188.114.96.0/24
2023-05-12 03:23:33Open TCP PortNoPulsedive0030None188.114.96.12:8080188.114.96.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:01:36:03:06:A5)52.3759, 4.8975
2023-05-12 02:49:49Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://justice.cz/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"194.213.41.170:443"\n "69.16.175.10:443"\n "185.199.110.153:443"\n "192.229.163.25:443"\n "49.12.245.76:443"\n "142.250.191.40:443"\n "142.250.141.154:443"\n "157.240.22.35:443"\n "104.22.24.150:443"\n "157.240.22.25:443"\n "185.60.216.52:443"\n "157.240.20.63:443"\n "157.240.22.20:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f68_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_f68_ConnHashTable<3944>_HashTable_Mutex"\n "IsoScope_f68_IE_EarlyTabStart_0xf20_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f68_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f68_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3944"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f68_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3944"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.lightwidget.com"\n "code.jquery.com"\n "justice.cz"\n "lightwidget.com"\n "portalapl01.servis.justice.cz"\n "scontent-frt3-2.cdninstagram.com"\n "scontent-frx5-1.cdninstagram.com"\n "scontent-sjc3-1.xx.fbcdn.net"\n "video-sjc3-1.xx.fbcdn.net"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3532.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3484.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar328E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab321E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "combo_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "AMOH3QA1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AMOH3QA1.txt]- [targetUID: 00000000-00003944]\n "search_icon_1_.png" has type "PNG image data 21 x 22 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fH-KenfeQjI_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "315741146_1401731960362970_7444101996956285481_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1440x1440 components 3"- [targetUID: N/A]\n "navigation_1_.htm" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "3dl2SsY1JNJ_1_.png" has type "PNG image data 81 x 378 8-bit colormap non-interlaced"- [targetUID: N/A]\n "wtbxHBt7RZw_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "M5RPsIIWHWO_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003680]\n "main_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "325666019_185145374200950_2918817704667586375_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 720x1280 components 3"- [targetUID: N/A]\n "autocomplete-search_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "PkV8_5hF_8w_1_.png" has type "PNG image data 21 x 131 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "page_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "qGoWo6gBwwP_1_.png" has type "PNG image data 28 x 168 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF4008C994FE360571.TMP" has type "data"- Location: [%TEMP%\\~DF4008C994FE360571.TMP]- [targetUID: 00000000-00003944]\n "327730364_500683298907150_5975051271861994663_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 213x160 components 3"- [targetUID: N/A]\n "323431877_824211398639073_8090660628312221513_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 526x195 components 3"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /widgets.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://justice.cz/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: platform.twitter.com\nIf-Modified-Since: Tue, 21 Nov 2017 00:17:05 GMT\nIf-None-Match: "3e4504e992f3a97e51fd54697a0f1b2e+gzip"\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: https://justice.cz/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.facebook.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "facebook.com")\n "POST /platform/plugin/page/logging/ HTTP/1.1\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\nX-FB-LSD: FFgmxX5EibZTC1odP1pfSA\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.facebook.com\nContent-Length: 454\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "facebook.com")\n "GET /rsrc.php/v3/y1/r/nMFM52FAyXC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.xx.fbcdn.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "facebook.com")\n "GET /rsrc.php/v3/yo/r/g2f3nzotF0C.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.xx.fbcdn.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "facebook.com")\n "GET /rsrc.php/v3/yf/l/0,cross/xUCu69_VoIG.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHos185.199.110.153
2023-05-12 02:54:27Physical LocationNoCensys0040NoneSeattle, Washington, 98108, United States, North America2600:1f18:2489:8202::c8
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.98): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:45:34Affiliate - Internet NameNoDNS Raw Records1010Noneroute3.mx.cloudflare.netbattleb0t.xyz
2023-05-12 03:24:48CountryNoCountry Name Extractor0040NoneUnited StatesNorth Charleston, South Carolina, 29418, United States, North America
2023-05-12 02:54:16Web ContentNoWeb Spider0040None/* MIT License Copyright (c) 2017 Pavel Dobryakov Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ 'use strict'; const canvas = document.getElementsByTagName('canvas')[0]; resizeCanvas(); let config = { SIM_RESOLUTION: 256, DYE_RESOLUTION: 1024, CAPTURE_RESOLUTION: 512, DENSITY_DISSIPATION: 0.97, VELOCITY_DISSIPATION: 0.98, PRESSURE: 0.8, PRESSURE_ITERATIONS: 20, CURL: 30, SPLAT_RADIUS: 0.3, SPLAT_FORCE: 6000, SHADING: true, COLORFUL: true, COLOR_UPDATE_SPEED: 10, PAUSED: false, BACK_COLOR: { r: 0, g: 0, b: 0 }, TRANSPARENT: false, BLOOM: false, BLOOM_ITERATIONS: 8, BLOOM_RESOLUTION: 256, BLOOM_INTENSITY: 0.8, BLOOM_THRESHOLD: 0.6, BLOOM_SOFT_KNEE: 0.7, SUNRAYS: true, SUNRAYS_RESOLUTION: 196, SUNRAYS_WEIGHT: 1.0, SOUND_SENSITIVITY: 0.25, FREQ_RANGE: 8, } var timer = setInterval(randomSplat, 3500); var _runRandom = true; var _isSleep = false; function randomSplat() { if(_runRandom == true && _isSleep == false) splatStack.push(parseInt(Math.random() * 20) + 5); } //lively is minimizing browser window to pause. //this wont obviously work once I implement proper pause -> todo:- do not call livelyAudioListener() when paused/minimized. document.addEventListener("visibilitychange", function() { //alert(document.hidden+ " "+document.visibilityState); _isSleep = document.hidden; }, false); let timeout; let timeoutBool=true; function livelyAudioListener(audioArray) { if (audioArray[0] > 5 || _isSleep == true) { _runRandom = true; return; } if(audioArray[0]>0.1 && _runRandom){ _runRandom = false; clearTimeout(timeout); timeoutBool=true; } else{ if(!_runRandom && timeoutBool){ timeoutBool=false; timeout=setTimeout(()=>_runRandom=timeoutBool=true,1500); } } let bass = 0.0; let half = Math.floor(audioArray.length / 2); for (let i = 0; i <= config.FREQ_RANGE; i++) { bass += audioArray[i]; bass += audioArray[half + i]; } bass /= (config.FREQ_RANGE * 2); multipleSplats(Math.floor((bass * config.SOUND_SENSITIVITY) * 10)); } function multipleSplats (amount) { for (let i = 0; i < amount; i++) { const color = config.COLORFUL ? generateColor() : Object.assign({}, config.POINTER_COLOR.getRandom()); color.r *= 10.0; color.g *= 10.0; color.b *= 10.0; const x = canvas.width * Math.random(); const y = canvas.height * Math.random(); const dx = 1000 * (Math.random() - 0.5); const dy = 1000 * (Math.random() - 0.5); splat(x, y, dx, dy, color); } } function generateColor () { let c = HSVtoRGB(Math.random(), 1.0, 1.0); c.r *= 0.15; c.g *= 0.15; c.b *= 0.15; return c; } function pointerPrototype () { this.id = -1; this.texcoordX = 0; this.texcoordY = 0; this.prevTexcoordX = 0; this.prevTexcoordY = 0; this.deltaX = 0; this.deltaY = 0; this.down = false; this.moved = false; this.color = [30, 0, 300]; } let pointers = []; let splatStack = []; pointers.push(new pointerPrototype()); const { gl, ext } = getWebGLContext(canvas); if (isMobile()) { config.DYE_RESOLUTION = 512; } if (!ext.supportLinearFiltering) { config.DYE_RESOLUTION = 512; config.SHADING = false; config.BLOOM = false; config.SUNRAYS = false; } startGUI(); function getWebGLContext (canvas) { const params = { alpha: true, depth: false, stencil: false, antialias: false, preserveDrawingBuffer: false }; let gl = canvas.getContext('webgl2', params); const isWebGL2 = !!gl; if (!isWebGL2) gl = canvas.getContext('webgl', params) || canvas.getContext('experimental-webgl', params); let halfFloat; let supportLinearFiltering; if (isWebGL2) { gl.getExtension('EXT_color_buffer_float'); supportLinearFiltering = gl.getExtension('OES_texture_float_linear'); } else { halfFloat = gl.getExtension('OES_texture_half_float'); supportLinearFiltering = gl.getExtension('OES_texture_half_float_linear'); } gl.clearColor(0.0, 0.0, 0.0, 1.0); const halfFloatTexType = isWebGL2 ? gl.HALF_FLOAT : halfFloat.HALF_FLOAT_OES; let formatRGBA; let formatRG; let formatR; if (isWebGL2) { formatRGBA = getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, halfFloatTexType); formatRG = getSupportedFormat(gl, gl.RG16F, gl.RG, halfFloatTexType); formatR = getSupportedFormat(gl, gl.R16F, gl.RED, halfFloatTexType); } else { formatRGBA = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType); formatRG = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType); formatR = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType); } return { gl, ext: { formatRGBA, formatRG, formatR, halfFloatTexType, supportLinearFiltering } }; } function getSupportedFormat (gl, internalFormat, format, type) { if (!supportRenderTextureFormat(gl, internalFormat, format, type)) { switch (internalFormat) { case gl.R16F: return getSupportedFormat(gl, gl.RG16F, gl.RG, type); case gl.RG16F: return getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, type); default: return null; } } return { internalFormat, format } } function supportRenderTextureFormat (gl, internalFormat, format, type) { let texture = gl.createTexture(); gl.bindTexture(gl.TEXTURE_2D, texture); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MIN_FILTER, gl.NEAREST); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MAG_FILTER, gl.NEAREST); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_S, gl.CLAMP_TO_EDGE); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_T, gl.CLAMP_TO_EDGE); gl.texImage2D(gl.TEXTURE_2D, 0, internalFormat, 4, 4, 0, format, type, null); let fbo = gl.createFramebuffer(); gl.bindFramebuffer(gl.FRAMEBUFFER, fbo); gl.framebufferTexture2D(gl.FRAMEBUFFER, gl.COLOR_ATTACHMENT0, gl.TEXTURE_2D, texture, 0); const status = gl.checkFramebufferStatus(gl.FRAMEBUFFER); return status == gl.FRAMEBUFFER_COMPLETE; } function startGUI () { return; var gui = new dat.GUI({ width: 300 }); gui.add(config, 'DYE_RESOLUTION', { 'high': 1024, 'medium': 512, 'low': 256, 'very low': 128 }).name('quality').onFinishChange(initFramebuffers); gui.add(config, 'SIM_RESOLUTION', { '32': 32, '64': 64, '128': 128, '256': 256 }).name('sim resolution').onFinishChange(initFramebuffers); gui.add(config, 'DENSITY_DISSIPATION', 0, 4.0).name('density diffusion'); gui.add(config, 'VELOCITY_DISSIPATION', 0, 4.0).name('velocity diffusion'); gui.add(config, 'PRESSURE', 0.0, 1.0).name('pressure'); gui.add(config, 'CURL', 0, 50).name('vorticity').step(1); gui.add(config, 'SPLAT_RADIUS', 0.01, 1.0).name('splat radius'); gui.add(config, 'SHADING').name('shading').onFinishChange(updateKeywords); gui.add(config, 'COLORFUL').name('colorful'); gui.add(config, 'PAUSED').name('paused').listen(); gui.add({ fun: () => { splatStack.push(parseInt(Math.random() * 20) + 5); } }, 'fun').name('Random splats'); let bloomFolder = gui.addFolder('Bloom'); bloomFolder.add(config, 'BLOOM').name('enabled').onFinishChange(updateKeywords); bloomFolder.add(config, 'BLOOM_INTENSITY', 0.1, 2.0).name('intensity'); bloomFolder.add(config, 'BLOOM_THRESHOLD', 0.0, 1.0).name('threshold'); let sunraysFolder = gui.addFolder('Sunrays'); sunraysFolder.add(config, 'SUNRAYS').name('enabled').onFinishChange(updateKeywords); sunraysFolder.add(config, 'SUNRAYS_WEIGHT', 0.3, 1.0).name('weight'); let captureFolder = gui.addFolder('Capture'); captureFolder.addColor(config, 'BACK_COLOR').name('background color'); captureFolder.add(config, 'TRANSPARENT').name('transparent'); captureFolder.add({ fun: captureScreenshot }, 'fun').name('take screenshot'); let github = gui.add({ fun : () => { window.open('https://github.com/PavelDoGreat/WebGL-Fluid-Simulation'); } }, 'fun').name('Github'); github.__li.className = 'cr function bigFont'; github.__li.style.borderLeft = '3px solid #8C8C8C'; let githubIcon = document.createElement('span'); github.domElement.parentElement.appendChild(githubIcon); githubIcon.className = 'icon github'; let twitter = gui.add({ fun : () => { window.open('https://twitter.com/PavelDoGreat'); } }, 'fun').name('Twitter'); twitter.__li.className = 'cr function bigFont'; twitter.__li.style.borderLeft = '3px solid #8C8C8C'; let twitterIcon = document.createElement('span'); twitter.domElement.parentElement.appendChild(twitterIcon); twitterIcon.className = 'icon twitter'; let discord = gui.add({ fun : () => { window.open('https://discordapp.com/invite/CeqZDDE'); } }, 'fun').name('Discord'); discord.__li.className = 'cr function bigFont'; discord.__li.style.borhttps://oldfluid.battleb0t.xyz/./script.js
2023-05-12 02:45:54Raw Data from RIRsNoAbstractAPI0040None{u'city': u'Ashburn', u'security': {u'is_vpn': False}, u'city_geoname_id': 4744870, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'AMAZON-AES', u'isp_name': u'Amazon.com, Inc.', u'organization_name': u'Amazon Technologies Inc', u'autonomous_system_number': 14618}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20149', u'longitude': -77.4903, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:45:53'}, u'latitude': 39.0469, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2600:1f18:2489:8200::c8', u'continent': u'North America', u'region_iso_code': u'VA'}2600:1f18:2489:8200::c8
2023-05-12 02:59:50Affiliate - Email AddressNoE-Mail Address Extractor0030Noneasdf1234@calendar.google.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url6314.mail.nmacc.com/ls/click?upn=8UUcZfoU9ErRYP5rNGtgbirLN8xfc6bsTdjhpYE9O-2B6oIJCVLBVNxEMl4-2FlyZEXgpIcvOIsLdFwMmNMQ6pyipe-2BlH6ndePI6TegprE8-2FJ5TmwBSGqtoSQiQZMd1uQY0F6EMbvgZh-2FB54nRmur1hYZXb9DpD9Uaqar8AQBxXE9ZjEMEh9pj-2FNvjiSungY8Q-2BcGAEny7iKKiiOMOE4TVnhf8f7XNNG4vkRAhHBxDpFamm0IUZWV3z-2BlJLtiqNZocaeHRbn9q5OE4HMTBuJibaMxdHmJJ9cRGPg-2BIJz-2B-2F91yqQCKhq-2FDCeLChTKA7jVwK1Ouq-2FKIU-2FYhbkgDECGCTTIYKgHXPh2b3OYH9i7a6eI-2FAKkoa5wVpo9vtL32nYWta9ahz5vfUQqJE7rCOt9gGu6vQWShZJVtaDn-2FX0jLeh5IgiUHxe3oW8VqyzM8ypTZLDWj1E59I1JQ-2FktSv0rVnoCoiAb7P30xuBJWLqQ5lH4zPSwzQWh3Y6TkFHvj3cGgCyLHEq7_-2BOt3qy6nPPD-2BvPBT7bVtLrj9wxQ6PC4uiKPO00-2BGDcq4vCUL9jBCG2rzUktFCBBsWM9VDFDukFJsAvP5a2wlNm-2B1xvIYADajgidXgITH2clnmESRV-2BBkImikTYnjRiXwX9u5aj8UOixtxqSLd-2FknigE7ztnUTNb3Hm824FaNuRAjgM7w7tvQQ-2FLlxjpwO7cilXlMlvOUXGvEp4LRn9miTC4WQr-2FP80gqygKVr2Fvg-2F0JMdrNJ9JhF-2BavQqh-2F-2FWWK6tHbATUsKwjMalzZjASsgacGT9IwTW20bAz3NvT70G-2Be6bq15tVuvaeOKAiaoD-2B-2BGHYAAjoEMPIehIdac8BFr1v89Rh5h21H4kub2usLmqC3yC76UJPWE-2FAg-2FkbKljLX7rc5p70-2BTWNNS0fqLYZDnQPX9DQ4opuM2QB21j2WThAg-2Fa6lCRxasFq-2FKDHL-2BKRb', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a1c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a1c_IESQMMUTEX_0_519"\n "IsoScope_a1c_IESQMMUTEX_0_303"\n "IsoScope_a1c_ConnHashTable<2588>_HashTable_Mutex"\n "IsoScope_a1c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2588"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a1c_IE_EarlyTabStart_0x9e8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "108.139.1.6:443"\n "116.50.97.93:443"\n "185.199.111.153:443"\n "142.251.46.174:443"\n "172.217.12.106:443"\n "18.155.181.57:443"\n "172.217.12.104:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "142.251.214.130:443"\n "142.250.191.78:443"\n "142.250.191.66:443"\n "116.50.93.136:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nmacc.com"\n "pchen66.github.io"\n "tickets.jioworldcentre.com"\n "url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"":signuphost:":"https://plus.google.com",ratingbadge:{url:"https://www.google.com/shopping/customerreviews/badge?usegapi=1"},appcirclepicker:{url:":socialhost:/:session_prefix:_/widget/render/appcirclepicker"},follow:{url:":socialhost:/:session_prefix:_/widget/render/follow?usegapi=1"},community:{url:":ctx_socialhost:/:session_prefix::im_prefix:_/widget/render/community?usegapi=1"},sharetoclassroom:{url:"https://classroom.google.com/sharewidget?usegapi=1"},ytshare:{params:{url:""},url:":socialhost:/:session_prefix:_/widget/render/ytshare?usegapi=1"}," (Indicator: "plus.google.com")\n "* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "b,"vert.pix");break;case "PERCENT":Fy(d.verticalThresholds,b,"vert.pct")}Ev("sdl","init",!1)?Ev("sdl","pending",!1)||J(function(){return Gy()}):(Cv("sdl","init",!0),Cv("sdl","pending",!0),J(function(){Gy();if(Hy()){var e=Iy();qc(z,"scroll",e);qc(z,"resize",e)}else Cv("sdl","init",!1)}));return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}," (Indicator: "youtube")\n "function My(a,b){var c=this;return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "l=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gf:d,Ef:e,Ff:f,lg:g,mg:h,gd:l,Xa:b},p=z.YT,q=function(){Vy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Yy(w,"iframe_api")||Yy(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Py&&Wy(x[A],n.gd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "person:{url:":socialhost:/:session_prefix:_/widget/render/person?usegapi=1"},savetodrive:{url:"https://drive.google.com/savetodrivebutton?usegapi=1",methods:["save"]},page:{url:":socialhost:/:session_prefix:_/widget/render/page?usegapi=1"},card:{url:":socialhost:/:session_prefix:_/hovercard/card"}}},h:"m;/_/scs/abc-static/_/js/k=gapi.lb.en.zUi2Oiqh0cQ.O/d=1/rs=AHpOoo-VnflFHGTzk3OsaVpWbqz0Ysb2Jw/m=__features__",u:"https://apis.google.com/js/api.js",hee:!0,dpo:!1,le:["scs"],glrp:false},platform:"backdrop blogger comments commentcount community donation family_creation follow hangout health page partnersbadge person playemm playreview plus plusone post ratingbadge savetoandroidpay savetodrive savetowallet sharetoclassroom shortlists signin2 surveyoptin visibility youtube ytsubscribe zoomableimage".split(" ")," (Indicator: "youtube")\n "Py=!0,b});return b}Zy.M="internal.enableAutoEventOnYouTubeActivity";var $y;function az(a){var b=!1;return b}az.M="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},R(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Hh.ia+"&cx=c";hs()&&(f+="&sign="+Hh.se);var g=Qh||Zh?gs(b,f):void 0;g||(g=So("https://","http://",Hh.Gd+f));Cl().destination[a]={state:1,context:c};mc(g)}};function is(){if(xl()){return!0}return!1};var ls=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ms={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ns={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Yv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,l){var n=a(),p=n.Lf,q=void 0!==l?Math.round(l):void 0!==h?Math.round(n.Lf*h):Math.round(n.Uh),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Hk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Av(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "main.4a45304c_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "api_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QA70RK48.txt" has type "ASCII text"- Location: [%APPDATA%\\Mic
2023-05-12 02:55:11Open TCP Port BannerNoCensys0120None220-cp.keyubu.net ESMTP Exim 4.95 #2 Thu, 11 May 2023 06:41:45 +0300 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. 87.248.157.102
2023-05-12 03:31:23Malicious IP on Same SubnetYesblocklist.de0040Noneblocklist.de List [207.154.224.0/20] http://lists.blocklist.de/lists/all.txt207.154.224.0/20
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.211): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5acc457cc32d9a-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}188.114.97.1
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneSpiceWorks (Category: tech) https://community.spiceworks.com/people/ayhuayhu
2023-05-12 03:00:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.7): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-origin-cache: HIT{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 02:54:10HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c570c285af722f3-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}2606:4700:3031::6815:6a6
2023-05-12 03:10:14Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0040NoneVOIPBL Publicly Accessible PBX List [172.67.160.0/20] http://www.voipbl.org/update172.67.160.0/20
2023-05-12 02:54:41BGP AS MembershipNoCensys0030None396982104.196.30.220
2023-05-12 02:45:43Physical LocationNoAbstractAPI1020NoneSan Francisco, California, 94107, United States, North America185.199.109.153
2023-05-12 03:09:26Co-Hosted Site - Domain WhoisNoWhois2040None Domain Name: 001VIET.COM Registry Domain ID: 2685910837_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2022-10-01T07:27:47Z Creation Date: 2022-03-31T20:18:54Z Registry Expiry Date: 2024-03-31T20:18:54Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:05Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: 001viet.com Registry Domain ID: 2685910837_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-03-31T15:18:54Z Creation Date: 2022-03-31T15:18:54Z Registrar Registration Expiration Date: 2024-03-31T15:18:54Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Registry Admin ID: Not Available From Registry Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Registry Tech ID: Not Available From Registry Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice. 001viet.com
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePastebin (Category: tech) https://pastebin.com/u/loginlogin
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<hidden ssid> (Net ID: 00:01:E3:55:9A:D5)52.3759, 4.8975
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneJIVE2.42025B0 (Net ID: 00:01:9F:20:25:B0)33.617190550339146,-111.90827887019054
2023-05-12 03:03:17Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 17:51:43 2022 GMT Not After : Mar 13 17:51:42 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e: d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22: e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c: dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65: eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87: 63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79: 63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96: 79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c: 81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f: c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9: e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e: 7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8: 77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13: b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9: 37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1: b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa: 98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71: 67:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption b3:28:33:86:e5:dc:4a:a5:0d:54:63:88:53:14:c5:02:19:6c: 52:0c:eb:6c:53:81:1e:79:fa:32:9b:67:92:47:04:43:5c:50: 0d:d4:24:6a:dc:a8:66:3f:6f:01:46:76:6d:ab:41:86:f7:8a: 9f:a9:30:88:c8:3c:39:d0:93:9d:c0:84:21:71:d0:ed:5b:fd: 37:f1:e5:b1:17:44:f1:5d:0d:e3:ee:59:71:ab:af:ea:49:a9: 6f:46:0a:b8:4f:fb:b3:90:f5:22:5b:f7:15:85:47:7f:49:6f: 40:88:be:87:42:31:e5:73:5b:21:63:86:05:bf:5e:c7:08:7b: 22:bd:7c:ea:3c:10:5d:31:48:93:7d:11:b0:63:57:aa:ac:8f: 0e:e2:79:b2:0b:1e:4c:22:c3:9b:30:05:63:91:46:7c:08:bc: 0b:a5:df:0d:fa:d4:f5:ca:11:e2:c3:e9:3b:84:63:2a:e1:83: 23:69:5a:17:9e:82:bd:3e:38:bf:2f:e0:e7:d8:8e:1f:89:ec: 98:5e:98:15:2d:6f:da:3d:c3:ff:6f:27:47:e4:75:ff:0f:27: 54:ce:7a:dc:ed:b7:3c:34:cb:a9:19:03:70:2a:f8:d1:db:82: d5:fe:f6:78:e7:00:e6:9d:bd:26:7b:70:c5:8a:f4:85:0a:5c: ca:c5:68:7d
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050None" (Cloaked) (Net ID: 00:01:36:59:CB:CF)37.7813933,-122.3918002
2023-05-12 02:59:55Affiliate - Email AddressNoE-Mail Address Extractor0030Nonerobert.scheubeck@vitesco.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_86c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_86c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_86c_IE_EarlyTabStart_0xb4c_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_86c_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2156"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_86c_ConnHashTable<2156>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_86c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarC7FB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC87A.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003280"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC7EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "_1281DC16-BCE6-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003364]\n "RecoveryStore._62E344AD-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "9L52N55G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9L52N55G.txt]- [targetUID: 00000000-00002156]\n "ISM1RHVV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ISM1RHVV.txt]- [targetUID: 00000000-00003364]\n "1Y9ROK9B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1Y9ROK9B.txt]- [targetUID: 00000000-00002156]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "0JE7DDOB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JE7DDOB.txt]- [targetUID: 00000000-00002156]\n "DE9QSFBN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DE9QSFBN.txt]- [targetUID: 00000000-00002156]\n "59XOOQKO.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\59XOOQKO.htm]- [targetUID: 00000000-00003364]\n "QJEP1X8E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QJEP1X8E.txt]- [targetUID: 00000000-00002156]\n "_62E344AF-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFEC7BEACF44F2BD56.TMP" has type "data"- Location: [%TEMP%\\~DFEC7BEACF44F2BD56.TMP]- [targetUID: 00000000-00002156]\n "CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC879.tmp]- [targetUID: 00000000-00003364]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003364]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003280.00000000.65937.003B1000.00000020.mdmp\n 00000000-00003280.00000000.65970.003B1000.00000020.mdmp]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"\ufffd\ufffd\ufffdy\ufffd\ufffd\u01b6gb^\ufffd\ufffd\ufffd}\ufffd\ufffdi\ufffd6\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdGU\ufffd=F\ufffd\ufffdo\ufffd\ufffd*\ufffd<hB`\ufffdw\ufffd[,\ufffd\ufffd\ufffd\u04bc\ufffd\\\ufffd\ufffd\ufffdu\u04ae\ufffdWW\ufffdOU\ufffd\ufffdVW\ufffd\ufffdG\ufffd\u06f4\ufffd#\ufffd\ufffd\ufffd0:W\ufffd\ufffd,\u0151\ufffd\u0491Z\ufffd7{\ufffd`!3\ufffdx^O0\ufffd\ufffdM\ufffd\ufffd\ufffdU\ufffdS\ufffd,\ufffd\ufffd@4\ufffdF\ufffd#\ufffdmG\ufffd\ufffd\ufffdg\ufffd\ufffd\ufffd`\ufffd\\\ufffd\ufffd\ufffd\'6k\ufffd4\ufffdNXr\ufffdm&\ufffd?\u02db\ufffd\ufffd\ufffd\ufffd{\ufffd.C/!\ufffd\ufffd\ufffdNTf\ufffd\ufffd|G\ufffd6\ufffd:\ufffd7\ufffd\ufffd\ufffd\ufffd\ufffdmr\ufffd\u061b\ufffd\ufffd\ufffd<\ufffd\ufffd+\ufffd!\ufffd/\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffd\ufffd\ufffdL\ufffdC\ufffd\ufffdp(\ufffd\xe1\ufffdKRX\ufffdd\ufffd!<\ufffd=\ufffd\ufffd\ufffd\ufffd\ufffd\\\ufffd\ufffdz\ufffd\ufffd\ufffd\ufffdJ\u0522\u0277\ufffd\ufffd\ufffd\ufffdL\ufffd\ufffd\ufffdo\ufffd\ufffdM\ufffd:\ufffd\ufffd\ufffd\ufffd\u07c5\ufffd\ufffd\ufffd\ufffd\ufffd\u05cd|\ufffd|,d_vQ\ufffd\ufffd3\ufffdB\ufffd\ufffd-?\ufffdi\ufffd\ufffd\ufffd\ufffdT\ufffd\\\ufffd\ufffd\ufffd\ufffd\ufffdu\ufffd\ufffdW @\ufffdA;0,\ufffd\ufffd-\ufffd\ufffd\ufffd~\ufffd\ufffd\ufffd\ufffd\ufffd{0i}(\ufffdAw.R\ufffd|\ufffd\ufffd\ufffd??.\ufffd\ufffdpq\u0259\ufffd&z\ufffd\ufffd\ufffdg\ufffd"/\ufffdQ\ufffd\ufffd\ufffd}\ufffdyj\ufffd\ufffd[f\ufffdS\ufffd2&Q\ufffd&t\ufffd/\ufffd\u077a\ufffds\ufffd\ufffdD\ufffd\ufffdA\ufffd\ufffdz\ufffd\ufffd1CSp\ufffd }\ufffdz4\ufffd\ufffdQ\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdD\ufffd\ufffd\ufffd|\ufffd\ufffd4\ufffdq\ufffd\ufffd\ufffd\ufffd\ufffdT\ufffdO5\u0175mz=_\ufffd\ufffd\u02ad\ufffdh\ufffd\ufffd\ufffd\ufffd\ufffd]\u061b\ufffdh\u039e\ufffd\ufffd\ufffd\ufffdXI\ufffd
2023-05-12 02:55:43Raw Data from RIRsNoHybrid Analysis0030None{u'count': 1, u'search_terms': [{u'id': u'host', u'value': u'64.226.81.43'}], u'result': [{u'environment_id': 160, u'job_id': u'6421d18abc9d17a8490ac78d', u'analysis_start_time': u'2023-03-27 17:25:30', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'4feea01ff4a783ce1c5865f5114d6f2620c834d630588769904d9a0871e30a8d', u'type': None, u'type_short': u'url', u'size': 53}]}64.226.81.43
2023-05-12 02:55:15HTTP HeadersNoCensys0030None{"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}165.232.113.85
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonedmhs (Net ID: 00:02:2D:0B:16:21)34.0544, -118.244
2023-05-12 03:01:28Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.16): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:35:13Malicious Co-Hosted SiteYesComodo0030NoneBlocked by Comodo DNS [rathook.cc]rathook.cc
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00jew.github.io185.199.111.153
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneeLektriK (Net ID: 00:08:5C:7B:B9:3D)40.2024, 29.0398
2023-05-12 02:44:19Internet NameNoDNS Resolver2020Nonepics.battleb0t.xyz[{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneBandlab (Category: music) https://www.bandlab.com/AltpapierAltpapier
2023-05-12 02:53:39HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["9954:9C3B:20A7B64:2F7931C:645C5074"], "Age": ["259"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["1"], "X_Timer": ["S1683771768.574276,VS0,VE2"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["8a09b57cb5993eaa6860d607d298dd9826aef348"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["HIT"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100161-CHI"], "Accept_Ranges": ["bytes"]}185.199.108.153
2023-05-12 02:54:17HTTP HeadersNoCensys0040None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}2606:4700:3037::6815:470e
2023-05-12 02:48:56Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://financialcafe.net/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_cc0_IESQMMUTEX_0_519"\n "IsoScope_cc0_IESQMMUTEX_0_303"\n "IsoScope_cc0_ConnHashTable<3264>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cc0_IESQMMUTEX_0_331"\n "IsoScope_cc0_IE_EarlyTabStart_0xdc4_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3264"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"52.24.76.118:443"\n "172.64.132.15:443"\n "104.16.87.20:443"\n "142.250.189.232:443"\n "65.8.158.69:443"\n "104.17.25.14:443"\n "185.199.110.153:443"\n "142.250.189.234:443"\n "142.250.191.67:443"\n "142.250.189.174:443"\n "184.27.80.18:443"\n "20.25.53.147:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ke.ca+"&cx=c";Io()&&(f+="&sign="+ke.Td);var g=te||ve?Ho(b,f):void 0;g||(g=rl("https://","http://",ke.jd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Jo(){if(Zh()){return!0}return!1};var Mo=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),No={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Oo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF3A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFD53.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF39.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFF39.tmp]- [targetUID: 00000000-00003376]\n "CabFD52.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFD52.tmp]- [targetUID: 00000000-00003376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "FinancialCafeBlack-06_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "FinancialCafeWhite-07_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "imgggnew_1_.png" has type "PNG image data 1920 x 1699 8-bit colormap non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "profiles_1_.png" has type "PNG image data 136 x 135 4-bit colormap non-interlaced"- [targetUID: N/A]\n "SSL-Certified-icons_1_.png" has type "PNG image data 131 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "TarFF3A.tmp" has type "data"- Location: [%TEMP%\\TarFF3A.tmp]- [targetUID: 00000000-00003376]\n "6IILQXTA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6IILQXTA.txt]- [targetUID: 00000000-00003376]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FRC8Z6SG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FRC8Z6SG.txt]- [targetUID: 00000000-00003264]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._FED39B3D-CE42-11ED-A569-08002791028F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "wallet_1_.png" has type "PNG image data 137 x 137 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFBCF09A62309EF55B.TMP" has type "data"- Location: [%TEMP%\\~DFBCF09A62309EF55B.TMP]- [targetUID: 00000000-00003264]\n "iframeResizerDestination.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "TarFD53.tmp" has type "data"- Location: [%TEMP%\\TarFD53.tmp]- [targetUID: 00000000-00003376]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "https://+c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "https://cct.google/taggy/agent.js"\n Heuristic match: "* Copyright: (c) 2018 David J. Bradshaw - dave@bradshaw.net"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/graphs/contributors"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;800&display=swap"\n Pattern match: "C.JgU/0$"\n Pattern match: "p6gu.gqN/\ufffd\ufffdm\ufffd/\u0225\ufffdy\ufffd]\ufffd\ufffd#\ufffd\ufffd\ufffd\ufffdh\ufffd\ufffd\ufffd\ufffd\u070f\ufffd\ufffdZ\ufffd*~\ufffd$O\ufffd\ufffd\ufffdA\ufffdd\ufffd7\ufffdH2oc\ufffd.v\ufffd\ufffdY#8i&2v\ufffd"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;800&display=swap"\n Pattern match: "MUID30D366FDCBF662572726741ECA726330msn.com/102513402695683110216750963867231023696*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*_gidGA1.2.1308012239.1680102288financialcafe.net/1088416549478431023896345636378031023695*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?rp(R(c,gaFunctionName)):rp();if(pa(k)){var"\n Pattern match: "www.google-analytics.com==a.host&&185.199.110.153
2023-05-12 02:50:26Physical AddressNoGLEIF2030None101 Townsend Street, San Francisco, US-CA, US, 94107Cloudflare\, Inc.
2023-05-12 02:54:17Linked URL - InternalNoWeb Spider0020Nonehttp://nwapi.battleb0t.xyznwapi.battleb0t.xyz
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-128@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.235): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:17Open TCP Port BannerNoCensys0040NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 2606:4700:3037::6815:470e
2023-05-12 02:54:34Physical LocationNoCensys0030NoneSan Francisco, California, 94107, United States, North America104.21.71.14
2023-05-12 03:08:47Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.224104.196.30.220
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0130NoneGitHub.com{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:9D:4C:90)33.6170672,-111.90564645297056
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBlogspot (Category: blog) http://login.blogspot.comlogin
2023-05-12 02:44:18Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.com185.199.111.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneInnoPoint (Net ID: 00:02:2D:55:AD:1C)50.1188, 8.6843
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0040NoneCloudflare, Inc. Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://www.cloudflare.com Updated Date: 2017-05-24T17:44:01Z Creation Date: 2009-02-17T22:07:54Z Registry Expiry Date: 2024-02-17T22:07:54Z Registrar: CloudFlare, Inc. Registrar IANA ID: 1910 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS3.CLOUDFLARE.COM Name Server: NS4.CLOUDFLARE.COM Name Server: NS5.CLOUDFLARE.COM Name Server: NS6.CLOUDFLARE.COM Name Server: NS7.CLOUDFLARE.COM DNSSEC: signedDelegation DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: CLOUDFLARE.COM Registry Domain ID: 1542998887_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2021-09-27T15:18:45Z Creation Date: 2009-02-17T22:07:54Z Registrar Registration Expiration Date: 2024-02-17T22:07:54Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: CA Registrant Postal Code: DATA REDACTED Registrant Country: US Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com Name Server: ns3.cloudflare.com Name Server: ns4.cloudflare.com Name Server: ns5.cloudflare.com Name Server: ns6.cloudflare.com Name Server: ns7.cloudflare.com DNSSEC: signedDelegation Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneMySpace (Category: social) https://myspace.com/AltpapierAltpapier
2023-05-12 02:56:57Internet NameNoDNS Resolver0020Nonekekw.battleb0t.xyz[{u'sort': [1679937961810, u'be713cda-cf3f-49bd-91b6-e8517dc017bf'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'tags': [u'falconsandbox'], u'url': u'http://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-27T17:26:01.810Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 0, u'encodedDataLength': 0, u'requests': 1, u'dataLength': 0}, u'screenshot': u'https://urlscan.io/screenshots/be713cda-cf3f-49bd-91b6-e8517dc017bf.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/be713cda-cf3f-49bd-91b6-e8517dc017bf/', u'_id': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'page': {u'url': u'http://kekw.battleb0t.xyz/jar', u'domain': u'kekw.battleb0t.xyz', u'apexDomain': u'battleb0t.xyz'}}, {u'sort': [1679768811151, u'4b027c18-4e16-4bfc-8793-6295946cceb7'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'https://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-25T18:26:51.151Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 84, u'requests': 1, u'dataLength': 11}, u'screenshot': u'https://urlscan.io/screenshots/4b027c18-4e16-4bfc-8793-6295946cceb7.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/4b027c18-4e16-4bfc-8793-6295946cceb7/', u'_id': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'page': {u'mimeType': u'text/plain', u'status': u'502', u'domain': u'kekw.battleb0t.xyz', u'url': u'https://kekw.battleb0t.xyz/jar', u'country': u'DE', u'tlsValidFrom': u'2023-03-23T21:24:09.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'tlsIssuer': u'Easypanel', u'tlsValidDays': 3650, u'ip': u'64.226.81.43', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 1, u'asn': u'AS14061'}}, {u'sort': [1678573216685, u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:20:16.685Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea/', u'_id': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}, {u'sort': [1678573191537, u'd8289b22-dbac-48d2-856a-e99fe632406b'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:19:51.537Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/d8289b22-dbac-48d2-856a-e99fe632406b.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/d8289b22-dbac-48d2-856a-e99fe632406b/', u'_id': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}]
2023-05-12 02:53:25IPv6 AddressNoMnemonic PassiveDNS0020None2606:4700:3037::6815:470ewww.battleb0t.xyz
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:57:33Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.nousdine.com/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD626.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD605.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8e0_ConnHashTable<2272>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_8e0_IESQMMUTEX_0_303"\n "IsoScope_8e0_IE_EarlyTabStart_0xe58_Mutex"\n "IsoScope_8e0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2272"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_8e0_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8e0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2272"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabD604.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabD625.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "2AW67MIT.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2AW67MIT.txt]- [targetUID: 00000000-00002284]\n Dropped file: "P1DX0RMJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1DX0RMJ.txt]- [targetUID: 00000000-00002272]\n Dropped file: "27MNWDMD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\27MNWDMD.txt]- [targetUID: 00000000-00002272]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002284]\n "2AW67MIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2AW67MIT.txt]- [targetUID: 00000000-00002284]\n "_7B0E49ED-7FFB-11ED-BBBA-080027597010_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "P1DX0RMJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1DX0RMJ.txt]- [targetUID: 00000000-00002272]\n "~DF620C30C65B6B0A84.TMP" has type "data"- Location: [%TEMP%\\~DF620C30C65B6B0A84.TMP]- [targetUID: 00000000-00002272]\n "_4B81942E-8010-11ED-BBBA-080027597010_.dat" has type "data"- [targetUID: N/A]\n "CabD604.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabD604.tmp]- [targetUID: 00000000-00002284]\n "~DF188F70FFAD2D6FBE.TMP" has type "data"- Location: [%TEMP%\\~DF188F70FFAD2D6FBE.TMP]- [targetUID: 00000000-00002272]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC6D7D0DE241CCDB3.TMP" has type "data"- Location: [%TEMP%\\~DFC6D7D0DE241CCDB3.TMP]- [targetUID: 00000000-00002272]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002284]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002272]\n "TarD626.tmp" has type "data"- Location: [%TEMP%\\TarD626.tmp]- [targetUID: 00000000-00002284]\n "RecoveryStore._7B0E49EB-7FFB-11ED-BBBA-080027597010_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "27MNWDMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\27MNWDMD.txt]- [targetUID: 00000000-00002272]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002284]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002284]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.nousdine.com/site.webmanifest"\n Pattern match: "https://www.nousdine.com"\n Pattern match: "www.nousdine.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 125408\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 263\nContent-Type: application/octet-stream\nDate: Sun, 18 Dec 2022 14:04:39 GMT\nEtag: "18710f16312025d1c75893eeff15e235-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMPGD8AKB1EXHD5EX130SDYH\n\n{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"stand34.148.97.127
2023-05-12 02:54:34Raw Data from RIRsNoCensys0030None{"last_updated_at": "2023-05-12T01:00:12.123Z", "ip": "104.21.71.14", "location_updated_at": "2023-04-28T19:19:18.236705Z", "autonomous_system_updated_at": "2023-05-09T16:20:05.625049Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"tiosmarigin.tk": {"record_type": "A", "resolved_at": "2023-03-11T19:39:44.575906671Z"}, "arididhe.ml": {"record_type": "A", "resolved_at": "2023-04-24T18:45:41.887412116Z"}, "vrukshali.com": {"record_type": "A", "resolved_at": "2023-04-08T16:35:57.455101722Z"}, "cosmicstory.info": {"record_type": "A", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "thesportsgrail.com": {"record_type": "A", "resolved_at": "2023-02-26T14:54:59.969967341Z"}, "webmail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "www.septlightchristministries.org.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:49.197349430Z"}, "urposnasulebas.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:59:06.417667953Z"}, "www.myobots.com": {"record_type": "A", "resolved_at": "2023-04-09T14:51:23.310423040Z"}, "www.adwokat-pancerz.pl.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-03T02:35:21.068173226Z"}, "portsaintjoescallopingcharters.com": {"record_type": "A", "resolved_at": "2023-04-21T15:46:43.176740366Z"}, "beautifytopsultimation.buzz": {"record_type": "A", "resolved_at": "2022-11-17T12:23:28.036579596Z"}, "admin.lamoonday.com": {"record_type": "A", "resolved_at": "2023-05-06T15:21:37.997359428Z"}, "demedetomi.cf": {"record_type": "A", "resolved_at": "2023-04-28T13:02:53.957272859Z"}, "kasabugraphics.com": {"record_type": "A", "resolved_at": "2023-05-01T14:43:01.025149560Z"}, "ope8.tv": {"record_type": "A", "resolved_at": "2023-05-03T22:04:13.875331255Z"}, "www.rise.co.th": {"record_type": "A", "resolved_at": "2023-05-07T21:57:04.071347817Z"}, "sgenundia.tk": {"record_type": "A", "resolved_at": "2023-03-24T07:24:26.513019486Z"}, "www.kjgenerationministries.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-10T18:40:04.194871729Z"}, "mistwarctolylong.tk": {"record_type": "A", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "mynevo.info": {"record_type": "A", "resolved_at": "2023-04-28T18:32:08.279256180Z"}, "adconcovawee.tk": {"record_type": "A", "resolved_at": "2023-04-11T22:21:41.715203906Z"}, "slanchogled.vipe.us": {"record_type": "A", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "yarmun.ru": {"record_type": "A", "resolved_at": "2022-11-24T10:10:59.048282776Z"}, "www.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-24T22:38:44.245072355Z"}, "topcourse.org": {"record_type": "A", "resolved_at": "2023-05-03T21:16:34.517625638Z"}, "asexloyndicla.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:02.129956664Z"}, "it-a-br-newcarok.live": {"record_type": "A", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "angie.vipe.us": {"record_type": "A", "resolved_at": "2023-05-07T22:13:24.900604639Z"}, "control.vipe.us": {"record_type": "A", "resolved_at": "2023-04-29T21:53:25.082390823Z"}, "jocworkvi.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:39:03.920122991Z"}, "www.farasoacademy.com": {"record_type": "A", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "tiketpabe.ml": {"record_type": "A", "resolved_at": "2022-12-20T15:20:04.499578994Z"}, "cumslocals.com": {"record_type": "A", "resolved_at": "2023-04-02T14:31:43.668953015Z"}, "partebo.tk": {"record_type": "A", "resolved_at": "2023-05-03T04:54:07.371514288Z"}, "ydemle.tk": {"record_type": "A", "resolved_at": "2023-05-03T04:55:08.861274859Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "www.septlightchristministries.org": {"record_type": "CNAME", "resolved_at": "2022-11-14T16:33:28.688596487Z"}, "uktrenarteaapha.cf": {"record_type": "A", "resolved_at": "2023-01-08T12:27:30.216988388Z"}, "www.brevardnc.org": {"record_type": "A", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "reistomam.ml": {"record_type": "A", "resolved_at": "2023-04-04T19:32:24.563529019Z"}, "brunittamodaloja.com.br": {"record_type": "A", "resolved_at": "2022-11-16T12:16:31.177183594Z"}, "arezzobenessereshop.it": {"record_type": "A", "resolved_at": "2022-10-03T19:14:49.537388749Z"}, "plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-11-07T13:56:43.968941354Z"}, "630dc.com": {"record_type": "A", "resolved_at": "2023-05-08T13:21:12.392646346Z"}, "prechcamithotem.ga": {"record_type": "A", "resolved_at": "2023-04-28T18:15:48.598414983Z"}, "cvgy.top": {"record_type": "A", "resolved_at": "2023-05-03T04:55:52.694688313Z"}, "road.vipe.us": {"record_type": "A", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "www.clicarmoires.ca": {"record_type": "A", "resolved_at": "2023-04-17T17:46:34.291559938Z"}, "trakagcicsalutci.tk": {"record_type": "A", "resolved_at": "2023-05-01T20:45:54.004504568Z"}, "www.24hrupdate.online": {"record_type": "A", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "bioki.xyz": {"record_type": "A", "resolved_at": "2022-12-26T16:46:34.402722189Z"}, "walledgarden.global": {"record_type": "A", "resolved_at": "2023-05-03T00:39:45.829214813Z"}, "faclachop.tk": {"record_type": "A", "resolved_at": "2023-05-04T22:25:50.199894162Z"}, "terrtus.ch": {"record_type": "A", "resolved_at": "2023-05-11T12:57:19.817455256Z"}, "bestverfyspport.xyz": {"record_type": "A", "resolved_at": "2022-12-01T17:11:53.237569857Z"}, "tilimotica.ml": {"record_type": "A", "resolved_at": "2023-05-07T18:36:13.077272212Z"}, "xenarix.com": {"record_type": "A", "resolved_at": "2022-11-12T14:04:18.024188077Z"}, "ningchartjump.ml": {"record_type": "A", "resolved_at": "2023-01-07T15:35:22.698042631Z"}, "luigisitalianrestaurantuvalde.com": {"record_type": "A", "resolved_at": "2023-04-27T15:46:08.997890816Z"}, "mycloudcontroller.com": {"record_type": "A", "resolved_at": "2023-04-25T15:22:23.208380694Z"}, "micojardihori.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:43.915610757Z"}, "brockhoff.fr": {"record_type": "A", "resolved_at": "2023-04-30T22:44:30.853447549Z"}, "tizhoo.ir": {"record_type": "A", "resolved_at": "2022-12-14T15:27:25.652479467Z"}, "smartarena.vipe.us": {"record_type": "A", "resolved_at": "2023-05-03T22:17:28.866034171Z"}, "glenholidays.com": {"record_type": "A", "resolved_at": "2023-05-02T15:02:00.797225124Z"}, "www.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-04-26T14:47:46.439798109Z"}, "dev.wrightelliot.co.uk": {"record_type": "A", "resolved_at": "2023-05-05T20:36:24.562768060Z"}, "pinxiang2901.com": {"record_type": "A", "resolved_at": "2023-05-07T15:26:47.916101301Z"}, "www.kjgenerationministries.com": {"record_type": "CNAME", "resolved_at": "2022-12-05T13:35:30.694998001Z"}, "abkapp.vipe.us": {"record_type": "A", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "maturewell.org": {"record_type": "A", "resolved_at": "2023-05-07T21:17:46.109575572Z"}, "fullgamephone.com": {"record_type": "A", "resolved_at": "2023-01-26T13:33:39.078041595Z"}, "stocabpenope.tk": {"record_type": "A", "resolved_at": "2023-05-04T22:27:09.028863323Z"}, "martohacabe.ga": {"record_type": "A", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "www.terrtus.ch": {"record_type": "A", "resolved_at": "2023-04-28T13:06:01.112458353Z"}, "rensumexiberk.ml": {"record_type": "A", "resolved_at": "2023-05-03T01:55:35.944855020Z"}, "gusteiplexmola.tk": {"record_type": "A", "resolved_at": "2023-03-27T05:18:03.996467271Z"}, "mail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-27T14:03:01.187052953Z"}, "www.comunicacaodedados.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-13T18:07:05.732544519Z"}, "conservativecollection.com": {"record_type": "A", "resolved_at": "2023-04-25T14:29:42.584815574Z"}, "lenscarspock.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:33.881756893Z"}, "planafimentac.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:56:14.030088831Z"}, "rec.vipe.us": {"record_type": "A", "resolved_at": "2023-04-30T03:14:09.561279109Z"}, "ndkfe-vjwc.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-05-03T00:07:50.549712076Z"}, "buvade.ml": {"record_type": "A", "resolved_at": "2023-04-27T19:50:04.921168507Z"}, "taapakspices.com": {"record_type": "A", "resolved_at": "2023-04-20T19:35:41.336607495Z"}, "diamondonlineshop.my.id": {"record_type": "A", "resolved_at": "2023-01-16T15:26:13.088949416Z"}, "youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-05T16:03:41.028406500Z"}, "www.vrukshali.com": {"record_type": "A", "resolved_at": "2023-05-08T16:37:33.689821521Z"}, "www.youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-07T16:20:45.109859563Z"}, "unareras.ml": {"record_type": "A", "resolved_at": "2022-10-20T00:00:33.698975202Z"}, "tinghoxad.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:24.408979445Z"}, "smink.xyz": {"record_type": "A", "resolved_at": "2022-11-26T17:19:55.972898134Z"}, "howardsbakeryequipment.com": {"record_type": "A", "resolved_at": "2023-04-24T14:53:21.088861293Z"}, "mail.kasabugraphics.com": {"record_type": "A", "resolved_at": "2023-05-05T14:52:30.444010315Z"}, "tournleadnabatemo.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:16.541179614Z"}, "profhuitritandespa.gq": {"record_type": "A", "resolved_at": "2023-05-09T17:19:25.416748634Z"}, "arpaman.ga": {"record_type": "A", "resolved_at": "2022-10-21T07:33:02.998113361Z"}, "vikk-play.space": {"record_type": "A", "resolved_at": "2023-01-29T18:05:12.078217209Z"}}, "names": ["www.kjgenerationministries.com.cdn.cloudflare.net", "mynevo.info", "sgenundia.tk", "gusteiplexmola.tk", "taapakspices.com", "yarmun.ru", "control.vipe.us", "smink.xyz", "rensumexiberk.ml", "www.septlightchristministries.org", "vikk-play.space", "www.terrtus.ch", "www.brevardnc.org", "cvgy.top", "conservativecollection.com", "mycloudcontroller.com", "asexloyndicla.tk", "tinghoxad.tk", "stocabpenope.tk", "tiketpabe.ml104.21.71.14
2023-05-12 03:08:45Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.213104.196.30.220
2023-05-12 03:32:18Malicious AffiliateYesabuse.ch0140Noneabuse.ch URLhaus (Domain) [cdn-185-199-111-154.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-111-154.github.com
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None101 (Net ID: 00:01:03:7B:E0:44)37.780462,-122.390564
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneProject hosting websitesbattleb0t.github.io
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-B882 (Net ID: 9C:34:26:46:B8:80)37.751, -97.822
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.245): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneNGMH (Net ID: 00:09:5B:B3:C8:70)33.617190550339146,-111.90827887019054
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneUSR9108 (Net ID: 00:14:C1:1A:3F:1C)40.2024, 29.0398
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneFreigut (Net ID: 00:01:21:21:C1:60)50.1188, 8.6843
2023-05-12 02:56:56Internet NameNoDNS Resolver0040Nonekekw.battleb0t.xyz{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneAudiojungle (Category: music) https://audiojungle.net/user/ayhuayhu
2023-05-12 02:46:50Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0030Nonenetlify.app34.148.97.127
2023-05-12 02:55:18BGP AS MembershipNoCensys0030None1406146.101.229.70
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030Noneno_ssid (Net ID: 00:00:0C:07:AC:29)41.8781, -87.6298
2023-05-12 02:51:20SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:23:04 2022 GMT Not After : Feb 15 13:23:03 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a: ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73: 1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1: f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00: 78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39: 10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7: b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3: 5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39: 57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08: 2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a: 22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d: c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26: f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87: e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a: 2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70: bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e: 32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03: a2:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 36:be:9b:e9:c6:04:01:1c:2c:7e:ac:66:f1:b1:7c:f0:ee:5e: a7:7a:d6:c8:9e:79:b8:66:86:a3:c0:1f:2e:30:41:c8:ab:65: cc:a9:76:5f:0c:9a:14:80:51:ed:a7:e9:7f:f2:bd:57:5c:9b: 04:31:55:52:cc:d9:5d:ee:2c:9b:e4:bf:d8:d9:92:19:14:10: dd:51:d3:7f:4d:75:15:b6:a8:e3:fc:04:59:c4:b7:64:9f:51: 37:3d:db:dc:3f:62:ca:61:18:50:70:5c:05:5f:99:79:0d:a0: 0e:c8:35:8d:bb:f1:5e:79:d7:db:26:ea:af:a1:41:c0:38:87: 5a:1f:f0:8e:e8:e0:82:24:9f:5a:90:83:7a:4a:a7:ba:46:58: 13:f1:c7:56:f8:28:af:a1:60:8b:a6:cd:3c:87:94:ac:c7:fc: 20:7c:c8:b3:c3:76:a4:35:2d:72:c3:ee:ac:78:b8:e1:34:03: 38:a2:6a:44:20:aa:90:30:a3:3e:ab:ba:d0:59:e6:ec:06:0e: 8d:eb:87:b7:3c:38:30:f7:f2:e8:b8:2e:15:05:ad:78:2f:e8: 3c:50:44:89:a3:d8:8d:08:05:5d:7a:05:56:82:9c:5e:c3:16: 2a:39:5a:33:90:bb:6e:e6:f1:42:6a:27:46:25:76:11:a4:8f: 4f:1d:29:59 battleb0t.xyz
2023-05-12 03:10:09Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0030NoneVOIPBL Publicly Accessible PBX List [185.199.108.0/24] http://www.voipbl.org/update185.199.108.0/24
2023-05-12 02:53:19Internet NameNoMnemonic PassiveDNS0010Nonemail.ayhu.xyzayhu.xyz
2023-05-12 03:33:10Internet NameNoDNS Resolver0030Nonevm.battleb0t.xyz45.131.109.53
2023-05-12 03:10:01Affiliate - Internet NameNoDNS Resolver1040Noneexpressdryclean.gr165.232.113.95
2023-05-12 03:23:13Open TCP PortNoPulsedive0030None188.114.96.2:8080188.114.96.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneChicoWLAN (Net ID: 00:0C:F6:4A:CA:EE)50.8897, 6.0563
2023-05-12 02:44:03Domain NameNoSpiderFoot UI72000Nonebattleb0t.xyz"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 02:56:57Internet NameNoDNS Resolver0030Nonewww.ayhu.xyz{'webSearchUrl': u'https://www.google.com/search?q=site:www.ayhu.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://www.ayhu.xyz/']}
2023-05-12 02:57:36Vulnerability - CVE MediumYesTool - testssl.sh0210NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.battleb0t.xyz
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.185): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:8880104.21.71.14
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:47:18SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 19:07:11 2023 GMT Not After : Apr 2 19:07:10 2023 GMT Subject: CN=files.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64: a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73: 63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50: e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72: aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77: e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11: 32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7: 52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7: 67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df: 54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae: 0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50: ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52: 06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8: 47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d: cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a: c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59: da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43: 38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40: b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4: 82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71: 31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33: 62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9: 68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0: ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21: 2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f: e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f: 58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3: bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f: 4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33: 84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f: 42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce: 0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c: ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df: 19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4: 12:1c:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:files.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption a4:32:cf:fb:d0:39:6f:82:9d:3d:67:37:3f:48:f2:83:df:47: 98:e5:77:f3:9a:cd:58:51:2e:5a:16:d2:ce:bc:15:65:21:f4: b5:cd:b9:a9:fc:60:96:b4:37:b9:74:53:b0:08:d4:20:ed:ae: 46:30:5b:a1:40:1f:06:63:e8:b7:fd:a2:ae:46:43:12:c8:ec: 2c:fa:7e:4b:40:c3:e4:67:1b:d3:d7:35:70:63:9c:ea:59:e2: 5e:8f:9c:90:71:11:63:91:74:8d:0a:52:eb:ba:46:9f:f2:39: 5e:39:b2:09:76:41:0d:cb:d5:f3:3a:f2:81:99:14:13:be:9e: 11:ee:36:84:20:eb:dd:4f:6f:09:26:c0:62:74:10:aa:4d:74: 78:55:cd:0b:48:ce:19:77:6a:83:ea:d3:9f:49:7a:b9:c9:a9: 5b:95:9e:95:d8:54:4a:32:2e:c5:80:7d:32:ed:ad:ce:47:be: 97:bd:cb:d5:bd:1a:9f:ae:43:9a:14:6a:a0:5c:07:02:ab:55: 27:d1:6c:76:e5:b8:24:cd:b9:7c:e4:e2:4c:26:e7:40:31:8a: 19:ba:6f:75:c4:40:35:3a:93:76:52:b7:ca:0b:0f:f0:2a:8f: ea:7f:1f:0f:0d:e6:80:25:29:5f:a8:34:cc:8b:fd:62:68:85: 22:2f:1a:a7 battleb0t.xyz
2023-05-12 02:54:18Linked URL - ExternalNoWeb Spider8030Nonehttps://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.jshttps://pics.battleb0t.xyz/
2023-05-12 03:33:14Physical LocationNoipstack0030NoneGermany45.131.109.53
2023-05-12 03:32:13Open TCP PortNoPulsedive0030None188.114.97.7:8443188.114.97.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneConnectionPoint (Net ID: 00:01:E3:4A:9F:48)52.3759, 4.8975
2023-05-12 02:54:56SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 24 04:50:12 2023 GMT Not After : Jul 23 04:50:11 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8: 3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1: dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6: a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b: 57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14: 5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e: 22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56: d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e: 20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b: 1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7: e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4: c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d: b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0: 4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51: be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49: cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed: d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c: 27:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 24 05:50:12.941 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:BE:39:54:A0:5F:1F:10:03:FA:09:8D: D3:C7:7F:B5:EC:4B:30:F5:03:1A:D7:13:A5:C5:6A:89: 4C:4A:74:89:42:02:20:3C:6C:13:51:09:EB:20:0E:F2: 03:2C:A0:FE:54:7F:4D:57:F9:31:F5:F6:A8:0E:A0:F4: B8:E3:3B:F1:51:CA:99 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Apr 24 05:50:12.949 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:96:8C:23:92:33:C0:50:69:A0:CE:CA: 6D:EC:41:72:0F:3A:22:55:7C:E8:C6:CE:65:0C:82:C6: DB:89:9C:D5:92:02:20:1D:BC:82:99:B2:08:47:68:A7: 19:FE:0E:66:64:BD:7B:34:35:F5:43:E0:B0:AB:08:2C: AC:E8:D7:78:E2:75:5B Signature Algorithm: sha256WithRSAEncryption 75:8f:29:3b:d2:d8:ae:b2:42:be:ce:1d:92:6f:bf:ef:e4:4b: a2:cc:9b:be:a2:6d:3e:79:03:58:39:62:e5:65:53:10:d9:48: 8b:b1:f6:05:b6:b7:52:53:28:4f:2a:d3:20:18:d0:2e:42:4c: 67:b2:a5:67:d1:32:90:9c:d4:e9:3e:c7:a3:6d:7e:19:cf:59: bf:8e:eb:b2:ef:a8:35:56:cf:4d:12:32:f0:20:aa:e3:fa:5b: 67:0e:ad:7e:fd:aa:d9:0f:00:58:c4:8a:ff:28:e3:56:39:39: d5:d5:6e:f4:82:09:ef:eb:ef:8d:10:bb:e4:fd:d3:df:7f:82: 4d:1e:9a:8e:07:b9:a2:ea:90:75:6d:88:35:45:32:5e:ef:d2: 88:82:4a:b0:57:e7:ca:c5:b0:4c:c5:d9:46:e9:84:e0:a2:96: ca:c7:58:f8:26:23:6c:6a:c5:da:2f:19:ae:92:37:d6:01:ed: da:39:aa:b3:fd:16:7a:3d:70:fe:30:a6:ba:a8:b4:33:13:8f: 50:9b:26:ec:34:68:cd:89:95:9d:6e:0f:b9:d7:5a:5c:dd:74: 3c:28:62:ab:d4:9a:31:85:d4:70:2a:24:9e:4b:82:ea:21:71: d0:be:45:d1:a2:3f:85:e3:48:93:ac:6c:fe:38:a0:23:13:14: 9d:51:cb:62 battleb0t.xyz
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/random_6.PNGhttps://funny.battleb0t.xyz/
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+74955801111Domain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneWoonkamer extra (Net ID: 00:0C:F6:5C:D4:54)50.8897, 6.0563
2023-05-12 02:50:59Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://asbrii.github.io/Netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://asbrii.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://asbrii.github.io/Netflixclone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c6c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_c6c_ConnHashTable<3180>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c6c_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c6c_IE_EarlyTabStart_0xd60_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c6c_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_c6c_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3180"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"asbrii.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "2_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "2_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003180]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF251D14D70A3CF7CA.TMP" has type "data"- Location: [%TEMP%\\~DF251D14D70A3CF7CA.TMP]- [targetUID: 00000000-00003180]\n "~DF182BBFB15AE7FA7B.TMP" has type "data"- Location: [%TEMP%\\~DF182BBFB15AE7FA7B.TMP]- [targetUID: 00000000-00003180]\n "~DFFF3ED2155B95DC4E.TMP" has type "data"- Location: [%TEMP%\\~DFFF3ED2155B95DC4E.TMP]- [targetUID: 00000000-00003180]\n "~DF695BC770569E5886.TMP" has type "data"- Location: [%TEMP%\\~DF695BC770569E5886.TMP]- [targetUID: 00000000-00003180]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "gc_1_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._6181050B-EF98-11ED-B78E-080027114090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6181050D-EF98-11ED-B78E-080027114090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_683852A4-EF98-11ED-B78E-080027114090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "urlref_httpsasbrii.github.ioNetflixclone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "WMG50FG8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WMG50FG8.txt]- [targetUID: 00000000-00003180]\n "7VVH3I4B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7VVH3I4B.txt]- [targetUID: 00000000-00003180]\n "7OKH26QO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7OKH26QO.txt]- [targetUID: 00000000-00003180]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "C2QFW8PG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C2QFW8PG.txt]- [targetUID: 00000000-00003180]\n "0JWEZKR8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JWEZKR8.txt]- [targetUID: 00000000-00003180]\n "RP5TI3KC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RP5TI3KC.txt]- [targetUID: 00000000-00003180]\n "S0QLJ7QP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S0QLJ7QP.txt]- [targetUID: 00000000-00003180]\n "Netflixclone_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://asbrii.github.io/Netflixclone/"\n Pattern match: "https://asbrii.github.io"\n Pattern match: "https://asbrii.github.io/Netflixclone"\n Pattern match: "OqC.jAG/4W^Ah\'AtW5"\n Pattern match: "SUIDmicrosoft.com/9216277184358431032346166895971631032229MUID1037C11BAE9D67762C40D215AFD1661Bmicrosoft.com/1025290433280031110700166895971631032229_EDGE_Vmicrosoft.com/9216290433280031110700166911596631032229SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216277184358431032346166895971631032229MUID1037C11BAE9D67762C40D215AFD1661Bmicrosoft.com/1025290433280031110700166895971631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/9216277184358431032346166895971631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mi"\n Pattern match: "9216290433280031110700167224096631032229MUID07FB17B7DC71633514C204B9DD3D6245msn.com/1025290433280031110700167224096631032229"\n Pattern match: "MUIDB1037C11BAE9D67762C40D215AFD1661Bieonline.microsoft.com/9216290433280031110700166895971631032229"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025379775232031068455167224096631032229"\n Pattern match: "SUIDMmicrosoft.com/9216277184358431032346166895971631032229*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "SUIDMmicrosoft.com/9216277184358431032346166895971631032229*MUID1037C11BAE9D67762C40D215AFD1661Bmicrosoft.com/1025290433280031110700166895971631032229*_EDGE_V1microsoft.com/9216290433280031110700166911596631032229*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "isdomainmigratedtruewww.msn.com/102537977523203106845516722409663103185.199.108.153
2023-05-12 03:01:33Raw Data from RIRsNoTool - WhatWeb1020None[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://www.ayhu.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://www.ayhu.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.6.166']}}}, {}]www.ayhu.xyz
2023-05-12 03:31:32Affiliate - Email AddressNoE-Mail Address Extractor0060Noneb7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Domain Name: ECASH-PAY.COM Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15Z Creation Date: 2021-04-26T06:58:38Z Registry Expiry Date: 2024-04-26T06:58:38Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: ecash-pay.com Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15.08Z Creation Date: 2021-04-26T06:58:38.00Z Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:51:56Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'Curated Live Sessions Preview.htm', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f98_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f98_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f98_ConnHashTable<3992>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"\n "IsoScope_f98_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f98_IE_EarlyTabStart_0x9a8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f98_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "142.250.191.74:443"\n "185.199.108.153:443"\n "207.58.149.159:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"queryfibre.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "mastermanpublications.com"\n "query.prod.cms.msn.com"\n "queryfibre.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003992]\n "slps_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00003992]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "CabD0C8.tmp" has type "data"- Location: [%TEMP%\\CabD0C8.tmp]- [targetUID: 00000000-00002780]\n "splice_1_.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003992]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "~DF4D711661B7A04B97.TMP" has type "data"- Location: [%TEMP%\\~DF4D711661B7A04B97.TMP]- [targetUID: 00000000-00003992]\n "~DF4E28665F3A902F14.TMP" has type "data"- Location: [%TEMP%\\~DF4E28665F3A902F14.TMP]- [targetUID: 00000000-00003992]\n "~DF143E17619557CCD4.TMP" has type "data"- Location: [%TEMP%\\~DF143E17619557CCD4.TMP]- [targetUID: 00000000-00003992]\n "~DF4659A31BF6BFFA2F.TMP" has type "data"- Location: [%TEMP%\\~DF4659A31BF6BFFA2F.TMP]- [targetUID: 00000000-00003992]\n "~DF30EEA2AB51846FC9.TMP" has type "data"- Location: [%TEMP%\\~DF30EEA2AB51846FC9.TMP]- [targetUID: 00000000-00003992]\n "_E0E36BB9-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "RecoveryStore._E0E36BB7-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_E9939342-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_9005BE62-EDB0-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002780]\n "4QKL12T1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4QKL12T1.txt]- [targetUID: 00000000-00003992]\n "FDR3QYMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FDR3QYMD.txt]- [targetUID: 00000000-00003992]\n "6JPHIXX5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JPHIXX5.txt]- [targetUID: 00000000-00003992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "search_1_.json" has type "JSON data"- [targetUID: 00000000-00003992]\n "splice_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: 00000000-00003992]\n "ZN7JGHLC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZN7JGHLC.txt]- [targetUID: 00000000-00003992]\n "CAGRGPOL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CAGRGPOL.txt]- [targetUID: 00000000-00003992]\n "UIT1QO2U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UIT1QO2U.txt]- [targetUID: 00000000-00003992]\n "W8PZ9GMH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W8PZ9GMH.txt]- [targetUID: 00000000-00003992]\n "CabBAEC.tmp" has type "data"- Location: [%TEMP%\\CabBAEC.tmp]- [targetUID: 00000000-00002780]\n "CabBACB.tmp" has type "data"- Location: [%TEMP%\\CabBACB.tmp]- [targetUID: 00000000-00002780]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "urlref_httpqueryfibre.github.iov4splice.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'HTTPS traffic to "142.250.191.74" on port "443"\n HTTPS traffic to "185.199.108.153" on port "443"185.199.108.153
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None#LG@Vo1P*Service& (Net ID: 00:01:36:26:BA:43)34.0544, -118.244
2023-05-12 02:53:56Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America2606:50c0:8001::153
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Nonesntrup761x25519-sha512@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 02:59:51Affiliate - Email AddressNoE-Mail Address Extractor0030Nonerobert@broofa.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&amp;hl=en-US&amp;client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneOpen-source software hosting facilitiescdn-185-199-111-153.github.com
2023-05-12 02:48:07SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:54:05 2023 GMT Not After : Apr 27 17:54:04 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67: cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd: e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8: eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c: 24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb: 60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb: c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68: 44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3: 2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18: 80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e: 56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de: 27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef: 5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32: a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36: 4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68: 6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20: a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68: 7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52: c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db: 33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee: 82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb: 57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73: d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43: a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7: 6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e: 2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81: d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b: 69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92: c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b: 3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6: ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd: f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5: 32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78: 94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4: ad:de:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 15:ef:a6:fd:ef:21:53:78:53:f6:e6:7d:e0:a9:be:9a:f4:2a: f3:6b:f8:45:b0:1e:92:39:ea:7f:20:4e:9d:7e:15:34:36:61: 5c:46:2f:03:80:59:84:da:ef:66:78:da:e7:b0:f0:dc:e6:6a: c6:b2:06:d7:47:db:11:48:d1:1f:c9:fd:2b:78:20:9d:86:11: 3b:e4:51:10:b8:54:d7:6e:6f:db:ce:56:14:fa:f5:79:05:a8: 02:0b:cb:0a:18:31:3a:e9:dd:4b:c7:d7:53:e4:2f:bc:37:98: 11:c7:a5:55:7f:64:7e:ee:5a:1d:86:0e:38:0c:bd:8e:2a:bd: 3e:16:9b:63:5f:9f:06:9d:58:f3:3d:71:94:e6:c1:49:68:5e: 41:22:f6:d4:2e:f7:b9:62:b8:3b:2f:c1:c6:66:8c:a7:82:e0: 40:ef:66:13:cd:53:80:bc:ca:bc:49:c0:67:81:c8:1d:d8:f5: 37:5a:da:e3:56:36:cd:fd:cb:00:ce:97:33:4d:b7:29:cd:90: 4e:43:37:62:d7:92:39:fa:36:a2:59:0a:4f:35:fa:8e:5a:01: 29:c9:4e:6f:ae:1d:31:a2:f5:71:7f:a1:e1:58:17:ea:74:b0: 26:53:2b:a4:97:e8:9a:a1:10:a9:a5:e1:7b:21:18:15:30:ae: dd:15:ba:8d battleb0t.xyz
2023-05-12 02:44:05SSL Certificate ExpiringYesCertSpotter0010None2023-05-25 03:05:10battleb0t.xyz
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneUTAAPC (Net ID: 00:02:6F:35:38:63)37.7642, -122.3993
2023-05-12 02:44:27Web TechnologyNoTool - Wappalyzer0020NoneExpressnwapi.battleb0t.xyz
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneBookcrossing (Category: hobby) https://www.bookcrossing.com/mybookshelf/AltpapierAltpapier
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneomniblock (Net ID: 00:09:5B:E9:6B:D6)33.6170672,-111.90564645297056
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.254): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c55c7e88fa82340-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.6.166
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneWLAN_HS (Net ID: 00:01:E3:41:FA:3E)50.1188, 8.6843
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Noneclownleo (Net ID: 00:02:CF:AF:25:7D)40.2024, 29.0398
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX551552560 (Net ID: 00:01:E3:55:25:60)52.3759, 4.8975
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneKEIL (Net ID: 00:01:38:A5:B3:D3)37.7642, -122.3993
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneAIRTIES_RT-205 (Net ID: 00:1A:2A:02:E8:38)40.2024, 29.0398
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-mitigated: challenge{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:46:41Physical LocationNoFraudguard0030NoneUnited States, South Carolina, North Charleston104.196.30.220
2023-05-12 02:49:19SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 25 01:39:25 2023 GMT Not After : May 26 01:39:24 2023 GMT Subject: CN=battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:battleb0t.xyz, DNS:www.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 0a:22:b1:e9:af:d4:a9:74:88:84:74:c6:0c:06:4e:88:44:eb: 3d:8b:ff:0f:67:9b:d9:59:64:93:86:9d:3a:67:d2:a0:3e:52: 6d:1c:e7:15:10:f3:f5:51:a1:19:bc:c1:17:81:af:6e:00:02: 2c:2b:94:b9:a1:29:49:0c:d6:a8:59:00:4b:47:60:f7:bf:4d: a5:8e:dc:6c:e7:62:2f:6e:45:28:27:5d:0b:af:59:e7:df:13: 7b:cf:b2:a2:da:32:8d:b4:3a:0a:9a:bf:a9:4a:e7:ca:7c:b6: 03:94:66:c9:f3:4e:8b:df:cb:62:a9:c2:05:d7:41:e7:96:0d: 2f:fd:52:d1:77:82:07:ba:c9:49:53:9d:54:ee:70:d1:90:b1: a3:cc:e7:9c:0c:45:e3:02:85:7d:b0:fb:ec:d0:7e:53:65:3b: df:c8:91:a1:21:7f:e2:6c:76:54:71:ce:4e:bd:b9:b8:30:a1: c2:bc:22:2f:5c:87:b2:76:87:ed:5e:2b:71:c5:82:1c:b7:14: 13:1b:f2:3d:0c:ee:c2:59:8f:7f:d2:9f:b0:78:9f:80:1f:ba: 8b:65:58:fc:3c:40:e8:02:39:06:f7:24:58:38:34:e0:0d:b2: 2e:8a:82:16:b9:ac:3d:73:4d:68:a6:f4:81:4c:48:22:6d:44: 3e:f3:16:30 battleb0t.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None101 (Net ID: 00:01:03:79:27:12)34.0544, -118.244
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneWikidot (Category: social) http://www.wikidot.com/user:info/loginlogin
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.13634.148.97.127
2023-05-12 02:44:14Co-Hosted SiteNoSSL Certificate Analyzer0120Nonenetlify.apppics.battleb0t.xyz
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [010916hao.github.io] https://www.openphish.com/feed.txt010916hao.github.io
2023-05-12 03:32:18Malicious AffiliateYesabuse.ch0140Noneabuse.ch URLhaus (Domain) [cdn-185-199-108-154.github.com] https://urlhaus.abuse.ch/downloads/csv_recent/cdn-185-199-108-154.github.com
2023-05-12 02:44:18Open TCP PortNoSSL Certificate Analyzer0020None185.199.110.153:443185.199.110.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneChamsko (Category: images) https://www.chamsko.pl/profil/loginlogin
2023-05-12 03:00:55Co-Hosted SiteNoHackerTarget2020None00indahouse.github.io185.199.111.153
2023-05-12 02:44:30Software UsedYesTool - Wappalyzer0020NonejQuerypics.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:BB:17:A7)33.6170672,-111.90564645297056
2023-05-12 03:10:12Malicious IP on Same SubnetYesVoIPBL OpenPBX IPs0030NoneVOIPBL Publicly Accessible PBX List [172.67.128.0/20] http://www.voipbl.org/update172.67.128.0/20
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:04:5A:F9:8E:4E)33.336199,-111.89446440830702
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5a3c76a8562af2-ORD 188.114.97.1
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneMonkeytown (Net ID: 00:02:2D:29:53:67)37.7642, -122.3993
2023-05-12 03:24:47CountryNoCountry Name Extractor0030NoneUnited StatesSan Francisco (South Beach), California, 94107, United States, North America
2023-05-12 03:36:20Open TCP PortNoPulsedive0030None188.114.97.128:443188.114.97.0/24
2023-05-12 02:54:22HTTP Status CodeNoWeb Spider0120None403www.ayhu.xyz
2023-05-12 02:54:22Linked URL - ExternalNoWeb Spider2040Nonehttps://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3Dhttps://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=oldfluid.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:31:31Affiliate - Email AddressNoE-Mail Address Extractor0070Noneabuse@web.com Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:40:26Z Creation Date: 2018-06-27T20:51:35Z Registry Expiry Date: 2024-06-27T20:51:35Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:41:04Z Creation Date: 2018-06-27T20:51:35Z Registrar Registration Expiration Date: 2024-06-27T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32256 Registrant Country: US Registrant Phone: +1.5707088622 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Admin ID: Admin Name: PERFECT PRIVACY, LLC Admin Organization: Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Admin City: Jacksonville Admin State/Province: FL Admin Postal Code: 32256 Admin Country: US Admin Phone: +1.5707088622 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Tech ID: Tech Name: PERFECT PRIVACY, LLC Tech Organization: Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Tech City: Jacksonville Tech State/Province: FL Tech Postal Code: 32256 Tech Country: US Tech Phone: +1.5707088622 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned Registrar Abuse Contact Email: domain.operations@web.com Registrar Abuse Contact Phone: +1.8777228662 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en This listing is a Network Solutions Private Registration. Mail correspondence to this address must be sent via USPS Express Mail(TM) or USPS Certified Mail(R); all other mail will not be processed. Be sure to include the registrant's domain name in the address. The data in Networksolutions.com's WHOIS database is provided to you by Networksolutions.com for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. Networksolutions.com makes this information available "as is," and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; or (2) enable high volume, automated, electronic processes that apply to Networksolutions.com (or its systems). The compilation, repackaging, dissemination or other use of this data is expressly prohibited without the prior written consent of Networksolutions.com. Networksolutions.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
2023-05-12 02:56:55Internet NameNoDNS Resolver0030Nonenuke.battleb0t.xyz<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>nuke.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:20 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">nuke.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html>
2023-05-12 03:09:43Affiliate - Internet NameNoDNS Resolver0040None120.97.148.34.bc.googleusercontent.com34.148.97.120
2023-05-12 02:54:15Linked URL - ExternalNoWeb Spider0030Nonehttps://stackedit.io/style.csshttps://nwapi2.battleb0t.xyz/
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.72): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:24:22HTTP HeadersNoWeb Spider10040None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"}https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA
2023-05-12 02:45:35Raw DNS RecordsNoDNS Raw Records0020Nonepics.battleb0t.xyz. 300 IN CNAME frabjous-lebkuchen-324004.netlify.app.pics.battleb0t.xyz
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0130NoneNetlify{"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:53:07 GMT", "x-nf-request-id": "01H06Y2Y8V02FJ2S9V869KY74K", "content-type": "text/html; charset=UTF-8", "age": "73"}
2023-05-12 02:53:56Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: FA9A:7823:2111191:32C49C6:645C9D43 Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-chi-kigq8000156-CHI X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683791171.466843,VS0,VE24 Vary: Accept-Encoding X-Fastly-Request-ID: c2c6815651c463b5fe5f6c442c782301daedbf1f 2606:50c0:8001::153
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneRoom 204 (Net ID: 00:02:2D:1C:33:A5)33.617190550339146,-111.90827887019054
2023-05-12 03:09:42Affiliate - Internet NameNoDNS Resolver0040None119.97.148.34.bc.googleusercontent.com34.148.97.119
2023-05-12 02:54:27Netblock IPv6 MembershipNoCensys0040None2600:1f18:2000::/352600:1f18:2489:8202::c8
2023-05-12 02:44:12Co-Hosted Site - Domain NameNoSSL Certificate Analyzer2020Nonecloudwaysapps.comkekw.battleb0t.xyz
2023-05-12 02:46:54Internet Name - UnresolvedNoDNS Resolver0020Noneteamcity.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 2 18:58:42 2023 GMT Not After : Apr 2 18:58:41 2023 GMT Subject: CN=teamcity.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14: 5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b: 41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b: 33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24: ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01: 86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a: 0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a: 65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c: 6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17: e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6: 98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8: 23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab: 09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a: c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d: d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98: 24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6: 92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04: 34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91: 0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09: 06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a: 1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f: 89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff: 51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d: f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98: 01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0: 57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e: ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11: 80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a: 7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03: 7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47: 4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d: bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d: be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33: 70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58: 32:f9:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:teamcity.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 27:d3:d1:3f:37:d1:a6:d4:dd:5d:21:63:b2:ea:b4:66:27:a6: fc:15:e2:cd:f0:1a:81:1d:a4:76:d3:26:d6:1f:73:ac:91:e9: 1b:30:5e:03:57:a4:78:5c:1c:9b:32:48:a5:13:6e:fe:4d:2c: ca:7f:a2:ec:c6:08:67:8d:10:3f:b8:48:53:9b:ab:31:8a:39: 5b:be:de:39:48:27:70:4b:53:85:35:c6:dd:69:ba:94:7b:fe: 33:d6:dc:3e:93:fb:07:c5:1d:2d:db:7b:81:84:0d:f1:31:75: 81:6c:52:e8:a4:f2:94:95:1d:51:50:82:97:37:d5:63:3a:17: d6:47:90:48:19:2f:01:55:5c:4e:50:b0:6b:36:d6:b3:1f:43: 62:1c:b5:b3:7c:5c:47:78:0f:ba:ae:0b:44:f3:88:f9:26:67: 58:1c:81:8c:05:40:88:56:f9:30:44:64:32:06:0f:52:c3:de: 74:23:e1:51:9e:b3:c2:ea:ae:7b:71:42:02:db:c3:89:ea:af: b4:cd:24:fe:07:e3:e4:d4:76:9d:9d:ea:3f:83:76:ca:50:69: 73:c4:c1:63:b7:2e:f4:26:47:bc:f1:48:fa:81:d9:4e:df:bc: 18:e1:6a:4b:93:17:ed:e0:1a:a0:b0:88:53:7e:d3:8b:c4:7a: 7e:4b:d4:44
2023-05-12 02:56:56Internet NameNoDNS Resolver0040Nonepanel.battleb0t.xyz{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:59:8F:D2)33.336199,-111.89446440830702
2023-05-12 03:09:48Affiliate - Internet NameNoDNS Resolver0040None73.170.74.34.bc.googleusercontent.com34.74.170.73
2023-05-12 03:12:54Raw Data from RIRsNonumverify0030None{u'international_format': u'+14806242599', u'local_format': u'4806242599', u'number': u'14806242599', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'}+14806242599
2023-05-12 03:10:33Malicious IP AddressYesThreat Jammer0130NoneThreat Jammer - Risk score: 50 (MEDIUM) https://threatjammer.com/info/46.101.229.7046.101.229.70
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneADVFN (Category: finance) https://uk.advfn.com/forum/profile/loginlogin
2023-05-12 02:58:36Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 20, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.starken.cl%2Fseguimiento%3Fcodigo%3D976955409&data=05%7C01%7CAGUSTIN.CABANAS%40ryq.cl%7Cd5bb06f3f0e24a7e402f08dabd0a09df%7Cd73e0ff8a9b1476daf0d80919bec2d15%7C0%7C0%7C638030148103130329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=aS0OhZAdgz7U62lYmGJ67qipFvIBuqjqn4WcYGqbdtE%3D&reserved=0', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7748:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:6612:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:6612:120:WilError_01"\n "Local\\SM0:7748:304:WilStaging_02"\n "Local\\SM0:7748:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7748:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1576:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn-widgets.chattigo.com"\n "config-global.chattigo.com"\n "widgets-static.embluemail.com"\n "www.starken.cl"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.47.70.28:443"\n "164.77.137.103:443"\n "13.33.165.98:443"\n "104.17.25.14:443"\n "142.251.33.104:443"\n "99.86.63.17:443"\n "172.67.69.11:443"\n "200.27.212.183:443"\n "200.27.212.168:443"\n "142.251.215.226:443"\n "35.186.248.98:443"\n "142.251.211.238:443"\n "34.74.170.74:443"\n "74.125.195.157:443"\n "34.73.43.54:443"\n "142.250.69.195:443"\n "52.217.75.116:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7748_1643452734\\Part-RU]- [targetUID: 00000000-00007748]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Local Storage\\leveldb\\000003.log]- [targetUID: 00000000-00007748]\n "f_00024d" has type "gzip compressed data max compression original size modulo 2^32 52913"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00002432]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators with escape sequences"- Location: [%TEMP%\\7748_1128813663\\auto_open_controller.js]- [targetUID: 00000000-00007748]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7748_1643452734\\Part-RU]- [targetUID: 00000000-00007748]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007748]\n "f_00023e" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00002432]\n "crl-set" has type "data"- Location: [%TEMP%\\7748_1017108014\\crl-set]- [targetUID: 00000000-00007748]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "ASCII text with very long lines"- [targetUID: N/A]\n "3c873542b3913305_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\3c873542b3913305_0]- [targetUID: 00000000-00007748]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 72632"- [targetUID: N/A]\n "457f0037-2472-46a8-8c84-b39a4b67fad0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\457f0037-2472-46a8-8c84-b39a4b67fad0.tmp]- [targetUID: 00000000-00007748]\n "f198b674a1db45f1_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f198b674a1db45f1_0]- [targetUID: 00000000-00007748]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007748]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007748]\n "cb81b4a6f2aa0f50_0" has type "data"- [targetUID: N/A]\n "8c752ed8fcbfc2ab_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\8c752ed8fcbfc2ab_0]- [targetUID: 00000000-00007748]\n "1e9e77c7-d679-4ce9-a725-3894fdca913a.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\1e9e77c7-d679-4ce9-a725-3894fdca913a.tmp]- [targetUID: 00000000-00007748]\n "11482c34e7a8250b_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\11482c34e7a8250b_0]- [targetUID: 00000000-00007748]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007748]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.starken.cl%2Fseguimiento%3Fcodigo%3D976955409&data=05%7C01%7CAGUSTIN.CABANAS%40ryq.cl%7Cd5bb06f3f0e24a7e402f08dabd0a09df%7Cd73e0ff8a9b1476daf0d80919bec2d15%7C0%7C0%7C638030148103130329%7"\n Pattern match: "https://nam10.safelinks.protection.outlook.com"\n Heuristic match: "cdn-widgets.chattigo.com"\n Heuristic match: "config-global.chattigo.com"\n Heuristic match: "widgets-static.embluemail.com"\n Pattern match: "www.starken.cl"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\7748_1128813663\\auto_open_controller.js]- [targetUID: 00000000-00007748]\n Dropped file: "shopping.js" - Location: [%TEMP%\\7748_1128813663\\shopping.js]- [targetUID: 00000000-00007748]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\7748_1643452734\\adblock_snippet.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\7748_1128813663\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007748]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\7748_1128813663\\shopping_iframe_driver.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\7748_1128813663\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007748]\n Dropped file: "product_page.js" - Location: [%TEMP%\\7748_1128813663\\product_page.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_driver.js" - Location: [%TEMP%\\7748_1128813663\\edge_driver.js]- [targetUID: 00000000-00007748]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\7748_1128813663\\shoppingfre.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\7748_1128813663\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007748]'}, {u'category': u'Unusual Characteristics', u'origin': u'Network Traffic', u'identifier': u'network-18', u'name': u'Contacts Mail Related Domain Names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'"widgets-static.embluemail.com" is probably a mail server'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7748_1643452734\\Part-RU]- [targetUID: 00000000-00007748]'}, {u'category': u'Spy34.74.170.74
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonebilikom (Net ID: 00:14:C1:0F:F1:FC)40.2024, 29.0398
2023-05-12 02:54:14Web ContentNoWeb Spider1020None<!DOCTYPE html> <html> <iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> </html> kekw.battleb0t.xyz
2023-05-12 02:44:16Co-Hosted SiteNoSSL Certificate Analyzer0020Nonewww.github.com185.199.111.153
2023-05-12 03:01:15Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.136): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:13BGP AS MembershipNoCensys0040None133352606:4700:3030::ac43:a8fc
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecf-ray: 7c5f6051f8c478df-EWR{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneVienna (Net ID: 00:09:5B:B1:9F:16)33.6170672,-111.90564645297056
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneGitHub Categorycdn-185-199-111-153.github.com
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX55155989E (Net ID: 00:01:E3:55:98:9E)52.3759, 4.8975
2023-05-12 03:32:15Open TCP PortNoPulsedive0030None188.114.97.8:8443188.114.97.0/24
2023-05-12 03:13:07Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00lt00.github.io] https://www.openphish.com/feed.txt00lt00.github.io
2023-05-12 03:33:39Raw File Meta DataNoBinary String Extractor0040NoneeKE>Q RQEA< QEQAE G$rG$ Z?xV _2H- -EEO1AE e.coC ?wX3 QE_1< QEhO0QE QEAAE rGDpyt cv>myz kPIiG X?wV< \u2v5 Qc>ft1 TtV@I iY>eI OYIXf QPO0QE P_0QK 2 ?w' yrW'< Au$rV7: eirlI GZrGQ ?wXRx iVv5: DrTty eIAv$ QsRz< rVw6J G$uCU yJrGU$ kweG$ vGCDoU rI$wwq MQIIL u<rT4 P"ZO2 lkGRy O<rGi >:e>:9L Uy?wF <rOk$ WrXjPA eii:< rTr_i EST4U O1Pfg kG$u< QEKA!E QQ-IJ66 2MJ9' DrTtP i$un< 4y 2>> ZIc$q wRk2G' drUE\ AuXPOS DtQA< iu$pO RJzQ$tP_1- DtQAAE -Q$U- fO0QE Cwkww WS/xw "J_2H \rU -d i7PZG XZi>e rT7qX O2M:O :eADT _1-EE j/"J_ T5/ x \ebnT v2Acu 0IZpI ?>?2J wU-rV tyubH -.Kx< 2I<rZ g\u2ld EEKE_1< 6g$cy \uBI?wPO< GDub:< "?.?>8 E6Ju! tIIA1 IRytyq _Gwq< rm6?"https://pics.battleb0t.xyz/images/nomnom.jpg
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+14806242598Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-cache-status: MISS{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"}
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneOfficewirelessnew (Net ID: 00:13:10:7F:DA:06)32.8608, -79.9746
2023-05-12 03:03:51Co-Hosted SiteNoThreatMiner0020Nonejames-gamboa.github.io185.199.110.153
2023-05-12 02:44:31IPv6 AddressNoDNS Resolver0030None2606:4700:3037::6815:470evscode.battleb0t.xyz
2023-05-12 02:44:28IP AddressNoDNS Resolver74020None35.229.48.116pics.battleb0t.xyz
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider2030Nonehttps://funny.battleb0t.xyz/images/reveloder.jpghttps://funny.battleb0t.xyz/
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneHOGWARTSSOWAW (Net ID: D4:B2:7A:F3:1A:42)37.751, -97.822
2023-05-12 02:55:15Operating SystemNoCensys0030NoneUbuntu Linux165.232.113.85
2023-05-12 02:55:21Open TCP Port BannerNoCensys0030NoneHTTP/1.1 404 Not Found Content-Length: 46 Content-Type: application/json; charset=UTF-8 Date: <REDACTED> Server: Caddy Vary: Origin X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block 207.154.228.169
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:61:24:2C)33.336199,-111.89446440830702
2023-05-12 02:54:20HTTP HeadersNoCensys0040None{"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Netlify"], "X_Nf_Request_Id": ["01H04BK0BS0X0MXB72Y8AY7JTF"], "Date": ["<REDACTED>"]}2600:1f18:2489:8200::c8
2023-05-12 03:23:11Open TCP PortNoPulsedive0030None188.114.96.1:443188.114.96.0/24
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 27 13:22:33 2023 GMT Not After : Jun 25 13:22:32 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad: 5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc: c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08: 31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f: 84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21: 8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e: 21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93: 90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad: 4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19: 7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0: a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5: 3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9: 5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97: a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98: 3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36: a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1: bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43: d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0: bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb: b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6: 8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5: ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57: a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f: 9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20: 00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5: d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62: 96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3: 1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d: 32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e: 25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2: 4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec: 53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2: 37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df: 2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57: 1c:e4:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Mar 27 14:22:33.221 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:4F:44:FF:23:78:0C:0A:43:E7:DD:21:00: C4:D1:3F:C3:F1:0D:AC:F3:42:E5:53:7F:E9:12:DC:C9: 41:E7:31:AA:02:20:29:7B:10:84:21:42:A6:BE:66:D5: B5:62:0E:26:B3:36:1B:B2:1F:F3:F6:F2:FA:99:68:0E: 07:72:EE:35:ED:D1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Mar 27 14:22:33.315 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:42:E7:DB:8E:AD:39:D9:72:0F:22:03:49: 17:50:EA:AF:42:B9:A0:A7:C7:8A:2E:5E:9D:4B:70:15: 12:36:C9:8C:02:20:70:3E:22:0D:CB:C1:8E:23:7B:D4: 20:A7:55:2C:92:70:7B:00:76:E5:77:1A:32:2B:D4:BB: A7:E5:BA:F4:CD:50 Signature Algorithm: sha256WithRSAEncryption 57:fc:9c:cc:34:05:33:b1:85:6f:05:be:91:2e:7e:dc:3a:5c: d5:70:d3:bc:68:4c:e5:a6:0e:93:49:4c:b2:24:ea:22:6c:53: 1d:7b:22:13:3e:ae:d1:e9:17:1e:71:5b:5a:e3:c7:59:55:db: f6:e5:0f:f7:75:49:45:9c:0b:d7:10:90:aa:9f:57:81:e1:bd: 95:72:69:1a:6a:68:d7:6f:63:d3:d0:c5:74:e1:f6:05:01:8e: de:8a:f2:cc:6b:66:ed:6a:cf:b9:08:1c:41:e7:01:36:39:29: 3c:ce:b9:d5:71:4f:4a:e1:92:00:38:14:85:83:1b:78:d3:52: 4d:9c:dc:62:c1:ff:3e:c9:3b:f4:1b:55:62:89:22:10:52:f5: 2f:09:06:3f:72:98:2a:6c:4f:3e:41:69:f0:90:3d:75:67:0f: 5f:95:04:35:0b:5e:5e:d4:29:7e:f0:df:9c:7f:86:0a:bf:f4: 66:2a:ad:8c:e5:22:e0:2d:ff:f7:04:45:a4:bb:31:8c:99:a5: 16:da:1d:eb:c6:c4:fa:e4:70:84:9c:c6:93:f8:76:5a:3a:48: 95:d4:c6:4d:4c:36:eb:b7:e5:52:69:e6:7d:0f:b5:d1:ab:44: b8:82:08:6c:6a:ef:3e:4f:de:99:6f:c7:4e:1e:39:17:26:6f: a6:80:e5:c2 battleb0t.xyz
2023-05-12 03:00:33Affiliate - Email AddressNoE-Mail Address Extractor0040Nonepelorriaga@insumetperu.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'172.67.128.152'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00002536-00000BCA-24571201\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00002536-00000BCA-24572342'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"e1.o.lencr.org"\n "facesupdates.com"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003436) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF57.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9e8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_9e8_IESQMMUTEX_0_303"\n "IsoScope_9e8_IESQMMUTEX_0_519"\n "IsoScope_9e8_IE_EarlyTabStart_0xd54_Mutex"\n "IsoScope_9e8_IESQMMUTEX_0_331"\n "IsoScope_9e8_ConnHashTable<2536>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2536"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "172.67.128.152:443"\n "23.32.45.191:80"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "CLXG2BM2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CLXG2BM2.txt]- [targetUID: 00000000-00002536]\n "CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabFF56.tmp]- [targetUID: 00000000-00000812]\n "BBB0B9C986171FE6F65C60CFDD8B124F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BBB0B9C986171FE6F65C60CFDD8B124F]- [targetUID: 00000000-00000812]\n "~DF71962694B43492EC.TMP" has type "data"- Location: [%TEMP%\\~DF71962694B43492EC.TMP]- [targetUID: 00000000-00002536]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002536]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "BE2B512E0EA306BAD5DC86CC33D62C85" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BE2B512E0EA306BAD5DC86CC33D62C85]- [targetUID: 00000000-00000812]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00000812]\n "93BCFOQ7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\93BCFOQ7.txt]- [targetUID: 00000000-00002536]\n "90MZUOV9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90MZUOV9.txt]- [targetUID: 00000000-00002536]\n "1B1495DD322A24490E2BF2FAABAE1C61" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\1B1495DD322A24490E2BF2FAABAE1C61]- [targetUID: 00000000-00000812]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002536]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002536]\n "9MS61IBX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9MS61IBX.txt]- [targetUID: 00000000-00002536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00000812]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e"- [Source: Input]\n Pattern match: "https://regclickonetwoget.com"- [Source: Input]\n Heuristic match: "e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgQibVTQK8A8W0dT8xq4Fb0ooQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "facesupdates.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /Tracede/animate.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:1
2023-05-12 02:46:16Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://kutumin.github.io/OSCP-notes/1.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2100:120:WilError_01"\n "Local\\SM0:5488:120:WilError_01"\n "SM0:5488:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:5488:304:WilStaging_02"\n "SM0:5488:120:WilError_01"\n "Local\\SM0:2100:304:WilStaging_02"\n "SM0:2100:120:WilError_01"\n "Local\\SM0:2100:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:2100:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2100:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2100:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2100:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.11.207:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "142.250.191.74:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002100]\n "bcd4e478c907a1db_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\bcd4e478c907a1db_0]- [targetUID: 00000000-00002100]\n "2723a038-a290-4c43-bb8c-08ee81821f60.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "f3b3874d-b7fd-4743-86c6-8a859ff983dd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f3b3874d-b7fd-4743-86c6-8a859ff983dd.tmp]- [targetUID: 00000000-00002100]\n "regex_patterns.json" has type "JSON data"- Location: [%TEMP%\\2100_1335449342\\regex_patterns.json]- [targetUID: 00000000-00002100]\n "Session_13324548215740340" has type "data"- [targetUID: N/A]\n "ef0b503b-889d-4eff-b1c3-91558919ec3f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ef0b503b-889d-4eff-b1c3-91558919ec3f.tmp]- [targetUID: 00000000-00002100]\n "b72ee2e9-deac-4a09-bd9f-b4338b5164a2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b72ee2e9-deac-4a09-bd9f-b4338b5164a2.tmp]- [targetUID: 00000000-00002100]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\2100_586202141\\LICENSE]- [targetUID: 00000000-00002100]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007100]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00002100]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\hyphen-data\\101.0.4906.0\\manifest.json]- [targetUID: 00000000-00002100]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\2100_2088247416\\deny_domains.list]- [targetUID: 00000000-00002100]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00002100]\n "9d9ecc22ec9f384e_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9d9ecc22ec9f384e_0]- [targetUID: 00000000-00002100]\n "ec01fe90-50b0-43d5-bfc3-bcc31d8c1af8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ec01fe90-50b0-43d5-bfc3-bcc31d8c1af8.tmp]- [targetUID: 00000000-00002100]\n "edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\edge_tracking_page_validator.js]- [targetUID: 00000000-00002100]\n "edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\\2100_1335449342\\edge_autofill_global_block_list.json]- [targetUID: 00000000-00002100]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\LOG]- [targetUID: 00000000-00002100]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n "192.168.241.233"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="&#x2a;",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://kutumin.github.io/OSCP-notes/1.html"\n Pattern match: ".github.io/_:__J__-1ct_;./1"\n Heuristic match: "code.jquery.com"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://kutumin.github.io"\n Heuristic match: "ku_umin.gi_hub.io"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "maxcdn.bootstrapcdn.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "kutumin.github.io/OSCP-notes/1.html"\n Heuristic match: "utumin.github.io"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\edge_tracking_page_validator.js]- [targetUID: 00000000-00002100]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\product_page.js]- [targetUID: 00000000-00002100]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\auto_open_controller.js]- [targetUID: 00000000-00002100]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002100]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\2100_586202141\\adblock_snippet.js]- [targetUID: 00000000-00002100]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\2100_1931342577\\shopping_iframe_driver.js]- [targetUID: 00000000-00002100]\n "edge_driver.js" has type185.199.111.153
2023-05-12 03:09:28SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:2b:20:f1:49:ce:17:59:bc:7b:39:e2:e2:fa:42:b1:cb:0c Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 15 16:29:54 2023 GMT Not After : Jul 14 16:29:53 2023 GMT Subject: CN=acilacikveteriner.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c7:ba:9d:2f:ad:0e:f2:f8:9e:5c:47:bb:79:38: f3:7c:d2:03:58:1b:12:06:b4:9c:86:5f:4c:31:08: 97:33:13:16:be:48:6a:55:ee:4e:d6:c5:23:53:75: a1:48:d1:dc:60:03:c5:b4:9c:18:71:b4:c9:f7:cc: d7:82:08:84:1d:47:f4:36:9b:65:58:31:ff:ed:94: b6:e5:56:64:9c:67:0e:0c:de:2b:30:a2:07:ee:75: 47:c5:5f:11:d1:53:0e:8f:da:28:98:3b:38:2e:08: 69:6c:c4:64:ae:8f:c9:f5:19:80:d1:e7:ec:e9:1f: 1b:7f:31:13:13:d9:ca:c5:a0:e4:2d:d1:eb:64:92: d6:2e:01:58:b8:f4:94:e5:87:37:22:41:1e:89:09: 32:89:e2:e9:ab:65:e1:e9:bd:3a:78:34:71:5a:05: bd:11:66:12:e7:3d:c0:6e:5c:a0:5b:7c:2f:ea:d3: 59:67:84:e5:94:8d:5d:c2:5d:0b:e9:31:10:a1:3e: fb:93:69:45:39:5a:bc:0b:ca:b1:2f:22:98:eb:71: ac:2c:8d:4c:d2:d8:e4:67:1e:91:f0:df:67:09:d3: 65:de:99:92:1f:00:6b:5a:51:7a:ea:61:bf:c6:25: 13:a2:d4:3f:ce:87:f5:99:96:3f:8d:32:cf:33:8d: 7d:cf Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 36:05:AF:4D:AA:A6:E5:D2:C1:C1:21:FE:0A:C4:94:94:AD:20:CD:9B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.acilacikveteriner.com, DNS:acilacikveteriner.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Apr 15 17:29:54.589 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:32:B4:07:60:D0:7B:AD:A1:AA:39:A0:33: 2C:4B:E1:77:83:1E:CE:A9:33:24:C8:65:7F:DF:53:65: 4B:41:42:18:02:21:00:FD:74:81:46:18:34:69:3F:14: 99:39:D8:31:BD:1B:5A:70:F3:78:90:AF:AD:75:83:08: C2:10:05:66:CF:28:68 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Apr 15 17:29:54.608 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:A2:44:92:76:0B:30:A4:08:87:F8:F5: 33:F4:63:45:0C:49:83:2B:1A:52:DE:63:4A:85:9F:D2: 1A:1A:B8:B4:91:02:20:54:D8:11:BC:56:5E:73:20:60: D4:CE:A7:0A:61:CF:DB:E2:3D:EE:A9:90:BC:A7:2E:FB: 55:B1:EE:11:E5:C7:45 Signature Algorithm: sha256WithRSAEncryption 3e:ae:14:0f:9c:c5:e0:11:98:98:31:9d:f3:e1:b4:c7:8a:a4: f3:58:c9:e0:a4:05:56:d1:f9:d0:a4:d6:04:9d:0b:f6:b3:35: fc:d2:7d:b4:11:05:af:75:bb:df:c2:14:e1:5b:2b:67:77:00: e8:0a:22:8e:f1:5c:6b:dd:54:2d:32:81:db:7d:17:bf:9e:02: e8:fe:8f:90:d6:80:45:fa:78:c9:ed:6a:db:0e:a3:ea:e8:74: 58:57:12:a1:5d:61:82:32:bc:ce:81:4f:81:b5:41:58:ef:85: 78:cc:7f:6f:ed:5a:0d:b0:9c:73:3f:51:f3:db:b8:4d:40:5f: df:88:13:b9:16:5d:51:5b:41:71:f3:fe:f9:65:1f:10:70:47: 3b:59:bf:17:0d:cf:cb:71:fc:53:d1:09:8d:77:ea:5e:49:75: b2:d9:dc:06:49:28:14:58:d2:5f:ea:d1:1b:59:2a:74:e1:24: 4f:0c:e0:62:0a:8a:6b:ea:fb:62:2f:01:c1:76:4f:99:ac:7b: d1:5a:a4:72:e4:af:bc:0a:c2:6f:91:1c:dc:76:42:49:80:d2: 4b:b7:5c:cd:e2:11:b1:a4:78:34:c3:be:8f:27:49:28:8d:93: b4:99:37:c8:78:d3:e9:55:fa:eb:2b:67:02:f6:c8:8c:50:e3: a4:08:c1:b9 87.248.157.102
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0050Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"}
2023-05-12 02:53:52Open TCP PortNoCensys0020None2606:50c0:8003::153:802606:50c0:8003::153
2023-05-12 02:54:20HTTP Status CodeNoWeb Spider0020None200funny.battleb0t.xyz
2023-05-12 02:57:17Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.196.254.27'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://christitus.com/win', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"r3.o.lencr.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_4d4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_4d4_ConnHashTable<1236>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_4d4_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_4d4_IESQMMUTEX_0_303"\n "IsoScope_4d4_IESQMMUTEX_0_331"\n "IsoScope_4d4_IE_EarlyTabStart_0xd68_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1236"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_4d4_ConnHashTable<1236>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.196.254.27:443"\n "23.62.46.138:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3F6F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3F4E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3F6E.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "Cab3F4D.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001236]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002492]\n "GSA12G7R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GSA12G7R.txt]- [targetUID: 00000000-00001236]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "3E324C193E3E3489256632ECA699B381" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\3E324C193E3E3489256632ECA699B381]- [targetUID: 00000000-00002492]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001236]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001236]\n "Cab3F6E.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab3F6E.tmp]- [targetUID: 00000000-00002492]\n "_9B5E0C66-351F-11ED-B467-080027B31D69_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00001236]\n "~DFC89EC8CB66FF456D.TMP" has type "data"- Location: [%TEMP%\\~DFC89EC8CB66FF456D.TMP]- [targetUID: 00000000-00001236]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001236]\n "Tar3F6F.tmp" has type "data"- Location: [%TEMP%\\Tar3F6F.tmp]- [targetUID: 00000000-00002492]\n "~DFB26C3774F79B80EF.TMP" has type "data"- Location: [%TEMP%\\~DFB26C3774F79B80EF.TMP]- [targetUID: 00000000-00001236]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://christitus.com/win"\n Pattern match: "https://christitus.com"\n Heuristic match: "r3.o.lencr.org"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMTRy5Br8YJ%2BjNLl7XccZpG%2BQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.196.254.27": ...\n\n URL: http://princepatel.co.uk/ (AV positives: 1/88 scanned on 09/15/2022 19:19:34)\n URL: http://connect-collabland.live/ (AV positives: 12/89 scanned on 09/15/2022 18:28:12)\n URL: https://heartfelt-clafoutis-7b5e35.netlify.app/ (AV positives: 13/88 scanned on 09/15/2022 16:06:16)\n URL: http://goldownloads.netlify.app/ (AV positives: 7/88 scanned on 09/15/2022 13:39:21)\n URL: https://www.gaam.games/ (AV positives: 1/88 scanned on 09/15/2022 12:17:17)\n File SHA256: 9855d6610d262f5c5ac33a4824ce6d6aff9434181e2925d2e8502f55e0f4ccc2 (AV positives: 9/75 scanned on 09/13/2022 23:52:30)\n File SHA256: 6fbdf58ac0a20649648d8b3f171ad22b5a0f75015f17f61cd9b7097a86841671 (AV positives: 22/75 scanned on 09/10/2022 23:18:07)\n File SHA256: 10eb6a8b65dc19a76287d777aa59dd82975f4af0a30f3493a4c67e21c064d0ad (AV positives: 19/75 scanned on 09/08/2022 20:19:43)\n File SHA256: f82a3a4736145f2bd6f7de2482a3df3b50006c44845bd68cee0bac92f6100c00 (AV positives: 24/75 scanned on 09/06/2022 23:11:08)\n File SHA256: 6f9c9c07baf531f437439e7ca85d184ad2aa50ac0fc19ae7df1a0200ee6662c1 (AV positives: 16/75 scanned on 09/02/2022 23:37:08)'}], u'threat_level': 0, u'size': None, u'job_id': u'632382935a368c0d7b2bad4c', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.196.254.27', u'23.62.46.138'], u'sha256': u'7df1a40eceecc8b444d042c1ffe4058ab057ba7b8d9023392e6fb5997947e311', u'sha512': u'373b179c3f0b56cb7fa16d1138be944e3b5a120dbb942cbd85859deb0a07d565b2016c6019a13c085ebcb57ca7c526564a4cd532c98275eaca701178b34ce00c', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://christitus.com/win', u'submission_id': u'632382935a368c0d7b2bad4d', u'created_at': u'2022-09-15T19:52:51+00:00', u'filename': None}], u'analysis_start_time': u'2022-09-15T19:52:51+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 9, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'e9630d6e2a4b4c8bcd263913cf4f0e98',35.229.48.116
2023-05-12 02:54:13HTTP HeadersNoWeb Spider10040None{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"}https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:9D:4C:90)33.617190550339146,-111.90827887019054
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.216): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:42Internet NameNoDNS Resolver0030Nonenwapi2.battleb0t.xyz[{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi2.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi2.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}]
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.173): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.239): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneMotoJava (Net ID: 00:01:24:F2:AB:40)37.7642, -122.3993
2023-05-12 03:27:00Web ServerNoWeb Server Identifier0030Nonecloudflare{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneSurfandSip (Net ID: 00:02:2D:03:7C:7A)37.780462,-122.390564
2023-05-12 02:46:18Affiliate Description - CategoryNoDuckDuckGo0020NoneTechnology companies based in the San Francisco Bay Areaskip.ns.cloudflare.com
2023-05-12 02:54:00Open TCP PortNoCensys0020None104.21.6.166:8080104.21.6.166
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecom94A3DC (Net ID: 00:0C:F6:94:A3:DC)50.8897, 6.0563
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00root.github.io] https://www.openphish.com/feed.txt00root.github.io
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NonemyLGNetA41A (Net ID: 00:01:36:57:A4:18)37.780462,-122.390564
2023-05-12 02:50:23Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 30, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kikenbutsu-hei.shikaku-getter.info/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3560:120:WilError_01"\n "Local\\SM0:3560:120:WilError_01"\n "SM0:3560:304:WilStaging_02"\n "Local\\SM0:3560:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"202.226.37.169:80"\n "138.91.254.96:443"\n "142.251.32.42:80"\n "104.17.25.14:443"\n "13.227.74.81:80"\n "185.199.108.153:443"\n "20.99.185.48:443"\n "142.250.189.226:80"\n "142.250.189.226:443"\n "142.250.189.194:443"\n "142.251.214.130:443"\n "142.250.189.234:443"\n "142.250.191.33:443"\n "142.250.189.162:443"\n "172.217.12.99:443"\n "142.250.189.227:443"\n "142.251.32.36:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kikenbutsu-hei.shikaku-getter.info"\n "ajax.googleapis.com"\n "dn.msmstatic.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /images/favicon.ico HTTP/1.1\nHost: kikenbutsu-hei.shikaku-getter.info\nConnection: keep-alive\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56\nAccept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8\nReferer: http://kikenbutsu-hei.shikaku-getter.info/\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nCookie: _ga_YTHJT2QPH0=GS1.1.1683852253.1.0.1683852253.0.0.0; _ga=GA1.2.504460167.1683852253; _gid=GA1.2.251658778.1683852255; _gat_gtag_UA_105729601_1=1; __gads=ID=37b1f143d2eff9ac-22522163abde00b6:T=1683852256:RT=1683852256:S=ALNI_Ma8Y6OT5-ZRyf8rZfw3X1o10bxaMw; __gpi=UID=00000989794fbd85:T=1683852256:RT=1683852256:S=ALNI_MY1Pcut_bZsdRPcxBF9Ibwxm1KXuw"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"adservice.google.com"\n "ajax.googleapis.com"\n "ajaxzip3.github.io"\n "api.edgeoffer.microsoft.com"\n "arc.msn.com"\n "cdnjs.cloudflare.com"\n "dn.msmstatic.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "googleads.g.doubleclick.net"\n "kikenbutsu-hei.shikaku-getter.info"\n "pagead2.googlesyndication.com"\n "partner.googleadservices.com"\n "tpc.googlesyndication.com"\n "www.be-index.com"\n "www.googletagservices.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\shopping.js]- [targetUID: 00000000-00007752]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007872]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\7752_445480169\\edge_driver.js]- [targetUID: 00000000-00007752]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\edge_driver.js]- [targetUID: 00000000-00007752]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00007872]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\7752_445480169\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00007752]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\auto_open_controller.js]- [targetUID: 00000000-00007752]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007752]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\7752_445480169\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00007752]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007752]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007752]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\product_page.js]- [targetUID: 00000000-00007752]\n "c0b99d91-76c9-4b69-aa3185.199.108.153
2023-05-12 02:56:16Raw Data from RIRsNoTool - WAFW00F1020None[{"url": "https://www.ayhu.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://www.ayhu.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]www.ayhu.xyz
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonewww.hollywoodbowl.org (Net ID: 00:01:F4:ED:A0:89)34.0544, -118.244
2023-05-12 03:18:06URL (Purely Static)NoPage Information0040Nonehttp://vscode.battleb0t.xyz<!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>vscode.battleb0t.xyz | 521: Web server is down</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /> </head> <body> <div id="cf-wrapper"> <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8"> <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2"> <span class="inline-block">Web server is down</span> <span class="code-label">Error code 521</span> </h1> <div> Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information. </div> <div class="mt-3">2023-05-12 02:54:21 UTC</div> </header> <div class="my-8 bg-gradient-gray"> <div class="w-240 lg:w-full mx-auto"> <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">You</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Browser </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer"> Cloudflare </a> </h3> <span class="leading-1.3 text-2xl text-green-success">Working</span> </div> <div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0"> <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span> <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </div> <span class="md:block w-full truncate">vscode.battleb0t.xyz</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> Host </h3> <span class="leading-1.3 text-2xl text-red-error">Error</span> </div> </div> </div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2> <p>The web server is not returning a connection. As a result, the web page is not displaying.</p> </div> <div class="w-1/2 md:w-full float-left leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2> <h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3> <p class="mb-6">Please try again in a few minutes.</p> <h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3> <p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">138.197.106.3</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div> </div> </body> </html>
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNet8682 (Net ID: 00:01:36:5B:86:80)37.7813933,-122.3918002
2023-05-12 03:09:54Open TCP PortNoPulsedive0030None185.199.108.133:80185.199.108.0/24
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050Nonetumblr (Category: images) https://Altpapier.tumblr.comAltpapier
2023-05-12 02:46:49Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app35.229.48.116
2023-05-12 02:59:13Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'104.17.244.204', u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://info.pcmiler.com/trial36download', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"{"url":"https://info.pcmiler.com/trial36download","portal":4239221,"content":77280338489,"group":-1,"connection":{},"timing":{"navigationStart":1658937102290,"unloadEventStart":0,"unloadEventEnd":0,"redirectStart":0,"redirectEnd":0,"fetchStart":1658937102290,"domainLookupStart":1658937102298,"domainLookupEnd":1658937102298,"connectStart":1658937102298,"connectEnd":1658937102298,"requestStart":1658937102298,"responseStart":1658937102298,"responseEnd":1658937102509,"domLoading":1658937102298,"domInteractive":1658937108930,"domContentLoadedEventStart":1658937109483,"domContentLoadedEventEnd":1658937109539,"domComplete":1658937110504,"loadEventStart":1658937110555,"loadEventEnd":1658937110556,"msFirstPaint":1658937108124}}" (Indicator: "connect") in Source: SSL_199.60.103.254\n "MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00000836-00000BCA-9552128\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00000836-00000BCA-9553085'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B6C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B3B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"199.60.103.254:443"\n "104.17.244.204:443"\n "104.19.154.83:443"\n "34.74.170.74:443"\n "142.251.46.202:443"\n "142.251.46.227:80"\n "142.251.46.227:443"\n "172.64.154.85:443"\n "104.17.127.171:443"\n "104.17.113.176:443"\n "104.17.67.176:443"\n "104.17.231.204:443"\n "104.19.155.83:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.pki.goog"\n "forms.hubspot.com"\n "info.pcmiler.com"\n "no-cache.hubspot.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_344_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "IsoScope_344_IESQMMUTEX_0_303"\n "IsoScope_344_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_344_IESQMMUTEX_0_331"\n "IsoScope_344_IE_EarlyTabStart_0x404_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_344_ConnHashTable<836>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00001008) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001008)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001008)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab1B6B.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00000944]\n "~DF58A3C7FC46791459.TMP" has type "data"- Location: [%TEMP%\\~DF58A3C7FC46791459.TMP]- [targetUID: 00000000-00000836]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000944]\n "9FF67FB3141440EED32363089565AE60_A615E3E02EF226C595CCB8A65F518E46" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_A615E3E02EF226C595CCB8A65F518E46]- [targetUID: 00000000-00000944]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00000944]\n "Tar1B6C.tmp" has type "data"- Location: [%TEMP%\\Tar1B6C.tmp]- [targetUID: 00000000-00000944]\n "E87CE99F124623F95572A696C80EFCAF_4D168D4419431996C7034D53B3EACCBC" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\E87CE99F124623F95572A696C80EFCAF_4D168D4419431996C7034D53B3EACCBC]- [targetUID: 00000000-00000944]\n "OHJEU00P.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OHJEU00P.txt]- [targetUID: 00000000-00000836]\n "~DFA369BD3616ADAA96.TMP" has type "data"- Location: [%TEMP%\\~DFA369BD3616ADAA96.TMP]- [targetUID: 00000000-00000836]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000836]\n "0GEZRX8E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0GEZRX8E.txt]- [targetUID: 00000000-00000944]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00000944]\n "2CFF2069B7EA2CB5727F7B96AB6C7353" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\2CFF2069B7EA2CB5727F7B96AB6C7353]- [targetUID: 00000000-00000944]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00000944]\n "Tar1B3B.tmp" has type "data"- Location: [%TEMP%\\Tar1B3B.tmp]- [targetUID: 00000000-00000944]\n "A16C6C16D94F76E0808C087DFC657D99_F97E3458719FE8B5437DE55F349865B9" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\A16C6C16D94F76E0808C087DFC657D99_F97E3458719FE8B5437DE55F349865B9]- [targetUID: 00000000-00000944]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /trial36download HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla34.74.170.74
2023-05-12 02:50:37Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/kshare.html', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/kshare.html#p.wehnert%40heathus.com', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/kshare.html#p.wehnert%40heathus.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:2524:304:WilStaging_02"\n "Local\\SM0:2524:304:WilStaging_02"\n "Local\\SM0:2524:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:2524:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.94.90.1:443"\n "138.91.254.96:443"\n "104.18.23.52:443"\n "185.199.108.153:443"\n "69.16.175.42:443"\n "20.99.185.48:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "arc.msn.com"\n "bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link"\n "bafybeifs6aeegaj3ly4eg5ueiilwt5tr357zjlb63ngvmcwb5k44fd4jyu.ipfs.w3s.link"\n "code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsbafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.linkkshare.html#p.wehnert%40heathus.com" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006636]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00004224]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00004224]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4224_1061944327\\edge_driver.js]- [targetUID: 00000000-00004224]\n "00e7fb9a-e2bd-4691-8dd2-d2fd1ba42ccc.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 268381"- Location: [%TEMP%\\00e7fb9a-e2bd-4691-8dd2-d2fd1ba42ccc.tmp]- [targetUID: 00000000-00004224]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 4586386"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c3]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006636]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4224_1061944327\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004224]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004224]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00004224]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4224_1061944327\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004224]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\4224_1061944327\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00004224]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\4224_1061944327\\Notification\\notification.bundle.js]- [targetUID: 00000000-00004224]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00004224]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006636]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\4224_910400663\\edge_autofill_field_data.json]- [targetUID: 00000000-00004224]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: 00000000-00004224]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\\4224_1061944327\\json\\wallet\\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00004224]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004224]\n "Web Data185.199.108.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NonePrivate (Net ID: 00:06:B1:20:D3:D2)33.6170672,-111.90564645297056
2023-05-12 02:54:13Web ContentNoWeb Spider2040None<!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <noscript> <div id="challenge-error-title"> <div class="h2"> <span class="icon-wrapper"> <div class="heading-icon warning-icon"></div> </span> <span id="challenge-error-text"> Enable JavaScript and cookies to continue </span> </div> </div> </noscript> <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f603759cec44a')"></div> <form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="VxcMRN.Povw0Dqbul8wSiWYYVjQ65KTx3XK5wkMYn5s-1683860053-0-ARNnaczlk3lhWY6ESpfReTjviWNfe6-W-F4EYUMujv5K8wYIHcmyGNVxCdUrRWsobOaE65E16LH7Z5A8l3JcOOwM40OukBYU_NTnKQTXBbuAPfHcavNAVkFXDNA4yBYP_F-doeuxJ1iDDtJRrmlmohTnm9Zwgu_y8a0NK2hiUe5yMvTqp63OLXzd1V9ueCyVeeK1caOtPi7xaty2vJtyZb-cIX-pXe1HjTUlpS2SBgDHLt9Z2nGU34h6kZ0-LrtNlJwHFMEUfGQT7Cu-pfqrhaBF1Rf57tLrkAcE4ToZFW0ZJ0AzVaQzLYE6ZtSIvjdhsInZ4x-0ac4WkaSnH9qLZC0frRaKCRbP1YE5yAsA_V_rAzDvledqs23zFkADyA1JndB-r5YTwGkwDl-BxZREbNktpruk72pVubcgN5obrf6JxTrQq7YBfyWH0u231TmHhalG3kCxQTdf9BBK1RtcvNhrrH01RN3jUXWOknSbzfs0xXZvpHYZ1mrWn-Ojnk9ZjOu2ygM5UtHSoZUS6y_CjRifM_gopebOwo_cedROZOf9quaaEku8SOVh2-a-u3HQqhJrHKvyqASEjXgOG-POuVge4L6xHx2SHahOESPnWqqKrSn9BYMIGELPd8-r-1tIAXEFuooehRGS_FYNDjqh6omsTcRWSr06JGoopCVsOBkATKY4nwfmOjHwATatO_bzDcPIKUDDZxN4trvvcVPNVoHO7Bdkn5nD4MlhG7ULR5m8BGChjHXk7lMQgvxBm1SZz89qexKer_mB3ITW_Ckfp4tPj4-YUwZkcw1lp1dwi32IJwgxwAEQrcGYo7Dftq8CYuStupr8lXKN_XUjGqTozvnpHPRsKR3mpnU05jAAbQN-wTNmylPeMG1Bx9YvJ8-oBs6FOj2g79NCurzx8d8F26PjaGqr-vtP8UKYeQxLAnNdd4Vl3r7Sxgy5_U4ONoKkZLnzYO166hvNojFJrl5f4tJq3L8oaK1eV5U-xpdOk_jlFbI7ZzjrEUv9fZQsj5GaeDY02cHxOh7Nt2nNuGIpJ43yd7IG1NCu_ks7x5I0kfXv5MRuTfiROKF9xzm5F_CKasB2amUWk6rZYcXTrxdif9TD5Sx62vXZQpsnSXx8a6qRdl0hIJb_vmia5qIkaGS9V0c3xjS-IDsjcMXU8HgYzlCX19Zu4ALj-qepP0KcZOXiHhiswQ6RmzSNTHY19R5ZletASbYV_KRC2PP48Hz8WCb-SWTTkcwOaIfpq0-9SsU16FZzuVHDtQR9HgY0pbLMzaxY0s1xIpwF0xudNUa9SsK7hj88CJhBWAgyl0DKCHjlEvVNsM3bMb76uUbrGBKt7Hry85yQS5UEcYp6GIRihakXwCelMLh9b6mQeb34LGhQRPvlmLc3f7j1216yXCSaBd223eCCMmrLoB2g3nLwqwrk_PW2t_XaPAxAsSOOJKzId4VjA2dn6CqsOQIQ1btvcUPfq3OsFea8XgUx2qTK18l8oqMYjxkPX_FOwTDrD8XvSUg990Ur0PezzJ7ZjQhXW2g96qU5HlxCcEgvTZ1Oj8VsRG6KYZKs3liq65P7yZ1Xq0PuWGs5ZH1HZuwe_EUK0ctlgYcA2TZqiqR97ljhOugKeylE_8hYvCH-_EfG3w8eyicUcZHEEbELHsNXehd76Tx3s2-ebSEw5k9zImyOFTenD_lgPbpq7QTz7xoj2el_vnfxew2WRomnN2o-3wrcdpxXZbyRqTVEwh9mt5ldOWHagonTAv_Q_hf6-IdMAwmmBbSh1Hcp5U00qxCfbSDlsw6TbCjryraM_n5MuyIQ3ROmpzau0nYDihwg55Yfm_maTyXQn3EfPcgCTbGbUA-S1IM4kEvznOEUMKan7limYnMnSACdDa6YllLFkTxfyt9PIWPkMFkg4rul1WrPg6PbIgC6s9asfdQz_qx66otvL3jKY2qeghrw_6pmQyfsLCIHyZFw1XaoIueMg-cFKFmIkcBABdWmDDrGq0ut54mYbYK3SFGC_bIHhtVHYt9KTDDqI94HFGgN1Tmq0OS0w3l63uBrjPR2ghPB-fwrkk0mrJ7qhhXURTs1sofuhT9GcdvnMZ1lpgzcElp3IhKAYa_lNxP8ZMf4Q_-TfeYlm0PHPqWivHEqU3GArEQlC_hJ27J0JdZxbF8RZT_qsP9FxBGCfGjgHhGcEmTtiLHMzioIBblPCJ2MJyW1yepTP1gLGj1XQw8vPq1sTASJgCcwQdtLYK1gBygsKJ6y9hq73XXqB7BxmSRGE1412ZH9kqHGFcsBJvpgdfjdZDEcUAbc7eHlE_pUs5mqrXq697Qb125fekHxboBa8kmPIcPQ2ynUBwAN74KYjxXYEmrozv8dkXJqol4LZcUANpwiA11Em8xrLpc2lbtTgwaNEHGyTh_5AUbuVj2YXAm8gMv0JlcPNtTwFxCdA8SE7rXhlJ4zCoy8DSlgGYlbvZ8ijwcet19cfaphrxuan5NDwsNqQSGBQBD2ZBY7HKWcOtfFA0IzjpULqXe_VhCzD0_t3-f5YJ6XZO21"> </form> </div> </div> <script> (function(){ window._cf_chl_opt={ cvId: '2', cZone: 'ayhu.xyz', cType: 'managed', cNounce: '16187', cRay: '7c5f603759cec44a', cHash: '5c1bdda96dc3363', cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU", cFPWv: 'b', cTTimeMs: '1000', cMTimeMs: '0', cTplV: 5, cTplB: 'cf', cK: "", cRq: { ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=', ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w', rm: 'R0VU', d: 'HgohT/b1OM4tsUSGEPixuGnvvV+8jkzKLyX45HU4WdoKt1CyoXgioQGLmYcV9DPAxym7ohL+qPU6akoz/3Kv4jDE5qiLpt0g690Z1V0G6KGqGHPkesBGIYJOSkTiujqDpcxocLCBQ79XH7kLAk8OVa7j2xuxhAkf7tykvodsDRO92HgFm6rNoo9Cc4pq9Hw23quQ/Ag/Dw7fHCOPwdkWoIXGKhVsGwr+1oSvb+i62Ffqr2C/t8TudQSZP04EqcjtlKB4l31gRzqm6aULKZZKHQH5dhkngvCigCKNwW3hn9AmxEaT7NKkPj96+xDmNbHesoN2ACk9cb3W/d0YPCDVKR1HT4e51TpStG90quS33mPQQRwHkie3Xs9LUnGj5sG8Duv0tFosQZ0d2HZZW4zbksxXdaP8TmTByfSbYAcfyuU4CzRSX+Y5Rm9J03m+/gTMFWf25epClffMJPvWQuuF8+FuZwLDOXqs2UqxSUCSOXQCyg20Uk8QGVhEnW7SZrLI6C+LyvwhLlehehPxzaKSJs+0ftOeZ0U1P+CWNJ72yzyn1vk/bmC6oIk8nhtMSrxM', t: 'MTY4Mzg2MDA1My42NjAwMDA=', m: 'lfsFj6DGCrI2vGPf6BjuX9qKC3b3WJbZzI/myE7y0Ig=', i1: 'Gu/vYOwR5DI39saTFLv/iA==', i2: 'jBLnZ6zLXxRsowEZI/3brw==', zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=', uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=', hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=', } }; var trkjs = document.createElement('img'); trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f603759cec44a'); trkjs.setAttribute('alt', ''); trkjs.setAttribute('style', 'display: none'); document.body.appendChild(trkjs); var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f603759cec44a'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }()); </script> </body> </html> https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs
2023-05-12 02:53:15IPv6 AddressNoMnemonic PassiveDNS0010None2606:50c0:8001::153battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:50:3C:2C)33.336199,-111.89446440830702
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonewireless (Net ID: 00:02:2D:26:4A:A6)34.0544, -118.244
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonedarudar (Category: misc) https://darudar.org/users/login/login
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050NoneRyanLG (Net ID: 00:01:36:4F:9A:F0)37.780462,-122.390564
2023-05-12 02:56:54Affiliate - Domain NameNoDNS Resolver2030Nonekeyubu.netcp.keyubu.net
2023-05-12 02:46:38BGP AS MembershipNoRIPE0040None1516934.148.96.0/20
2023-05-12 03:23:50Open TCP PortNoPulsedive0030None188.114.96.20:80188.114.96.0/24
2023-05-12 03:00:56Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.92): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor5020None+14806242598Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/ein_2.pnghttps://pics.battleb0t.xyz/
2023-05-12 02:44:34SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:52:05 2023 GMT Not After : Jun 11 12:52:04 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28: 87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68: c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0: d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d: 57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc: c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42: 4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af: b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24: 39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d: be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93: a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b: ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50: 55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16: 09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d: d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71: 65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67: 46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af: 98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42: ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3: f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e: 45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05: 52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12: 73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63: ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc: 21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d: 64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14: be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c: e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd: 2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1: da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2: 87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39: e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae: 96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b: 5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35: 1b:42:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 13:c5:42:8e:df:cd:70:e8:7c:0e:70:c9:5a:83:25:16:cc:62: c3:f9:d5:c4:22:3b:ce:7f:81:fd:60:05:88:21:1a:e5:70:1c: 36:22:ce:db:ed:26:19:e2:1b:04:4d:ab:65:39:6d:00:51:3b: cc:9b:3f:79:54:95:3e:31:af:d8:e6:03:1b:cc:d5:95:be:82: cd:0b:e5:96:8f:6f:35:dd:91:c9:94:47:2b:3a:45:e8:d6:90: 9a:f6:27:ba:63:ff:75:94:72:de:3e:47:3f:d3:d4:41:71:e3: 3f:56:35:21:79:53:05:d2:4b:7c:f6:49:cf:40:3d:7f:f2:f4: 3d:17:14:59:24:3e:50:d8:45:4a:75:44:e1:73:c8:35:32:f2: 12:9e:aa:4b:a4:d5:91:49:4b:5d:ba:80:98:b5:1e:6a:11:cf: b0:5f:4d:0f:57:ad:69:b3:6b:16:1c:dd:75:b2:fe:57:1f:11: ae:d7:db:50:93:3c:e1:e8:26:9c:cc:0a:18:7c:b4:5d:5b:33: d4:f5:18:f8:96:6e:cb:73:1d:80:63:f6:bb:c8:51:5e:dd:31: fe:d5:d8:6f:b8:13:03:f9:14:44:36:23:9a:a2:41:54:b4:39: df:20:21:8b:35:e6:b5:0b:7c:63:1f:77:c7:00:93:73:7a:f3: 93:fe:79:56 battleb0t.xyz
2023-05-12 02:46:59Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32.DLL" at base d4980000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base d1700000\n "msedge.exe" loaded module "COMBASE.DLL" at base d4e80000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base badf0000\n "msedge.exe" loaded module "NTDLL.DLL" at base d6d70000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base e1100000\n "msedge.exe" loaded module "SHELL32.DLL" at base d54e0000\n "msedge.exe" loaded module "USER32.DLL" at base d51a0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base d3d00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base d3d00000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base d48d0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base d3d00000\n "msedge.exe" loaded module "KERNEL32" at base d4980000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base d3d00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base d3d00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base d3d00000\n "msedge.exe" loaded module "%PROGRAMFILES%\\(X86)\\MICROSOFT\\EDGE\\APPLICATION\\103.0.1264.37\\MSEDGE.DLL" at base a3ae0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a00b101000040c7e7d3fa7f0000@ntdll.dll"\n "22002300b101000018c7e7d3fa7f0000@ntdll.dll"\n "19001a00b9b0000040c7e7d3fa7f0000@ntdll.dll"\n "22002300b9b0000018c7e7d3fa7f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7692:120:WilError_01"\n "Local\\SM0:7800:120:WilError_01"\n "Local\\SM0:7800:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7800:120:WilError_01"\n "Local\\SM0:7692:304:WilStaging_02"\n "Local\\SM0:7692:120:WilError_01"\n "SM0:7692:120:WilError_01"\n "SM0:7692:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7692:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7692:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7692:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00007800.00000000.75750.D4AEF000.00000002.mdmp]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00007692]\n "regex_patterns.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\regex_patterns.json]- [targetUID: 00000000-00007692]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\Trust Protection Lists\\Mu\\LICENSE]- [targetUID: 00000000-00007692]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007692]\n "Session_13322671954908029" has type "data"- [targetUID: N/A]\n "76db8249-b3cb-44da-9551-d0f0664589c0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "8a37d1a7-21d3-4df9-8999-4552124a3857.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8a37d1a7-21d3-4df9-8999-4552124a3857.tmp]- [targetUID: 00000000-00007692]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7692_1621032304\\auto_open_controller.js]- [targetUID: 00000000-00007692]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007692]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007692]\n "f34135bd94e6cca1_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f34135bd94e6cca1_0]- [targetUID: 00000000-00007692]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.json]- [targetUID: 00000000-00007692]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007692]\n "shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4292.0\\shopping.html]- [targetUID: 00000000-00007692]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens\\LOG]- [targetUID: 00000000-00007692]\n "b29784eb-2c8c-4cbf-9fa1-0df2e5c685c5.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b29784eb-2c8c-4cbf-9fa1-0df2e5c685c5.tmp]- [targetUID: 00000000-00007692]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7692_1489057809\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007692]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00007692]\n "f92efea4-e74d-4de9-989f-36e2f1ffd71c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f92efea4-e74d-4de9-989f-36e2f1ffd71c.tmp]- [targetUID: 00000000-00007692]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry location strings which can modifies auto-execute functionality', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1547/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-270', u'attck_id': u'T1547.001', u'relevance': 5, u'threat_level': 0, u'type': 2, u'description': u'Observed string:"software\\microsoft\\windows\\currentversion\\run" [Source: 00000000-00007800.00000000.75750.D4AEF000.00000002.mdmp]\n Observed string:"software\\microsoft\\windows\\currentversion\\runonce" [Source: 00000000-00007800.00000000.75750.D4AEF000.00000002.mdmp]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-4', u'name': u'Found a string that may be used as part of an injection method', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1055/011', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1055.011', u'relevance': 4, u'threat_level': 0, u'type': 2, u'description': u'"Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-143', u'name': u'Contains ability to retreive system language (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1614/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1614.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'descript185.199.111.153
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneSurfandSip Wavelan (Net ID: 00:02:2D:01:79:94)37.7813933,-122.3918002
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5ea2e0298c1146-ORD Content-Encoding: gzip 188.114.97.1
2023-05-12 02:53:04Open TCP PortNoPulsedive0030None185.199.111.153:80185.199.111.0/24
2023-05-12 03:10:57Raw Data from RIRsNoKeybase0060None{u'status': {u'code': 0, u'name': u'OK'}, u'them': [{u'basics': {u'username': u'login', u'track_version': 0, u'ctime': 1437685663, u'last_id_change': 1437685663, u'username_cased': u'login', u'eldest_seqno': 0, u'status': 0, u'id_version': 0, u'mtime': 1565618750, u'salt': u'bfd095bd7481b265726bbe1cf8806782'}, u'devices': {}, u'stellar': {u'hidden': False, u'primary': {}}, u'cryptocurrency_addresses': {}, u'public_keys': {u'eldest_kid': None, u'eldest_key_fingerprint': None, u'families': {}, u'subkeys': [], u'sibkeys': [], u'all_bundles': [], u'pgp_public_keys': []}, u'id': u'428821350e9691491f616b754cd83119', u'proofs_summary': {u'all': [], u'has_web': False, u'by_sig_id': {}, u'by_presentation_group': {}}}]}login
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.158): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:24:29Affiliate - Company NameNoCompany Name Extractor0070NoneDomains By Proxy, LLCDomain Name: AMCODEV.ME Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2023-01-03T11:02:11Z Creation Date: 2018-01-02T22:12:38Z Registry Expiry Date: 2024-01-02T22:12:38Z Registrar Registration Expiration Date: Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Reseller: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Domain Name: amcodev.me Registry Domain ID: D425500000016166846-AGRS Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2023-01-03T11:02:09Z Creation Date: 2018-01-02T22:12:38Z Registrar Registration Expiration Date: 2024-01-02T22:12:38Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR434510046 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Admin ID: CR434510262 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Registry Tech ID: CR434510194 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me Name Server: DNS1.STABLETRANSIT.COM Name Server: DNS2.STABLETRANSIT.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:54:18Web Content TypeNoWeb Spider0020Nonetext/html;charset=utf-8pics.battleb0t.xyz
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.160): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:03:33Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0080004.github.io
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonelogitec-a53131 (Net ID: 00:01:8E:A5:31:30)37.780462,-122.390564
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget2020None00-evan.github.io185.199.111.153
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0065paula.github.io] https://www.openphish.com/feed.txt0065paula.github.io
2023-05-12 02:44:07Internet NameNoCertSpotter30110Nonepics.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:09:40Affiliate - Internet NameNoDNS Resolver0040None118.48.229.35.bc.googleusercontent.com35.229.48.118
2023-05-12 03:09:39Affiliate - Internet NameNoDNS Resolver0040None112.48.229.35.bc.googleusercontent.com35.229.48.112
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:65:D0)50.1188, 8.6843
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonepadt-1 (Net ID: 00:01:21:1F:7B:30)33.336199,-111.89446440830702
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonex-cache: HIT{"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"}
2023-05-12 03:09:27Co-Hosted SiteNoSSL Certificate Analyzer0020Nonesni.cloudflaressl.com188.114.96.1
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneTechAir (Net ID: 00:01:21:30:60:FD)41.8781, -87.6298
2023-05-12 02:54:19Web ContentNoWeb Spider0040None/** * dat-gui JavaScript Controller Library * http://code.google.com/p/dat-gui * * Copyright 2011 Data Arts Team, Google Creative Lab * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 */ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t(e.dat={})}(this,function(e){"use strict";function t(e,t){var n=e.__state.conversionName.toString(),o=Math.round(e.r),i=Math.round(e.g),r=Math.round(e.b),s=e.a,a=Math.round(e.h),l=e.s.toFixed(1),d=e.v.toFixed(1);if(t||"THREE_CHAR_HEX"===n||"SIX_CHAR_HEX"===n){for(var c=e.hex.toString(16);c.length<6;)c="0"+c;return"#"+c}return"CSS_RGB"===n?"rgb("+o+","+i+","+r+")":"CSS_RGBA"===n?"rgba("+o+","+i+","+r+","+s+")":"HEX"===n?"0x"+e.hex.toString(16):"RGB_ARRAY"===n?"["+o+","+i+","+r+"]":"RGBA_ARRAY"===n?"["+o+","+i+","+r+","+s+"]":"RGB_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+"}":"RGBA_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+",a:"+s+"}":"HSV_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+"}":"HSVA_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+",a:"+s+"}":"unknown format"}function n(e,t,n){Object.defineProperty(e,t,{get:function(){return"RGB"===this.__state.space?this.__state[t]:(I.recalculateRGB(this,t,n),this.__state[t])},set:function(e){"RGB"!==this.__state.space&&(I.recalculateRGB(this,t,n),this.__state.space="RGB"),this.__state[t]=e}})}function o(e,t){Object.defineProperty(e,t,{get:function(){return"HSV"===this.__state.space?this.__state[t]:(I.recalculateHSV(this),this.__state[t])},set:function(e){"HSV"!==this.__state.space&&(I.recalculateHSV(this),this.__state.space="HSV"),this.__state[t]=e}})}function i(e){if("0"===e||S.isUndefined(e))return 0;var t=e.match(U);return S.isNull(t)?0:parseFloat(t[1])}function r(e){var t=e.toString();return t.indexOf(".")>-1?t.length-t.indexOf(".")-1:0}function s(e,t){var n=Math.pow(10,t);return Math.round(e*n)/n}function a(e,t,n,o,i){return o+(e-t)/(n-t)*(i-o)}function l(e,t,n,o){e.style.background="",S.each(ee,function(i){e.style.cssText+="background: "+i+"linear-gradient("+t+", "+n+" 0%, "+o+" 100%); "})}function d(e){e.style.background="",e.style.cssText+="background: -moz-linear-gradient(top, #ff0000 0%, #ff00ff 17%, #0000ff 34%, #00ffff 50%, #00ff00 67%, #ffff00 84%, #ff0000 100%);",e.style.cssText+="background: -webkit-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -o-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -ms-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);"}function c(e,t,n){var o=document.createElement("li");return t&&o.appendChild(t),n?e.__ul.insertBefore(o,n):e.__ul.appendChild(o),e.onResize(),o}function u(e){X.unbind(window,"resize",e.__resizeHandler),e.saveToLocalStorageIfPossible&&X.unbind(window,"unload",e.saveToLocalStorageIfPossible)}function _(e,t){var n=e.__preset_select[e.__preset_select.selectedIndex];n.innerHTML=t?n.value+"*":n.value}function h(e,t,n){if(n.__li=t,n.__gui=e,S.extend(n,{options:function(t){if(arguments.length>1){var o=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:o,factoryArgs:[S.toArray(arguments)]})}if(S.isArray(t)||S.isObject(t)){var i=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:i,factoryArgs:[t]})}},name:function(e){return n.__li.firstElementChild.firstElementChild.innerHTML=e,n},listen:function(){return n.__gui.listen(n),n},remove:function(){return n.__gui.remove(n),n}}),n instanceof q){var o=new Q(n.object,n.property,{min:n.__min,max:n.__max,step:n.__step});S.each(["updateDisplay","onChange","onFinishChange","step"],function(e){var t=n[e],i=o[e];n[e]=o[e]=function(){var e=Array.prototype.slice.call(arguments);return i.apply(o,e),t.apply(n,e)}}),X.addClass(t,"has-slider"),n.domElement.insertBefore(o.domElement,n.domElement.firstElementChild)}else if(n instanceof Q){var i=function(t){if(S.isNumber(n.__min)&&S.isNumber(n.__max)){var o=n.__li.firstElementChild.firstElementChild.innerHTML,i=n.__gui.__listening.indexOf(n)>-1;n.remove();var r=f(e,n.object,n.property,{before:n.__li.nextElementSibling,factoryArgs:[n.__min,n.__max,n.__step]});return r.name(o),i&&r.listen(),r}return t};n.min=S.compose(i,n.min),n.max=S.compose(i,n.max)}else n instanceof K?(X.bind(t,"click",function(){X.fakeEvent(n.__checkbox,"click")}),X.bind(n.__checkbox,"click",function(e){e.stopPropagation()})):n instanceof Z?(X.bind(t,"click",function(){X.fakeEvent(n.__button,"click")}),X.bind(t,"mouseover",function(){X.addClass(n.__button,"hover")}),X.bind(t,"mouseout",function(){X.removeClass(n.__button,"hover")})):n instanceof $&&(X.addClass(t,"color"),n.updateDisplay=S.compose(function(e){return t.style.borderLeftColor=n.__color.toString(),e},n.updateDisplay),n.updateDisplay());n.setValue=S.compose(function(t){return e.getRoot().__preset_select&&n.isModified()&&_(e.getRoot(),!0),t},n.setValue)}function p(e,t){var n=e.getRoot(),o=n.__rememberedObjects.indexOf(t.object);if(-1!==o){var i=n.__rememberedObjectIndecesToControllers[o];if(void 0===i&&(i={},n.__rememberedObjectIndecesToControllers[o]=i),i[t.property]=t,n.load&&n.load.remembered){var r=n.load.remembered,s=void 0;if(r[e.preset])s=r[e.preset];else{if(!r[se])return;s=r[se]}if(s[o]&&void 0!==s[o][t.property]){var a=s[o][t.property];t.initialValue=a,t.setValue(a)}}}}function f(e,t,n,o){if(void 0===t[n])throw new Error('Object "'+t+'" has no property "'+n+'"');var i=void 0;if(o.color)i=new $(t,n);else{var r=[t,n].concat(o.factoryArgs);i=ne.apply(e,r)}o.before instanceof z&&(o.before=o.before.__li),p(e,i),X.addClass(i.domElement,"c");var s=document.createElement("span");X.addClass(s,"property-name"),s.innerHTML=i.property;var a=document.createElement("div");a.appendChild(s),a.appendChild(i.domElement);var l=c(e,a,o.before);return X.addClass(l,he.CLASS_CONTROLLER_ROW),i instanceof $?X.addClass(l,"color"):X.addClass(l,H(i.getValue())),h(e,l,i),e.__controllers.push(i),i}function m(e,t){return document.location.href+"."+t}function g(e,t,n){var o=document.createElement("option");o.innerHTML=t,o.value=t,e.__preset_select.appendChild(o),n&&(e.__preset_select.selectedIndex=e.__preset_select.length-1)}function b(e,t){t.style.display=e.useLocalStorage?"block":"none"}function v(e){var t=e.__save_row=document.createElement("li");X.addClass(e.domElement,"has-save"),e.__ul.insertBefore(t,e.__ul.firstChild),X.addClass(t,"save-row");var n=document.createElement("span");n.innerHTML="&nbsp;",X.addClass(n,"button gears");var o=document.createElement("span");o.innerHTML="Save",X.addClass(o,"button"),X.addClass(o,"save");var i=document.createElement("span");i.innerHTML="New",X.addClass(i,"button"),X.addClass(i,"save-as");var r=document.createElement("span");r.innerHTML="Revert",X.addClass(r,"button"),X.addClass(r,"revert");var s=e.__preset_select=document.createElement("select");if(e.load&&e.load.remembered?S.each(e.load.remembered,function(t,n){g(e,n,n===e.preset)}):g(e,se,!1),X.bind(s,"change",function(){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].innerHTML=e.__preset_select[t].value;e.preset=this.value}),t.appendChild(s),t.appendChild(n),t.appendChild(o),t.appendChild(i),t.appendChild(r),ae){var a=document.getElementById("dg-local-explain"),l=document.getElementById("dg-local-storage");document.getElementById("dg-save-locally").style.display="block","true"===localStorage.getItem(m(e,"isLocal"))&&l.setAttribute("checked","checked"),b(e,a),X.bind(l,"change",function(){e.useLocalStorage=!e.useLocalStorage,b(e,a)})}var d=document.getElementById("dg-new-constructor");X.bind(d,"keydown",function(e){!e.metaKey||67!==e.which&&67!==e.keyCode||le.hide()}),X.bind(n,"click",function(){d.innerHTML=JSON.stringify(e.getSaveObject(),void 0,2),le.show(),d.focus(),d.select()}),X.bind(o,"click",function(){e.save()}),X.bind(i,"click",function(){var t=prompt("Enter a new preset name.");t&&e.saveAs(t)}),X.bind(r,"click",function(){e.revert()})}function y(e){function t(t){return t.preventDefault(),e.width+=i-t.clientX,e.onResize(),i=t.clientX,!1}function n(){X.removeClass(e.__closeButton,he.CLASS_DRAG),X.unbind(window,"mousemove",t),X.unbind(window,"mouseup",n)}function o(o){return o.preventDefault(),i=o.clientX,X.addClass(e.__closeButton,he.CLASS_DRAG),X.bind(window,"mousemove",t),X.bind(window,"mouseup",n),!1}var i=void 0;e.__resize_handle=document.createElement("div"),S.extend(e.__resize_handle.style,{width:"6px",marginLeft:"-3px",height:"200px",cursor:"ew-resize",position:"absolute"}),X.bind(e.__resize_handle,"mousedown",o),X.bind(e.__closeButton,"mousedown",o),e.domElement.insertBefore(e.__resize_handle,e.domElement.firstElementChild)}function w(e,t){e.domElement.style.width=t+"px",e.__save_row&&e.autoPlace&&(e.__save_row.style.width=t+"px"),e.__closeButton&&(e.__closeButton.style.width=t+"px")}function x(e,t){var n={};return S.each(e.__rememberedObjects,function(o,i){var r={},s=e.__rememberedObjectIndecesToControllers[i];S.each(s,function(e,n){r[n]=t?e.initialValue:e.getValue()}),n[i]=r}),n}function E(e){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].value===e.preset&&(e.__preset_select.selectedIndex=t)}function C(e){0!==e.length&&oe.call(window,function(){C(e)}),S.each(e,function(e){e.updateDisplay()})}var A=Array.prototype.forEach,k=Array.prototype.slice,S={BREAK:{},extend:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(t[n])||(e[n]=t[n])}.bind(this))},this),e},defaults:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(e[n])&&(e[n]=t[n])}.bind(this))},this),e},compose:function(){var e=k.call(arguments);return function(){for(var t=k.call(arguments),n=e.length-1;n>=0;n--)t=[e[n].applyhttps://fluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 02:45:43Physical CoordinatesNoAbstractAPI92020None37.7642, -122.3993185.199.109.153
2023-05-12 03:09:37Affiliate - Internet NameNoDNS Resolver0040None228.30.196.104.bc.googleusercontent.com104.196.30.228
2023-05-12 02:54:20HTTP Status CodeNoWeb Spider0040None200http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 02:54:00Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c599e10cab22234-ORD Content-Encoding: gzip 104.21.6.166
2023-05-12 02:46:42Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://url9846.privacybee.com/ls/click?upn=EySNPXCrbC8jDMVbJIo3ruvsNxs9Q1wvX1DDgtu1zWhbWsG0ZNo2ntDLlVBRnuNZS1EHjb7YhPU-2FrYIpzus7G6DZO3SeOLRvy65jBggU2ZCMQANI-2F-2FCHUgnRMsoG6kxqMyXH_etjgfWM5SMHZD0h0E0Jd-2B9mJe66G0Oql262yICXvCc9CouJqkjMTNb-2BR2wPe9vTfbxdtxGVuf9-2FvvmffNk0vlONiXOjubbfNYZwoi2DS-2Bd7CnzdW5ZjLPhIWQLdSolBEbvPNu-2BH0gl1QQh-2F8uE2tTVmV-2BF4bB-2BAcHT8kZ11hfCkGH6A6HsgUipE64nK1Ol1Krt49Tl8Fn8VWYdwq503npI8YK8-2BBlYdNA8gTXmui3kA-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6732:120:WilError_01"\n "Local\\SM0:6992:304:WilStaging_02"\n "Local\\SM0:6992:120:WilError_01"\n "SM0:6992:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6732:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:6732:304:WilStaging_02"\n "Local\\SM0:6732:304:WilStaging_02"\n "SM0:6732:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6732:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6732:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6732:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.123.124:49729"\n "104.26.6.190:49733"\n "142.250.191.42:49734"\n "104.18.11.207:49735"\n "104.17.24.14:49736"\n "69.16.175.42:49737"\n "185.199.111.153:49738"\n "104.19.188.97:49743"\n "172.217.12.99:49745"\n "172.64.144.98:49747"\n "142.250.72.200:49749"\n "142.250.189.206:49750"\n "157.240.22.25:49751"\n "104.17.211.204:49752"\n "142.250.191.46:49753"\n "142.250.141.156:49754"\n "104.17.239.204:49756"\n "104.17.131.171:49757"\n "104.17.68.176:49758"\n "104.18.33.171:49759"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.hubspot.com"\n "app.hubspot.com"\n "cookiepedia.co.uk"\n "js.hs-banner.com"\n "kenwheeler.github.io"\n "metrics-fe-na1.hubspot.com"\n "privacybee.com"\n "privacyportal.onetrust.com"\n "static.hsappstatic.net"\n "track.hubspot.com"\n "url9846.privacybee.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006732]\n "f_00024d" has type "data"- [targetUID: N/A]\n "21a917b2-c020-414a-8a46-b06a11ded1ca.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\21a917b2-c020-414a-8a46-b06a11ded1ca.tmp]- [targetUID: 00000000-00004716]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006732]\n "f_00023e" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00004716]\n "Tabs_13323379254486290" has type "data"- [targetUID: N/A]\n "364126ff-45e7-46b0-9183-daae5e7f3b44.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\364126ff-45e7-46b0-9183-daae5e7f3b44.tmp]- [targetUID: 00000000-00006732]\n "f_000243" has type "Web Open Font Format (Version 2) TrueType length 77160 version 4.459"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006732]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma\\LICENSE]- [targetUID: 00000000-00006732]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006732]\n "f_00023d" has type "data"- [targetUID: N/A]\n "c18a3bba-8e02-4569-80ed-ecfae57fd29d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\c18a3bba-8e02-4569-80ed-ecfae57fd29d.tmp]- [targetUID: 00000000-00006732]\n "712786b6bbe95282_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\712786b6bbe95282_0]- [targetUID: 00000000-00006732]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6732_2117867855\\Filtering Rules-AA]- [targetUID: 00000000-00006732]\n "cf7c5ebe62e62da8_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\cf7c5ebe62e62da8_0]- [targetUID: 00000000-00006732]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006732]\n "4096c652-30d7-464d-9d7a-20dde7d02eca.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Last Browser" has type "data"- [targetUID: N/A]\n "typosquatting_list.pb" has type "data"- Location: [%TEMP%\\6732_28558427\\typosquatting_list.pb]- [targetUID: 00000000-00006732]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://url9846.privacybee.com/ls/click?upn=EySNPXCrbC8jDMVbJIo3ruvsNxs9Q1wvX1DDgtu1zWhbWsG0ZNo2ntDLlVBRnuNZS1EHjb7YhPU-2FrYIpzus7G6DZO3SeOLRvy65jBggU2ZCMQANI-2F-2FCHUgnRMsoG6kxqMyXH_etjgfWM5SMHZD0h0E0Jd-2B9mJe66G0Oql262yICXvCc9CouJqkjMTNb-2BR2wPe9vTfbxdtxG"\n Heuristic match: "api.hubspot.com"\n Heuristic match: "app.hubspot.com"\n Heuristic match: "cookiepedia.co.uk"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://url9846.privacybee.com"\n Heuristic match: "js.hs-banner.com"\n Heuristic match: "kenwheeler.github.io"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "metrics-fe-na1.hubspot.com"\n Heuristic match: "privacybee.com"\n Heuristic match: "privacyportal.onetrust.com"\n Heuristic match: "static.hsappstatic.net"\n Heuristic match: "track.hubspot.com"\n Heuristic match: "url9846.privacybee.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006732]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006732]\n "edge_driver.js" has type "Unknown"- Location: [%TEMP%\\6732_776219200\\edge_driver.js]- [targetUID: 00000000-00006732]\n "adblock_snippet.js" has type "Unknown"- Location: [%TEMP%\\6732_2117867855\\adblock_snippet.js]- [targetUID: 00000000-00006732]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\6732_776219200\\shopping_iframe_driver.js]- [targetUID: 00000000-00006732]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\6732_776219200\\edge_tracking_page_validator.js]- [targetUI185.199.111.153
2023-05-12 02:44:49Company NameNoCompany Name Extractor0020NoneDomain Names REG.RU, LLCDomain Name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.ru Registrar URL: https://www.reg.ru/ Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registry Expiry Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of Domain Names REG.RU, LLC Registrar IANA ID: 1606 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Privacy Protection Registrant State/Province: Registrant Country: RU Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: DAPHNE.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: BATTLEB0T.XYZ Registry Domain ID: D333902916-CNIC Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com Registrar URL: https://www.reg.ru Updated Date: 2023-01-15T21:30:02.0Z Creation Date: 2022-11-17T08:43:43.0Z Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: abuse@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Status: ok http://www.icann.org/epp#ok Registrant ID: yhn6mof3dqy-sdhe Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: BATTLEB0T.XYZ@regprivate.ru Admin ID: mhrgfickoq3r30s0 Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: BATTLEB0T.XYZ@regprivate.ru Tech ID: yyj-fcbflruqmlro Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: BATTLEB0T.XYZ@regprivate.ru Name Server: daphne.ns.cloudflare.com Name Server: skip.ns.cloudflare.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain information pertaining to Internet domain names registered by our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
2023-05-12 03:12:53Physical LocationNonumverify0030NonePhoenix, US+14806242505
2023-05-12 03:23:15Open TCP PortNoPulsedive0030None188.114.96.3:8443188.114.96.0/24
2023-05-12 02:56:16Web TechnologyNoTool - WAFW00F0020NoneNone Nonewww.ayhu.xyz
2023-05-12 03:03:18Internet NameNoDNS Resolver0020Noneayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 19:16:54 2022 GMT Not After : Mar 13 19:16:53 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72: ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02: 41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31: b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d: cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94: 1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8: ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d: 38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8: 2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89: 33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1: 40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70: fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9: 72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4: 6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41: 26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7: 68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03: 83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5: 91:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 76:8a:75:f9:43:a0:e6:61:ea:e3:d4:27:72:39:cb:37:97:94: 6f:0e:14:84:fa:37:4d:a2:29:74:5d:9f:6a:9b:90:69:30:fb: fe:80:38:47:ab:f9:93:8b:07:ed:9c:23:7a:ce:61:de:37:2c: b5:38:61:3d:a2:a5:6a:7f:07:4e:90:cc:90:cb:f2:dc:3b:dd: dc:6e:3d:eb:d5:9b:14:fa:58:fe:7c:53:e1:b8:07:86:02:8a: 6d:b2:53:6a:62:fd:74:1a:77:7e:1a:08:43:f8:18:7a:01:9e: 20:be:c4:45:2e:93:39:21:97:6b:7c:a2:a3:23:1c:fb:d7:fc: ec:c5:e8:7e:b5:d7:d0:a7:3e:34:ed:91:4c:0f:7d:41:20:d6: ae:b8:3c:8e:a2:12:49:dc:0d:d5:4c:94:96:63:8e:08:ef:7b: 64:6f:6d:f3:52:e2:36:f2:d4:c5:56:d5:b4:44:ce:06:c1:8d: 33:fb:3d:55:2f:89:df:1e:0c:e0:e0:b5:24:7c:d7:b7:f3:8a: 0e:7c:13:62:fd:45:98:d9:2b:25:ae:f4:5e:83:23:b0:c0:02: cf:69:26:2e:fd:59:16:e1:d9:9a:02:67:43:02:ef:d7:61:4a: bd:23:13:4e:92:4d:8b:73:c9:d8:47:4a:c4:8f:e1:ca:a1:27: eb:65:50:df
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Nonesntrup761x25519-sha512@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 03:24:21Web Content TypeNoWeb Spider0040Nonetext/html;charset=utf-8https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA
2023-05-12 02:46:17Affiliate Description - CategoryNoDuckDuckGo0030NoneProject hosting websitescdn-185-199-111-153.github.com
2023-05-12 03:24:50CountryNoCountry Name Extractor0030NoneTurkeyBursa, Bursa, 16350, Turkey, Asia
2023-05-12 03:11:10Physical CoordinatesNoOpenStreetMap98040None33.336199,-111.894464408307022155 E. GoDaddy Way, Tempe, US-AZ, US, 85284
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneWimbledon (Net ID: 00:02:CF:8C:8A:BF)40.2024, 29.0398
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}172.67.135.9
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"Content_Length": ["1391"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "X_Powered_By": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8"}, "X_Powered_By": ["Express"], "X_Content_Type_Options": ["nosniff"], "Connection": ["keep-alive"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'"]}87.248.157.102
2023-05-12 03:31:29Affiliate - Email AddressNoE-Mail Address Extractor0040Noneabuse@nicproxy.com Domain Name: ACILACIKVETERINER.COM Registry Domain ID: 2652209212_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.nicproxy.com Registrar URL: http://https://nicproxy.com/ Updated Date: 2023-04-01T13:07:55Z Creation Date: 2021-11-02T23:11:03Z Registry Expiry Date: 2023-11-02T23:11:03Z Registrar: Nics Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90 212 213 2963 Domain Status: ok https://icann.org/epp#ok Name Server: NSC1.KEYUBU.NET Name Server: NSC2.KEYUBU.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:11:50Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ACILACIKVETERINER.COM Registry Domain ID : 2652209212_DOMAIN_COM-VRSN Registrar WHOIS Server : whois.nicproxy.com Registrar URL: http://www.nicproxy.com Updated Date: 2023-04-01T12:50:32Z Creation Date: 2021-11-02T23:11:03Z Registrar Registration Expiration Date: 2023-11-02T23:11:03Z Registrar: NICS Telekomunikasyon A.S. Registrar IANA ID: 1454 Registrar Abuse Contact Email: abuse@nicproxy.com Registrar Abuse Contact Phone: +90.2122132963 Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO Domain Status: ok http://www.icann.org/epp#OK Registry Registrant ID: CID-Redacted for Privacy Registrant Name: Redacted for Privacy Registrant Organization: Redacted for Privacy Registrant Street: Redacted for Privacy Registrant City: Elazig Registrant State / Province: Redacted for Privacy Registrant Postal Code: Redacted for Privacy Registrant Country: TR Registrant Phone: Redacted for Privacy Registrant Phone Ext: Redacted for Privacy Registrant Fax: Redacted for Privacy Registrant Fax Ext: Redacted for Privacy Registrant Email: https://whoisshelter.nicproxy.com/?d=ACILACIKVETERINER.COM Registry Admin ID: CID-Redacted for Privacy Admin Name: Redacted for Privacy Admin Organization: Redacted for Privacy Admin Street: Redacted for Privacy Admin City: Redacted for Privacy Admin State / Province: Redacted for Privacy Admin Postal Code: Redacted for Privacy Admin Country: Redacted for Privacy Admin Phone: Redacted for Privacy Admin Phone Ext: Redacted for Privacy Admin Fax: Redacted for Privacy Admin Fax Ext: Redacted for Privacy Admin Email: Redacted for Privacy Registry Tech ID: CID-Redacted for Privacy Tech Name: Redacted for Privacy Tech Organization: Redacted for Privacy Tech Street: Redacted for Privacy Tech City: Redacted for Privacy Tech State / Province: Redacted for Privacy Tech Postal Code: Redacted for Privacy Tech Country: Redacted for Privacy Tech Phone: Redacted for Privacy Tech Phone Ext: Redacted for Privacy Tech Fax: Redacted for Privacy Tech Fax Ext: Redacted for Privacy Tech Email: Redacted for Privacy Name Server: NSC1.KEYUBU.NET Name Server: NSC2.KEYUBU.NET DNSSEC: Unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>>Last update of WHOIS database: 2023-05-12T03:12:00Z<<< For more information on Whois status codes, please visit https://icann.org/epp IMPORTANT: Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 04 Jun 2018. Visit whois.nicproxy.com to look up contact data for domains not covered by GDPR policy. !****************************************************************************! NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN onayli bir alan adi kayit firmasidir. Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur. Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir. Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir. NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez. Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz. !*****************************************************************************! The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in obtaining information about or related to domain name registration records. NICS Telekomunikasyon A.S. does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances, you will use this data to 1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via E-mail(spam) or 2) enable high volume, automated, electronic processes that apply to Nics Telekomunikasyon Ltd. or its systems. Nics Telekomunikasyon Ltd. reserves the right to modify these terms. By submitting this query, you agree to abide by this policy. NICProxy Whois Server Ver.1.2.2
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:207987.248.157.102
2023-05-12 02:54:44Raw Data from RIRsNoCensys0030None{"last_updated_at": "2023-05-11T23:52:27.325Z", "ip": "35.229.48.116", "location_updated_at": "2023-05-03T02:08:25.414245Z", "autonomous_system_updated_at": "2023-04-30T01:14:54.271779Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.8929, "longitude": -80.0458}, "postal_code": "29418", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"tarokun.io": {"record_type": "A", "resolved_at": "2023-02-22T17:14:56.790549437Z"}, "www.accasionmarquees.co.uk": {"record_type": "CNAME", "resolved_at": "2023-04-29T21:46:09.095313604Z"}, "venture-debt.a55.tech": {"record_type": "A", "resolved_at": "2023-05-05T04:55:44.464714647Z"}, "docs.delhibusiness.org": {"record_type": "CNAME", "resolved_at": "2023-04-01T23:12:43.392015511Z"}, "agnesbistro.pl": {"record_type": "A", "resolved_at": "2022-10-18T17:21:38.112136671Z"}, "paulcass.tech": {"record_type": "A", "resolved_at": "2022-10-18T03:27:30.248173724Z"}, "tuxedosnob.com": {"record_type": "A", "resolved_at": "2023-02-03T15:12:09.705739659Z"}, "www.christinecolman.com.au": {"record_type": "CNAME", "resolved_at": "2023-05-02T12:24:01.832685073Z"}, "vanshjha.com": {"record_type": "A", "resolved_at": "2023-04-20T19:46:01.617778136Z"}, "www.eczemasurvivalguide.com": {"record_type": "CNAME", "resolved_at": "2023-01-28T13:19:32.406218633Z"}, "dev.presto-assistant.com": {"record_type": "CNAME", "resolved_at": "2023-04-06T15:51:21.576675060Z"}, "www.bair.uz": {"record_type": "CNAME", "resolved_at": "2022-12-13T18:05:21.129563004Z"}, "www.tastinggrounds.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T02:22:41.369894641Z"}, "www.fairbeauty.com.au": {"record_type": "A", "resolved_at": "2022-10-17T12:13:04.001655181Z"}, "vitalikgivesback.com": {"record_type": "A", "resolved_at": "2022-10-18T02:30:16.832001196Z"}, "y-design.com.au": {"record_type": "A", "resolved_at": "2023-04-14T12:25:31.059178540Z"}, "pex.polkafoundry.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T04:32:16.487131257Z"}, "akshaylilani.com": {"record_type": "A", "resolved_at": "2023-04-06T02:51:29.813870033Z"}, "blissfulspringark.com": {"record_type": "A", "resolved_at": "2023-04-02T14:16:36.011211149Z"}, "billyf.dev": {"record_type": "A", "resolved_at": "2022-10-02T14:18:34.137279098Z"}, "stdau.at": {"record_type": "A", "resolved_at": "2022-10-14T12:10:37.174814624Z"}, "alpenscene.pro": {"record_type": "A", "resolved_at": "2022-12-28T17:13:43.116541796Z"}, "imsstyle.com": {"record_type": "A", "resolved_at": "2023-05-02T21:52:19.402297942Z"}, "www.javamate.net": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:13:57.311443513Z"}, "yun.valaxy.site": {"record_type": "CNAME", "resolved_at": "2023-02-20T18:52:34.386641183Z"}, "dromomaniatravels.in": {"record_type": "A", "resolved_at": "2023-03-20T15:45:21.233724756Z"}, "skill-hikes.ch": {"record_type": "A", "resolved_at": "2023-02-09T12:30:48.371649363Z"}, "resume.aryanagrawal.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T03:40:00.238806828Z"}, "www.swisscommerce.wedeclare.ch": {"record_type": "CNAME", "resolved_at": "2023-04-19T14:51:25.624182578Z"}, "math.hyuki.net": {"record_type": "CNAME", "resolved_at": "2022-10-18T03:50:14.717511245Z"}, "doma-bauunternehmen.de": {"record_type": "A", "resolved_at": "2023-04-21T16:49:29.979118706Z"}, "www.nexonnlabs.com": {"record_type": "CNAME", "resolved_at": "2022-09-30T13:48:19.548808342Z"}, "solmemo.com": {"record_type": "A", "resolved_at": "2022-09-24T14:54:13.477895766Z"}, "incomparable-shortbread-590615.netlify.app": {"record_type": "A", "resolved_at": "2022-10-18T05:23:11.462954637Z"}, "ch-demo.pandia.health": {"record_type": "CNAME", "resolved_at": "2023-05-07T17:30:47.539606427Z"}, "www.gabrielmmelo.online": {"record_type": "CNAME", "resolved_at": "2023-04-24T21:33:23.254848616Z"}, "lrlc.netlify.app": {"record_type": "A", "resolved_at": "2023-03-11T12:07:56.988859902Z"}, "cypress-herman-rice-and-flatley.agency.dev.sweepbright.com": {"record_type": "CNAME", "resolved_at": "2023-04-22T00:39:57.696351195Z"}, "djneill.com": {"record_type": "A", "resolved_at": "2022-10-18T06:14:40.221938027Z"}, "damagestudio.dev": {"record_type": "A", "resolved_at": "2022-10-14T14:43:11.503470454Z"}, "matmicha.fr": {"record_type": "A", "resolved_at": "2023-03-14T00:08:20.262214614Z"}, "www.demokratie-fuer-alle.de": {"record_type": "CNAME", "resolved_at": "2023-05-01T16:02:45.480438463Z"}, "shire-agents.netlify.app": {"record_type": "A", "resolved_at": "2023-02-13T12:05:10.828777395Z"}, "www.stevekennaird.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T16:39:39.961329324Z"}, "www.cookiehive.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:25:16.963226501Z"}, "www.venture.app": {"record_type": "CNAME", "resolved_at": "2023-02-19T12:07:23.514163374Z"}, "blog.demiurgemgmt.net": {"record_type": "CNAME", "resolved_at": "2023-03-07T17:42:56.945311068Z"}, "xinxiao.xyz": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:29:56.337111755Z"}, "boutique.moutte-blanc.fr": {"record_type": "CNAME", "resolved_at": "2022-10-02T14:30:13.237914106Z"}, "submojo.com": {"record_type": "A", "resolved_at": "2023-05-02T23:07:06.093849499Z"}, "domeo-conseils.com": {"record_type": "A", "resolved_at": "2022-10-18T05:44:40.794710874Z"}, "support-cal.com": {"record_type": "A", "resolved_at": "2022-10-10T16:20:02.978606819Z"}, "116.48.229.35.bc.googleusercontent.com": {"record_type": "A", "resolved_at": "2023-04-27T15:20:33.707197957Z"}, "www.credible-india.com": {"record_type": "A", "resolved_at": "2023-04-25T14:31:44.370834713Z"}, "for-noobs.online": {"record_type": "A", "resolved_at": "2023-04-04T22:14:33.656533464Z"}, "resultlog.yakim.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:43.435999319Z"}, "staging.livecorp.com.au": {"record_type": "CNAME", "resolved_at": "2023-04-18T10:01:38.603411352Z"}, "payroll-billing-group-dev.netlify.com": {"record_type": "A", "resolved_at": "2023-02-17T14:31:45.286191553Z"}, "rhymeswithvirus.com": {"record_type": "A", "resolved_at": "2022-12-02T14:02:42.334196804Z"}, "clinicianvalues.cliniciandevelopmentcollective.com": {"record_type": "CNAME", "resolved_at": "2022-12-17T13:11:02.105813066Z"}, "www.statsjo.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T04:17:17.475596148Z"}, "dsa-play.altaracredit.com": {"record_type": "CNAME", "resolved_at": "2023-04-06T02:52:22.746004121Z"}, "www.mathew-paul.nz": {"record_type": "A", "resolved_at": "2022-09-26T18:24:02.409943161Z"}, "justingrant.net": {"record_type": "A", "resolved_at": "2023-04-24T20:06:17.033788828Z"}, "www.brianbickett.com": {"record_type": "CNAME", "resolved_at": "2023-03-12T13:34:01.218204209Z"}, "galaxies.me": {"record_type": "A", "resolved_at": "2023-04-18T18:10:07.290447904Z"}, "rain.1xgame.one": {"record_type": "CNAME", "resolved_at": "2022-12-04T16:57:26.409530339Z"}, "www.sotaymotsach.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:11:42.194873644Z"}, "slint-ui.com": {"record_type": "A", "resolved_at": "2022-10-13T14:26:55.820670540Z"}, "lofty.ga": {"record_type": "A", "resolved_at": "2023-03-08T16:11:09.534895940Z"}, "nostalgic-heisenberg-e4886d.netlify.com": {"record_type": "A", "resolved_at": "2023-02-24T14:18:20.154813627Z"}, "www.therawoutdoors.com": {"record_type": "A", "resolved_at": "2022-10-18T04:24:46.047294270Z"}, "www.zendesk.garden": {"record_type": "CNAME", "resolved_at": "2023-03-28T00:16:02.912201217Z"}, "blog.securecloudops.com": {"record_type": "CNAME", "resolved_at": "2023-04-16T15:43:53.820468269Z"}, "stmargs.atollon.com.au": {"record_type": "CNAME", "resolved_at": "2023-04-29T12:20:31.721712090Z"}, "foreignair.net": {"record_type": "A", "resolved_at": "2023-04-10T20:05:47.472804549Z"}, "merry-queijadas-0f8f4d.netlify.app": {"record_type": "A", "resolved_at": "2023-03-09T20:24:29.112094937Z"}, "ladefogedqualen.dk": {"record_type": "A", "resolved_at": "2022-10-18T04:56:04.736817426Z"}, "www.codewithsoccer.com": {"record_type": "CNAME", "resolved_at": "2022-12-16T13:09:13.792874661Z"}, "www.shorefireconsulting.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T15:11:31.030660555Z"}, "souldata.app": {"record_type": "A", "resolved_at": "2023-02-19T12:07:28.599013285Z"}, "barcelonabeachvolley.com": {"record_type": "A", "resolved_at": "2023-04-04T14:24:11.442622163Z"}, "www.guerraoffice.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:23:06.306203975Z"}, "kind2-home.netlify.app": {"record_type": "A", "resolved_at": "2022-11-09T12:04:25.207224093Z"}, "www.advancedliving.com.au": {"record_type": "CNAME", "resolved_at": "2023-03-16T00:18:33.882392422Z"}, "nsql.jinjier.art": {"record_type": "CNAME", "resolved_at": "2023-02-19T12:11:08.181507523Z"}, "deadneighbor.com": {"record_type": "A", "resolved_at": "2023-03-22T10:33:56.952236337Z"}, "ruchit.tk": {"record_type": "A", "resolved_at": "2022-10-18T06:13:12.128806491Z"}, "zacyoungdale.com": {"record_type": "A", "resolved_at": "2022-10-18T05:11:14.822496438Z"}, "terra-viewer.sensehawk.com": {"record_type": "CNAME", "resolved_at": "2023-02-23T14:59:54.839469148Z"}, "cloud.cantoo.co": {"record_type": "CNAME", "resolved_at": "2023-04-11T13:23:47.629232056Z"}, "jeremy.mayeres.be": {"record_type": "CNAME", "resolved_at": "2023-02-19T12:18:54.480921504Z"}, "www.nifi.love": {"record_type": "CNAME", "resolved_at": "2023-04-24T18:42:23.444509655Z"}, "www.k8150.net": {"record_type": "CNAME", "resolved_at": "2023-01-23T20:10:36.824486514Z"}, "api.science.io": {"record_type": "A", "resolved_at": "2023-01-27T15:12:42.987078445Z"}, "www.scottmadethis.net": {"record_type": "CNAME", "resolved_at": "2023-04-16T19:40:39.283102532Z"}, "www.qwed.work": {"record_type": "CNAME", "resolved_at": "2022-12-27T16:50:33.603590310Z"}, "spbalcarcelart.com": {"record_type": "A", "resolved_at": "2023-04-04T16:23:47.949765963Z"}, "iaapassgen.tk": {"record_type": "A", "resolved_at": "2022-10-18T04:12:38.321708790Z"}, "feedback.nuhoc.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:08:22.974703827Z"}}, "names": ["damagestudio.dev", "rhymeswithvirus.com", "www.javamate.net", "www.accasionmarquees.co.uk", "cloud.cantoo.co", 35.229.48.116
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonereferrer-policy: strict-origin-when-cross-origin{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"}
2023-05-12 02:44:16Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.111.153
2023-05-12 03:23:38Open TCP PortNoPulsedive0030None188.114.96.14:80188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonekeisharayne (Net ID: 00:1D:CE:8A:EF:D7)32.8608, -79.9746
2023-05-12 03:00:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.38): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:49Physical LocationNoAbstractAPI0020NoneChicago, Illinois, 60666, United States, North America172.67.135.9
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneTATBIKAT MIMARLIK (Net ID: 00:14:C1:20:3F:E3)40.2024, 29.0398
2023-05-12 03:00:28Affiliate - Email AddressNoE-Mail Address Extractor0040Nonezlib@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner1020Noneply.gg185.199.111.153
2023-05-12 02:44:43Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 27 01:46:18 2022 GMT Not After : Mar 27 01:46:17 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c: 8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e: 94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc: df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39: e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a: 41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c: 4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc: af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76: ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01: 78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa: b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4: 12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55: a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8: d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1: 8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47: e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b: 6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8: 25:d1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 8e:1e:a8:a7:dc:b4:b2:81:77:cc:05:85:bf:5a:da:1d:f4:11: 2f:79:e8:ea:90:50:cd:64:a1:df:43:64:b0:45:83:6a:9e:5d: 59:bc:d7:f8:c2:0e:5f:4b:d2:8c:3b:71:44:77:09:c9:00:b8: 05:73:a8:af:5c:03:95:2d:4c:ab:3f:94:8d:b8:ae:e1:f0:37: e9:58:9a:a0:2c:5e:da:55:60:52:70:f6:59:b6:b8:74:c2:ec: 81:ab:60:cd:18:64:f8:84:94:8c:df:47:3c:58:34:38:f7:32: 95:4f:6b:ab:3c:d9:c8:9d:74:72:3d:d9:8b:b0:94:26:be:f8: 97:a5:76:6a:24:26:67:96:90:9d:13:49:6a:48:2d:e9:2e:38: bc:3f:6a:f2:cd:6c:8d:0c:c9:e9:d6:d1:7b:0e:16:58:5f:02: 04:50:48:f9:7c:38:68:3b:60:03:bd:e1:08:78:5b:e8:18:86: b7:4b:aa:6f:ff:a7:2b:03:04:25:27:96:1f:8f:09:53:64:fa: 5f:9b:e8:88:a7:a7:cf:f6:cb:48:fc:5c:9c:94:c2:c7:76:87: 81:e4:c9:14:d3:20:ef:9f:47:07:5f:b5:8a:d6:96:2d:57:a9: f9:b6:6d:17:e3:16:11:39:ad:d4:74:7b:49:e0:ca:6b:a7:15: ef:22:a3:8b
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.186): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<hidden ssid> (Net ID: 00:01:E3:54:FF:0B)52.3759, 4.8975
2023-05-12 03:01:36Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.129): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:09:45Affiliate - Internet NameNoDNS Resolver0040None134.97.148.34.bc.googleusercontent.com34.148.97.134
2023-05-12 03:01:29Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.28): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelinksys (Net ID: 00:14:BF:A7:74:74)32.8608, -79.9746
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050Nonelinksys (Net ID: 00:06:25:75:F1:53)33.617190550339146,-111.90827887019054
2023-05-12 03:24:50CountryNoCountry Name Extractor0060NoneBritish Indian Ocean Territory01def.io
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonewarriorforum (Category: hobby) https://www.warriorforum.com/members/login.htmllogin
2023-05-12 03:01:24Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.227): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:13HTTP HeadersNoCensys0040None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}2606:4700:3030::ac43:a8fc
2023-05-12 03:03:27Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io000hen.github.io
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.192): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneSpeaker Deck (Category: social) https://speakerdeck.com/login/login
2023-05-12 03:09:32Affiliate - Internet NameNoDNS Resolver2030Nonecdn-185-199-108-154.github.com185.199.108.154
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None\022\026\024\001\027\004\013\017\005\014\022\032\0 (Net ID: 00:09:5B:2F:26:42)39.0469, -77.4903
2023-05-12 03:12:12Vulnerability - CVE MediumYesTool - testssl.sh0220NoneCVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389 Score: 4.3 Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.188.114.96.1
2023-05-12 03:01:21Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.188): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None003marek.github.io185.199.111.153
2023-05-12 02:53:52Open TCP Port BannerNoCensys0020NoneHTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 5142 Server: GitHub.com Content-Type: text/html; charset=utf-8 ETag: W/"64556a8c-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' Content-Encoding: gzip X-GitHub-Request-Id: 43CE:4ADD:8C38CD:9E6CB7:645D800F Accept-Ranges: bytes Date: <REDACTED> Via: 1.1 varnish Age: 0 X-Served-By: cache-gig2250056-GIG X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1683849232.554003,VS0,VE234 Vary: Accept-Encoding X-Fastly-Request-ID: c52142f897e3b3bde7efbc782ee478e7cae3ad86 2606:50c0:8003::153
2023-05-12 03:00:50Co-Hosted SiteNoHackerTarget2020None00-duino.github.io185.199.111.153
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider4030Nonehttp://nuke.battleb0t.xyz/cdn-cgi/styles/main.csshttp://nuke.battleb0t.xyz/
2023-05-12 03:24:52CountryNoCountry Name Extractor0030NoneUnited KingdomLondon, England, ENG, United Kingdom, GB
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneru_123rf (Category: hobby) https://ru.123rf.com/profile_loginlogin
2023-05-12 02:48:54SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 13 15:23:51 2023 GMT Not After : May 14 15:23:50 2023 GMT Subject: CN=nuke.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31: ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71: 0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af: 0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a: 5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7: 39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65: 24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59: 71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34: e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9: 0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc: 9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74: 06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3: aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75: 91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79: 73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb: 18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61: 4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26: a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1: d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1: 46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9: 1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01: 80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7: eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de: b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f: e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48: f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99: d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20: 45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86: e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd: 16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9: 1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9: f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8: 73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9: 53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba: 3c:1f:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nuke.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 9d:ff:c4:18:06:c7:30:d4:36:0f:0e:18:02:e1:f1:df:09:d5: 21:48:af:f9:5b:c3:31:1b:5f:2b:b6:70:3d:80:2b:58:d6:6f: b5:cd:ce:70:10:56:ed:d2:2c:18:4d:d8:55:56:01:67:34:4f: bc:a8:06:13:c7:63:73:41:9d:bd:7a:2d:d7:ed:6a:95:df:86: a0:fd:bf:15:00:37:ee:c9:32:cd:29:05:23:5a:30:c7:ce:39: 29:07:6d:b0:2b:6a:1c:81:8f:29:05:30:c4:40:2c:ba:5f:67: f5:56:a5:86:93:08:a2:16:e7:a9:15:01:13:84:23:08:70:b8: b0:8e:c4:e6:9c:43:cf:99:85:ea:2e:4c:6c:a4:51:b4:75:a3: cf:1f:af:40:ab:43:86:65:fb:ba:43:42:24:c7:fd:a0:13:49: bf:fb:a3:fe:ef:4b:38:f1:34:bd:37:28:78:ae:eb:fe:f8:2c: 4d:b8:bd:50:64:c1:2a:97:b9:ac:34:8d:83:6a:c1:4b:6d:6a: 3a:8c:69:86:1e:d9:d4:69:98:23:cc:ff:1b:aa:4f:58:58:dd: f4:2d:3e:92:9e:ec:9c:7f:4a:ba:35:54:c6:db:d8:38:08:1a: 75:fe:73:ca:92:d8:db:5e:94:c8:9a:15:84:e4:03:5b:a9:4b: 3c:ac:3c:70 battleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030Nonecelikpalas (Net ID: 00:12:17:69:2A:A4)40.2024, 29.0398
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneNoisette (Net ID: 00:0D:93:87:BE:5F)32.8608, -79.9746
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneMezzanine Airport (Net ID: 00:02:2D:0E:42:E3)37.7642, -122.3993
2023-05-12 02:48:31Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://dpcsit2024.github.io/Netflix', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://dpcsit2024.github.io/Netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f10_IE_EarlyTabStart_0xba0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_f10_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3856"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_f10_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f10_ConnHashTable<3856>_HashTable_Mutex"\n "IsoScope_f10_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f10_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "104.18.23.52:443"\n "142.250.191.74:443"\n "162.55.233.23:443"\n "45.57.90.1:443"\n "203.192.208.115:443"\n "142.250.189.227:443"\n "172.67.75.130:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pngimg.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "dpcsit2024.github.io"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "occ-0-4023-2164.1.nflxso.net"\n "pngimg.com"\n "pro.fontawesome.com"\n "www.freepnglogos.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"Watch anywhere, anytime, on an unlimited number of devices. Sign in with your Netflix account to watch instantly on the web at netflix.com from your personal computer or on any internet-connected device that offers the Netflix app, including smart TVs," (Indicator: "netflix.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003856]\n "netflix_PNG15_1_.png" has type "PNG image data 110 x 200 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm21llEw_1_.woff" has type "Web Open Font Format TrueType length 76672 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrJJLedA_1_.woff" has type "Web Open Font Format TrueType length 76604 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmv1plEw_1_.woff" has type "Web Open Font Format TrueType length 76404 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmr19lEw_1_.woff" has type "Web Open Font Format TrueType length 76076 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmy15lEw_1_.woff" has type "Web Open Font Format TrueType length 75364 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmg1hlEw_1_.woff" has type "Web Open Font Format TrueType length 75268 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm111lEw_1_.woff" has type "Web Open Font Format TrueType length 74932 version 1.1"- [targetUID: N/A]\n "pxiAyp8kv8JHgFVrJJLmE3tG_1_.woff" has type "Web Open Font Format TrueType length 72432 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm81xlEw_1_.woff" has type "Web Open Font Format TrueType length 71652 version 1.1"- [targetUID: N/A]\n "pxiEyp8kv8JHgFVrFJM_1_.woff" has type "Web Open Font Format TrueType length 66572 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /uploads/netflix/small/netflix_PNG15.png"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://dpcsit2024.github.io/Netflix"\n Pattern match: "https://dpcsit2024.github.io"\n Pattern match: "SUIDMmicrosoft.com/9216409460646431027691299872931531027574*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license"\n Pattern match: "https://pro.fontawesome.com/releases/v5.10.0/css/all.css"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap"\n Pattern match: "http://pngimg.com/uploads/netflix/small/netflix_PNG15.png"\n Pattern match: "https://www.freepnglogos.com/uploads/netflix-logo-0.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/vlv3/9c5457b8-9ab0-4a04-9fc1-e608d5670f1a/710d74e0-7158-408e-8d9b-23c219dee5df/IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small.jpg"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/tv.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-tv-in-0819.m4v"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/mobile-0819.jpg"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/boxshot.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/download-icon.gif"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/device-pile-in.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-devices-in.m4v"\n Pattern match: "https://occ-0-4023-2164.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP.png?r=5cf"\n Pattern match: "SUIDMmicrosoft.com/9216409460646431027691299872931531027574*MUID1CB3868C84876AFA3427947A85CB6B98microsoft.com/1025422709568031106045299880744031027574*_EDGE_V1microsoft.com/9216422709568031106045299888556531027574*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiAyp8kv8JHgFVrJJLmE3tG.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmv1plEw.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLm21llEw.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLedA.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmg1hlEw.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmr19lEw.woff"\n Pattern match: "https://fonts185.199.110.153
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBabyPips (Category: social) https://forums.babypips.com/u/login/summarylogin
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneFIS (Net ID: 00:02:2D:2E:39:1C)34.0544, -118.244
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:09:05)50.8897, 6.0563
2023-05-12 02:44:19Software UsedYesTool - Wappalyzer0020NoneFastlywww.battleb0t.xyz
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX5515722CD (Net ID: 00:01:E3:57:22:CD)52.3759, 4.8975
2023-05-12 03:03:37Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00theway.github.io
2023-05-12 02:55:27Web ServerNoURLScan.io0110NoneWerkzeug/2.2.2 Python/3.10.9battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:1D:05)50.8897, 6.0563
2023-05-12 03:15:37CookiesNoCookie Extractor0040NoneCF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none{"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"}
2023-05-12 02:54:59Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 22, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.google.com/url?sa=t&rct=j&q&esrc=s&source=web&cd&cad=rja&uact=8&ved=2ahUKEwig6IWT_sf9AhUqFFkFHaLQDFEQFnoECFUQAQ&url=https%3A%2F%2Fendoflife.date%2Fsplunk&usg=AOvVaw3dNC2fVERURzevqzmzvgio', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base b2610000\n "msedge.exe" loaded module "COMBASE.DLL" at base b7470000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 9b8e0000\n "msedge.exe" loaded module "NTDLL.DLL" at base b7c80000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base b6be0000\n "msedge.exe" loaded module "SHELL32.DLL" at base b57a0000\n "msedge.exe" loaded module "USER32.DLL" at base b7a50000\n "msedge.exe" loaded module "KERNEL32.DLL" at base b6e00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base b4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base b4ee0000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base b79a0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base b4ee0000\n "msedge.exe" loaded module "KERNEL32" at base b6e00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base b4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base b4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base b4ee0000\n "msedge.exe" loaded module "%PROGRAMFILES%\\(X86)\\MICROSOFT\\EDGE\\APPLICATION\\103.0.1264.37\\MSEDGE.DLL" at base 83910000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a005601000040c705b5fd7f0000@ntdll.dll"\n "220023005601000018c705b5fd7f0000@ntdll.dll"\n "19001a00c224000040c705b5fd7f0000@ntdll.dll"\n "22002300c224000018c705b5fd7f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:8176:120:WilError_01"\n "Local\\SM0:8000:304:WilStaging_02"\n "SM0:8000:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:8000:120:WilError_01"\n "SM0:8000:120:WilError_01"\n "Local\\SM0:8176:304:WilStaging_02"\n "SM0:8176:304:WilStaging_02"\n "Local\\SM0:8176:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:8176:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8176:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8176:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:8176:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.185.199.199:443"\n "185.199.109.153:443"\n "185.199.108.154:443"\n "35.247.66.204:443"\n "172.64.100.2:443"\n "54.215.114.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"github.githubassets.com"\n "simpleicons.org"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00008000.00000000.75945.B540F000.00000002.mdmp]'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00008000"\n YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"85e41a97-0a51-45be-9701-9328a8cccce4.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\85e41a97-0a51-45be-9701-9328a8cccce4.tmp]- [targetUID: 00000000-00008176]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00008176]\n "d8456ed4-264e-4bfa-ae77-3dd1fbe61661.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d8456ed4-264e-4bfa-ae77-3dd1fbe61661.tmp]- [targetUID: 00000000-00008176]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008176]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00008176]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\8176_2094895968\\Filtering Rules]- [targetUID: 00000000-00008176]\n "33ed44ec-5fb2-4ac5-bab9-e8b8484c6077.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\33ed44ec-5fb2-4ac5-bab9-e8b8484c6077.tmp]- [targetUID: 00000000-00008176]\n "f5020ad3-bd5d-4b77-9abd-2a7917f51814.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\f5020ad3-bd5d-4b77-9abd-2a7917f51814.tmp]- [targetUID: 00000000-00008176]\n "e4dc831f-30bb-481e-981e-d3749bdf7a0c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e4dc831f-30bb-481e-981e-d3749bdf7a0c.tmp]- [targetUID: 00000000-00008176]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007284]\n "67fb2784defc193d_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\67fb2784defc193d_0]- [targetUID: 00000000-00008176]\n "temp-index" has type "zlib compressed data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00008176]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8176_1447454528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008176]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens\\LOG]- [targetUID: 00000000-00008176]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8176_1447454528\\edge_driver.js]- [targetUID: 00000000-00008176]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8176_1447454528\\shopping.js]- [targetUID: 00000000-00008176]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008176]\n "8b9637f5-42d7-41f4-9b8e-b22220cad0c0.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\8b9637f5-42d7-41f4-9b8e-b22220cad0c0.tmp]- [targetUID: 00000000-00006224]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00008176]\n "04a120c2-8394-4261-bb45-618676a047cc.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\04a120c2-8394-4261-bb45-618676a047cc.tmp]- [targetUID: 00000000-00008176]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry185.199.109.153
2023-05-12 03:00:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.0): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneASU (Net ID: 00:06:25:66:88:D8)33.336199,-111.89446440830702
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:09:5B:6B:72:5C)39.0469, -77.4903
2023-05-12 02:48:30SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 13:27:58 2022 GMT Not After : Mar 18 13:27:57 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e: aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9: 19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3: 5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c: ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e: 9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14: 1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3: e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15: 68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c: 7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3: 43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4: 23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0: 7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75: 8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09: cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b: 9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d: 8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73: 3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1: ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a: 80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66: 3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a: b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45: 0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b: 87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2: fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c: cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e: 26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be: ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2: ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32: 1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03: 33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29: 15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67: 2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20: 7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5: 3c:bf:e5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 9f:12:eb:4c:27:a2:ab:ae:53:fe:36:76:0d:83:48:c0:c4:51: c2:09:08:23:27:a9:7b:35:32:d3:06:cd:e1:f3:c9:4c:2b:19: 5c:05:3a:7d:46:7b:96:78:c2:2b:09:8f:17:00:fe:1b:3e:53: fd:3e:2f:c3:9a:b5:30:cd:5b:63:83:4a:da:77:e7:97:a3:c7: 12:1d:4e:2a:c8:68:c9:ed:8a:5e:32:c1:3c:96:1c:3b:30:00: ed:b7:3d:b1:2e:45:01:68:3f:9d:92:c2:b8:d6:0d:29:ff:f9: fd:d1:fa:45:c6:29:5f:fe:71:3e:28:8a:cb:d6:9d:51:d9:27: 23:c9:0e:6b:80:7d:c0:dc:b5:f6:e5:58:0d:23:ef:dc:ee:f1: 9f:7c:9d:ea:60:0a:da:5d:a8:81:7a:f0:00:9e:67:b5:ff:9a: 9e:41:d0:47:44:a3:ef:c7:76:fc:d5:d2:2e:9c:0a:d5:6e:f6: ca:dd:e7:c4:7f:f4:80:04:e6:a2:ea:80:8a:fc:f5:3e:75:14: 53:f6:18:aa:9c:3c:71:e7:0e:04:2f:51:6f:57:cc:c7:59:90: 38:a5:63:c4:16:26:ed:1f:c8:e7:8b:d6:6e:db:f0:07:dd:4e: a9:fa:5d:63:f8:da:5c:da:d6:9a:39:ad:eb:e5:21:56:13:72: a3:9a:36:28 battleb0t.xyz
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonereport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D"}],"group":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneENHLG (Net ID: 00:01:36:5B:37:00)37.7642, -122.3993
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.75): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:14Domain NameNoDNS Resolver0010Noneayhu.xyzayhu.xyz
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.139): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:57Netblock IPv6 MembershipNoCensys0020None2a06:98c1:3120::/482a06:98c1:3120::1
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64-etm@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NonePoshmark (Category: shopping) https://poshmark.com/closet/ayhuayhu
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonecable (Net ID: 00:02:2D:2F:C6:B5)37.7642, -122.3993
2023-05-12 03:13:06Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [007joshie.github.io] https://www.openphish.com/feed.txt007joshie.github.io
2023-05-12 03:01:18Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.154): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:50:47 2023 GMT Not After : Jun 11 12:50:46 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a: 3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a: 0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64: 46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17: 93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe: 36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc: 48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59: 03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74: fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53: 3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70: ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59: b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42: ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79: b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b: 32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54: 41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd: 32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4: 25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10: 3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7: 49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62: f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6: 4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5: 97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c: 11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48: bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a: 86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb: 35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5: f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1: 59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee: ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97: a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7: 5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c: 9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f: a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92: a6:63:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Mar 13 13:50:48.097 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:CF:17:8C:E7:5C:85:D2:35:C0:73:1C: DD:DC:CB:6A:69:22:6C:11:CA:4A:7A:70:E6:41:98:64: C2:D6:EB:16:05:02:21:00:BB:55:01:DF:9D:AA:0D:1D: 85:02:D9:76:FB:4F:6B:D6:D8:8F:94:82:00:A7:D0:65: 5A:13:BE:6C:BF:BD:5B:9D Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Mar 13 13:50:48.131 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AF:43:46:DF:38:C8:21:CA:47:16:D3: 84:F0:B4:A9:1B:09:0F:BB:55:58:89:44:1F:3A:9E:8A: 3C:22:70:0D:03:02:21:00:8B:39:10:8E:8A:36:DF:3F: E7:32:3D:76:7C:AB:60:E8:18:70:D5:6D:0E:33:7A:97: F4:0A:88:2E:3A:2E:C4:71 Signature Algorithm: sha256WithRSAEncryption 7c:6a:76:1d:db:1c:de:c2:19:6d:98:57:99:25:b4:5e:0f:bf: 95:8c:45:a2:25:ed:32:95:f2:0a:78:4e:ff:62:f4:67:48:31: 90:2b:e2:3c:d5:1d:db:e1:60:6a:0f:17:23:34:71:35:8b:95: 4d:73:cd:e3:a3:52:97:93:84:37:a2:ed:c5:7c:91:2b:0a:f9: 83:c1:eb:81:7e:88:34:cd:f0:88:f8:df:18:16:ef:ca:7e:49: f2:a7:b7:0e:a3:4b:4e:4f:92:f3:51:0f:2b:4e:c0:52:1c:18: 2a:c7:b7:9d:09:65:0e:50:64:7a:7d:02:f3:86:ed:28:2c:cd: 4a:55:5f:32:f3:f6:3f:13:34:34:14:d8:2b:1d:6d:73:a0:41: 90:ec:31:52:17:e6:2f:8b:58:c6:fb:86:38:bb:08:6b:2a:fc: 64:0a:2b:2e:0f:f6:06:a5:76:85:8b:81:7c:0b:e7:7d:41:98: 29:67:65:9c:a3:5e:54:d7:42:a2:ca:57:e3:ed:40:b5:6b:e7: 20:ae:3b:11:70:76:c2:da:cf:31:f0:ab:ca:10:28:73:4e:36: 4a:79:71:99:ba:fe:41:29:e0:de:27:f3:42:87:08:d7:24:fe: 2c:3e:d4:01:c9:17:cd:e7:bc:a6:c4:72:63:d4:a6:ab:14:ea: 33:96:20:50 battleb0t.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneKKR Guest (Net ID: 00:01:21:70:65:31)37.7813933,-122.3918002
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonesohqwn1 (Net ID: 00:16:B6:F7:22:6E)32.8608, -79.9746
2023-05-12 02:55:05Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 7c5ad9968f0b1cf4-ORD 188.114.97.1
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonesteemit (Category: social) https://steemit.com/@loginlogin
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonetla60e06 (Net ID: 00:25:F0:A6:0E:06)37.751, -97.822
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:AB:1C)50.1188, 8.6843
2023-05-12 02:44:17Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.com185.199.111.153
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/random_1.jpeghttps://funny.battleb0t.xyz/
2023-05-12 03:01:38Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.151): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:20Linked URL - InternalNoWeb Spider1030Nonehttps://funny.battleb0t.xyz/images/withat_2.jpghttps://funny.battleb0t.xyz/
2023-05-12 02:54:07Open TCP Port BannerNoCensys0020NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 2606:4700:3031::ac43:8709
2023-05-12 02:54:38HTTP HeadersNoCensys0030None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c529effee343669-FRA"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.168.252
2023-05-12 03:01:35Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.114): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneGitHub Categorybattleb0t.github.io
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None1 375 East 2nd St Ch.11 (Net ID: 00:02:2D:8E:C5:7C)34.0544, -118.244
2023-05-12 03:00:57Co-Hosted SiteNoHackerTarget2020None01-scripts.github.io185.199.111.153
2023-05-12 02:53:30Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://t.length/4*3;t.substr(-2', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://this.drawingarea/2,math.max(e,n,r,i', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://kpmgvancouver.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a7c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a7c_IESQMMUTEX_0_519"\n "IsoScope_a7c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2684"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_a7c_IESQMMUTEX_0_303"\n "IsoScope_a7c_IE_EarlyTabStart_0x95c_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a7c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a7c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "185.199.109.153:443"\n "65.8.158.24:443"\n "142.251.46.234:443"\n "142.251.46.195:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kpmgvancouver.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"embed.typeform.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kpmgvancouver.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBC90.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBC90.tmp]- [targetUID: 00000000-00003428]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003428]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo-blue_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpkpmgvancouver.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "index-53bc3cd4_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "TarBC91.tmp" has type "data"- Location: [%TEMP%\\TarBC91.tmp]- [targetUID: 00000000-00003428]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4k_1_.woff" has type "Web Open Font Format TrueType length 70856 version 1.1"- [targetUID: N/A]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1y4k_1_.woff" has type "Web Open Font Format TrueType length 70724 version 1.1"- [targetUID: N/A]\n "CabBC90.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBC90.tmp]- [targetUID: 00000000-00003428]\n "embed_2_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "polyfills-legacy-3885cd1a_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002684]\n "index-9c6d6def_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF46942CD6BDFF4DA1.TMP" has type "data"- Location: [%TEMP%\\~DF46942CD6BDFF4DA1.TMP]- [targetUID: 00000000-00002684]\n "~DF11BB896A60D4C13F.TMP" has type "data"- Location: [%TEMP%\\~DF11BB896A60D4C13F.TMP]- [targetUID: 00000000-00002684]\n "~DF5CCB270BF65728C8.TMP" has type "data"- Location: [%TEMP%\\~DF5CCB270BF65728C8.TMP]- [targetUID: 00000000-00002684]\n "~DF6E57F7925FF822CD.TMP" has type "data"- Location: [%TEMP%\\~DF6E57F7925FF822CD.TMP]- [targetUID: 00000000-00002684]\n "RecoveryStore._FCC6CA29-E43E-11ED-A91E-080027143435_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_0770FCD2-E43F-11ED-A91E-080027143435_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_FCC6CA2B-E43E-11ED-A91E-080027143435_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"kpmgvancouver.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://kpmgvancouver.com/"\n Pattern match: "http://kpmgvancouver.com"\n Pattern match: "SUIDMmicrosoft.com/9216108183846431029441428212564231029323*MUID0AAB32D61E88645A137620291FC4652Cmicrosoft.com/1025121432768031107795428212564231029323*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216108183846431029441428212564231029323*MUID0AAB32D61E88645A137620291FC4652Cmicrosoft.com/1025121432768031107795428212564231029323*_EDGE_V1microsoft.com/9216121432768031107795428228189231029323*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&display=swap;@importhttps://fonts.googleapis.com/css2?family=Open+Sans+Condensed:wght@300;500;600;700&display=swap;*,:before,:after{box-sizing:border-box;border-width:0;border-style:solid;b"\n Pattern match: "MUID0F4A72106BA260EB0FC460EF6A2661B3msn.com/1025122432768031107795428540689231029323*"\n Pattern match: "https://github.com/zloirock/core-js/blob/v3.30.1/LICENSE,source:https://github.com/zloirock/core-js"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "SUIDMmicrosoft.com/9216108183846431029441428212564231029323*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUIDB0AAB32D61E88645A137620291FC4652Cieonline.microsoft.com/9216121432768031107795428228189231029323*"\n Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+t,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg;casemath:returnhttp://www.w3.org/1998/Math/MathML;default:returnhttp://www.w3.org/1999/xhtml}}function"\n Pattern match: "https://37np16ihnl.execute-api.us-west-2.amazonaws.com/dev,headers:{Content-type:application/json"\n Pattern match: "https://mths.be/punycode"\n Pattern match: "https://github.com/lancedi185.199.109.153
2023-05-12 03:31:28Affiliate - Email AddressNoE-Mail Address Extractor0050Noneabuse@name.comDomain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com/ Updated Date: 2023-01-20T18:05:08.0Z Creation Date: 2022-12-18T04:19:38.0Z Registry Expiry Date: 2031-12-18T23:59:59.0Z Registrar: Name.com, Inc Registrar IANA ID: 625 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Registrant State/Province: YN Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1CNB.NAME.COM Name Server: NS2KNZ.NAME.COM Name Server: NS3CNA.NAME.COM Name Server: NS4BLX.NAME.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: jrupp@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com Updated Date: 2023-01-20T18:05:08Z Creation Date: 2022-12-18T04:19:38Z Registrar Registration Expiration Date: 2031-12-18T23:59:59Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Reseller: Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Aaron Young Registrant Organization: Registrant Street: 408 Longquan Rd. Registrant City: KM Registrant State/Province: YN Registrant Postal Code: 650000 Registrant Country: CN Registrant Phone: Non-Public Data Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant Registry Admin ID: Not Available From Registry Admin Name: Aaron Young Admin Organization: Admin Street: 408 Longquan Rd. Admin City: KM Admin State/Province: YN Admin Postal Code: 650000 Admin Country: CN Admin Phone: Non-Public Data Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin Registry Tech ID: Not Available From Registry Tech Name: Aaron Young Tech Organization: Tech Street: 408 Longquan Rd. Tech City: KM Tech State/Province: YN Tech Postal Code: 650000 Tech Country: CN Tech Phone: Non-Public Data Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech Name Server: ns2knz.name.com Name Server: ns4blx.name.com Name Server: ns3cna.name.com Name Server: ns1cnb.name.com DNSSEC: unSigned Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<< For more information on Whois status codes, please visit https://icann.org/epp The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneNGMH (Net ID: 00:09:5B:B3:C8:73)33.617190550339146,-111.90827887019054
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.186): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:51:13Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://ltimindtree.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a88_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2696"\n "IsoScope_a88_IE_EarlyTabStart_0xb00_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_a88_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_a88_IESQMMUTEX_0_519"\n "IsoScope_a88_ConnHashTable<2696>_HashTable_Mutex"\n "IsoScope_a88_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"52.66.101.246:80"\n "64.185.181.238:80"\n "64.185.181.238:443"\n "142.251.32.42:443"\n "185.199.108.153:443"\n "104.17.24.14:443"\n "172.217.164.99:443"\n "104.16.168.82:443"\n "216.239.38.181:443"\n "142.250.101.156:443"\n "23.55.103.51:443"\n "104.22.1.204:443"\n "13.227.74.49:443"\n "104.19.187.97:443"\n "129.148.158.16:443"\n "104.18.43.158:443"\n "142.251.46.227:443"\n "151.139.128.10:443"\n "142.250.189.226:443"\n "13.227.74.111:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ltimindtree.com"\n "www.ltimindtree.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"acsbapp.com"\n "ajax.googleapis.com"\n "analytics.google.com"\n "cdn.cookielaw.org"\n "cdn.linkedin.oribi.io"\n "cdn.mouseflow.com"\n "cdnjs.cloudflare.com"\n "fonts.gstatic.com"\n "geolocation.onetrust.com"\n "googleads.g.doubleclick.net"\n "ltimindtree.com"\n "match.adsrvr.org"\n "qmixi.github.io"\n "s1202999527.t.eloqua.com"\n "script.hotjar.com"\n "snap.licdn.com"\n "static.hotjar.com"\n "stats.g.doubleclick.net"\n "tag.demandbase.com"\n "trk.techtarget.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "43EZ227H.txt")\n file/memory contains long string with (Indicator: "dir "; File: "8GUF1RZI.txt")\n file/memory contains long string with (Indicator: "dir "; File: "T4C0O7HV.txt")\n file/memory contains long string with (Indicator: "dir "; File: "75PH84QX.txt")\n file/memory contains long string with (Indicator: "dir "; File: "QI17P0NX.txt")\n file/memory contains long string with (Indicator: "dir "; File: "3WL9D6RI.txt")\n file/memory contains long string with (Indicator: "dir "; File: "44XFFKPA.txt")\n Found string "bcookie"v=2&cb1ccd6f-b42c-4b44-8237-806d021bd94a"linkedin.com/214748467354237888031105595381518900831032152li_sugrd8484c99-a6ad-4ab5-9d4d-faddd0c36123linkedin.com/2147484673242816089631050274381518900831032152" (Indicator: "dir "; File: "8GPG8YMP.txt")\n Found string "bscookie"v=1&20230510180300fdff2656-e0a7-4700-873b-ecdcb26c3929AQFixnVDvjTyjVvSfJj7LZAE71RX5OTb"www.linkedin.com/214749286555237888031105595382097025831032152" (Indicator: "dir "; File: "7MXCO0HI.txt")\n Found string "li_sugrd8484c99-a6ad-4ab5-9d4d-faddd0c36123linkedin.com/2147484673242816089631050274381518900831032152" (Indicator: "dir "; File: "CQM0G5XR.txt")\n file/memory contains long string with (Indicator: "dir "; File: "gtm_1_.js")\n Found string "function nz(a,b){var c=this;return b}nz.K="internal.enableAutoEventOnScroll";var cc=ca(["data-gtm-yt-inspected-"]),oz=["www.youtube.com","www.youtube-nocookie.com"],pz,qz=!1;" (Indicator: "dir "; File: "gtm_1_.js")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2628.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Hero-banner-Desktop-TomTom_1_.png" has type "PNG image data 1500 x 625 8-bit/color RGB non-interlaced" and extension "png"\n "Hellenic-Bank-HB_1_.png" has type "PNG image data 1501 x 626 8-bit/color RGB non-interlaced" and extension "png"\n "Together-with-ServiceNow-EB_1_.png" has type "PNG image data 640 x 850 8-bit/color RGB non-interlaced" and extension "png"\n "sap-barcelona_1_.jpg" has type "JPEG image data JFIF standard 1.02 resolution (DPI) density 72x72 segment length 16 baseline precision 8 640x850 components 3" and extension "jpg"\n "Gradient-2_1_.png" has type "PNG image data 1050 x 1255 8-bit/color RGBA non-interlaced" and extension "png"\n "Orlando-640x850-1_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 progressive precision 8 640x850 components 3" and extension "jpg"\n "Blueprint-4D-Event-2023-EB_1_.jpg" has type "JPEG image data progressive precision 8 640x850 components 3" and extension "jpg"\n "IBM-Think-2023-EB_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 640x850 components 3" and extension "jpg"\n "Hellenic-Bank-MB_1_.png" has type "PNG image data 376 x 601 8-bit/color RGB non-interlaced" and extension "png"\n "WeAreLTIMindtree_Web-Banners_MB1a_375x600px_1_.png" has type "PNG image data 376 x 601 8-bit/color RGB non-interlaced" and extension "png"\n "community-gradient_1_.png" has type "PNG image data 1040 x 951 8-bit colormap non-interlaced" and extension "png"\n "Thumbnail-Option-2-1_1_.png" has type "PNG image data 356 x 267 8-bit/color RGB non-interlaced" and extension "png"\n "greenCarpet_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1500x625 components 3" and extension "jpg"\n "Currys-LTIMindtree-Digital-Transformation-Partner-HHB_1_.png" has type "PNG image data 1500 x 625 8-bit/color RGBA non-interlaced" and extension "png"\n "LTIMindtree_Linear_2-1_L_T_Blue_1_.jpg" has type "JPEG image data JFIF standard 1.02 resolution (DPI) density 300x300 segment length 16 baseline precision 8 1070x302 components 3" and extension "jpg"\n "strength-gradient_1_.png" has type "PNG image data 640 x 1452 8-bit colormap non-interlaced" and extension "png"\n "Home-Page-Newsroom-Investors-Careers-Desktop-Investors-1_1_.png" has type "PNG image data 351 x 467 8-bit colormap non-interlaced" and extension "png"\n "IoT-Evolution-Award-2022_1_.png" has type "PNG image data 340 x 270 8-bit/color RGB non-interlaced" and extension "png"\n "Home-Page-Newsroom-Investors-Careers-Desktop-Careers-2_1_.png" has type "PNG image data 351 x 467 8-bit colormap non-interlaced" and extension "png"\n "Home-Page-Newsroom-Investors-Careers-Desktop-Newsroom-1_1_.png" has type "PNG image data 351 x 467 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1560', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1560', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002992]\n "Cab2627.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2627.tmp]- [targetUID: 00000000-00002992]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id'185.199.108.153
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020NonePinterest (Category: social) https://www.pinterest.com/patrickpogoda/patrickpogoda
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:01:71:0A:07:07)52.3759, 4.8975
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner2020Noneeliaspinheironeto.github.io185.199.111.153
2023-05-12 03:09:49Affiliate - Internet NameNoDNS Resolver0040None77.170.74.34.bc.googleusercontent.com34.74.170.77
2023-05-12 02:59:15Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74', u'104.18.33.171'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://www.thrivelearning.com/privacy-policy', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar13B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "184.31.135.120:80"\n "142.251.46.206:443"\n "172.67.40.155:443"\n "142.250.72.195:80"\n "172.217.164.104:443"\n "142.251.46.206:80"\n "142.251.32.46:443"\n "142.251.46.226:443"\n "104.17.213.204:443"\n "99.84.37.81:443"\n "104.17.131.171:443"\n "104.18.33.171:443"\n "104.17.67.176:443"\n "104.17.239.204:443"\n "104.17.234.204:443"\n "143.204.141.155:80"\n "142.250.191.34:443"\n "74.125.137.154:443"\n "143.204.146.22:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"\n "ocsp.pki.goog"\n "crl.pki.goog"\n "crls.pki.goog"\n "o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_fac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_fac_IE_EarlyTabStart_0xb88_Mutex"\n "UpdatingNewTabPageData"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fac_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4012"\n "IsoScope_fac_IESQMMUTEX_0_331"\n "IsoScope_fac_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_fac_ConnHashTable<4012>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fac_IE_EarlyTabStart_0xb88_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fac_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab13A.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"E87CE99F124623F95572A696C80EFCAF_7F9CD1EAD79E5E81389FF041C7CC4C83" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_7F9CD1EAD79E5E81389FF041C7CC4C83]- [targetUID: 00000000-00004092]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00004092]\n "A16C6C16D94F76E0808C087DFC657D99_FC91738673A16FF86D4BA590A2DAB458" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\A16C6C16D94F76E0808C087DFC657D99_FC91738673A16FF86D4BA590A2DAB458]- [targetUID: 00000000-00004092]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00004092]\n "~DFCDE83B0A453A9EBF.TMP" has type "data"- Location: [%TEMP%\\~DFCDE83B0A453A9EBF.TMP]- [targetUID: 00000000-00004012]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00004092]\n "GA27FS9J.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GA27FS9J.txt]- [targetUID: 00000000-00004092]\n "CSO8KKZN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CSO8KKZN.txt]- [targetUID: 00000000-00004012]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00004092]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00004092]\n "Cab13A.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab13A.tmp]- [targetUID: 00000000-00004092]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00004092]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00004092]\n "6180SSX0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6180SSX0.txt]- [targetUID: 00000000-00004092]\n "GCLPDFB0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GCLPDFB0.txt]- [targetUID: 00000000-00004012]\n "VRCWGUFK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VRCWGUFK.txt]- [targetUID: 00000000-00004092]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00004012]\n "NXW30O92.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NXW30O92.txt]- [targetUID: 00000000-00004012]\n "6KIE135F.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6KIE135F.txt]- [targetUID: 00000000-00004012]\n "U6NFCC50.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U6NFCC50.txt]- [targetUID: 00000000-00004012]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 200 OK\nContent-Length: 281\nContent-Type: application/json; charset=utf-8\nServer: Microsoft-HTTPAPI/2.0\nX-CMS-SearchElapsedTimeInMilliseconds: 10\nX-CMS-SearchBackendTimeInMilliseconds: 6\nX-CMS-SearchMatchedTotal: 1\nX-CMS-SearchMaxScore: 0\nX-CMS-SearchShardsTotal: 80\nX-CMS-SearchShardsSuccessful: 80\nX-CMS-SearchShardsFailed: 0\nX-CMS-SearchReturnedCount: 1\nX-CMS-DocumentStorageTier: Cache\nEdge-control: max-age=900s,downstream-ttl=900s\nX-CMS-ExecutionTimeInMilliseconds: 3\nAppEx-Activity-Id: 11ec2d32-6770-4750-a98d-dc60dcd1f5e5\nX-Trace-Context: {"ActivityId":"11ec2d32-6770-4750-a98d-dc60dcd1f5e5"}\nMS-CV: UaAmJ1CqSECp3hXSggbhQA.0\nX-CMS-ServiceLocation: westus:0\nDate: Mon, 25 Jul 2022 17:07:38 GMT\n\n[{"list":[{"link":{"href":"goldbartext","title":""}},{"link":{"href":"okBtnText","title":""}},{"link":{"href":"cancelBtnText","title":""}},{"link":{"href":"intervalInDays","title":"20"}},{"link":{"href":"repeat","title":"1"}},{"link":{"href":"version","title":"3"}}],"_score":0.0}]"- [Source: SSL_52.155.62.95]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.thrivelearning.com/privacy-policy"- [Source: Input]\n Pattern match: "https://www.thrivelearning.com"- [Source: Input]\n Heuristic match: "x1.c.lencr.org"- [Source: PCAP]\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D34.74.170.74
2023-05-12 02:44:05SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Let's Encrypt,CN=R3battleb0t.xyz
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonewebmail.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.198): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:59:54Affiliate - Email AddressNoE-Mail Address Extractor0030Noneastehnkuhl@generalatlantic.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://generalatlantic.com/astehnkuhl@generalatlantic.com%20https://site.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fastehnkuhl%40generalatlantic.com%20https%3A%2F%2Fllink.to%2F%3Fu%3Dhttps%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fjdenig%40generalatlantic.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3f4_IE_EarlyTabStart_0xe18_Mutex"\n "IsoScope_3f4_IESQMMUTEX_0_331"\n "IsoScope_3f4_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3f4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "IsoScope_3f4_ConnHashTable<1012>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.43.150:443"\n "104.21.16.120:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://plus.google.com/107971784894043504000/" onclick="window.open(this.href);return false;"><i class="fa fa-google-plus"></i></a>" (Indicator: "plus.google.com")\n "<a href="https://twitter.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-twitter"></i></a>" (Indicator: "twitter")\n "<a href="https://www.facebook.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a href="https://www.linkedin.com/company/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-linkedin"></i></a>" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/user/nexcessnet" onclick="window.open(this.href);return false;"><i class="fa fa-youtube"></i></a>" (Indicator: "youtube")\n "<p>Congrats on launching your new Website! Spread the good news: <a href="https://twitter.com/share" class="twitter-share-button" data-text="Just launched my new website with @Nexcess!" data-count="none">Tweet</a></p>" (Indicator: "twitter")\n "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar102F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1041.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab102E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1040.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "GJU2ZIBE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GJU2ZIBE.txt]- [targetUID: 00000000-00001012]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002472]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF50FE3D0FF9FC6B92.TMP" has type "data"- Location: [%TEMP%\\~DF50FE3D0FF9FC6B92.TMP]- [targetUID: 00000000-00001012]\n "_5CF2F181-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._52546023-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "site_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "FTU5WTPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FTU5WTPF.txt]- [targetUID: 00000000-00001012]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "llink_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_A79A7ACA-C1A9-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "5EL6UQQZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5EL6UQQZ.txt]- [targetUID: 00000000-00002472]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"!1,w)})},u).prototype.cr=function(){},u.prototype.xy=function(){this.mx.g().focus()},u.prototype.tt=function(w,z,u,r,e,z,y){return(r=((z=new a_((e=["api","payload",(u=void 0===u?"":u,y=["p",0,37],2)],f)[29](y[2],e[y[1]],e[1])+u),z.u).set(y[0],w),wx.y()).get(),z.u.set("k",v[7](16,e[2],r)),z&&z.u.set("id",z),z).tostring()},u).prototype.h1=function(){},u.prototype.ia=function(w,z){(((this.su[(z=["qu",30,"sq"],z)[0]](w),this).mx[z[0]](w),this).rr[z[0]](w),this)[z[2]][z[0]](w),this.bi[z[0]](w),v[z[1]](9," [Source: recaptcha__en_1_.js]\n Observed email domain:"z,u){(this[(((((td.prototype.sw[z=["undo-button-holder","image-button-holder","verify-button-holder"],u=["call",1,"sq"],u[0]](this,w),this.su).render(c[41](68,this,"reload-button-holder")),this.mx.render(c[41](52,this,"audio-button-holder")),this.rr).render(c[41](53,this,z[u[1]])),this.bi).render(c[41](84,this,"help-button-holder")),this.xv).render(c[41](68,this,z[0])),f[13](8,!1,this.xv.g()),u)[2]].render(c[41](68,this,z[2])),this).ee?f[13](22,!1,this.mx.g()):f[13](20,!1,this.rr.g())},u).prototype.nu=" [S
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonecHEEZburger (Category: hobby) https://profile.cheezburger.com/loginlogin
2023-05-12 03:24:22HTTP Status CodeNoWeb Spider0220None404https://kekw.battleb0t.xyz/jar
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneRPOWER3 (Net ID: 00:02:6F:B3:3B:AA)33.6170672,-111.90564645297056
2023-05-12 03:31:33Affiliate - Email AddressNoE-Mail Address Extractor0030None4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.comDomain Name: ASHU.XYZ Registry Domain ID: D279374777-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2023-03-28T08:17:54.0Z Creation Date: 2022-03-03T09:34:10.0Z Registry Expiry Date: 2024-03-03T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant State/Province: Capital Region Registrant Country: IS Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: GRACE.NS.CLOUDFLARE.COM Name Server: LOGAN.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain name: ashu.xyz Registry Domain ID: D279374777-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-02-22T23:31:01.00Z Creation Date: 2022-03-03T09:34:10.00Z Registrar Registration Expiration Date: 2024-03-03T23:59:59.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com Name Server: grace.ns.cloudflare.com Name Server: logan.ns.cloudflare.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T07:17:37.40Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:09:04Affiliate - IP AddressNoDNS Look-aside1020None87.248.157.10787.248.157.102
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSEC_LinkShare_693068 (Net ID: 00:12:FB:E0:05:F2)50.8897, 6.0563
2023-05-12 02:54:13Open TCP Port BannerNoCensys0040NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 2606:4700:3030::ac43:a8fc
2023-05-12 02:52:48Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://optisigns.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6044:304:WilStaging_02"\n "SM0:6044:120:WilError_01"\n "Local\\SM0:6044:120:WilError_01"\n "SM0:6044:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"75.2.70.75:80"\n "138.91.254.96:443"\n "75.2.70.75:443"\n "52.25.204.60:443"\n "65.8.158.16:443"\n "142.250.191.42:443"\n "172.64.132.15:443"\n "185.199.108.153:443"\n "151.101.1.229:443"\n "104.19.255.88:443"\n "69.16.175.42:443"\n "65.8.165.144:443"\n "104.17.24.14:443"\n "142.250.191.35:443"\n "142.251.46.234:443"\n "157.230.203.149:443"\n "65.8.158.126:443"\n "169.150.221.147:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"optisigns.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.omappapi.com"\n "a.opmnstr.com"\n "ajax.googleapis.com"\n "alb.reddit.com"\n "api.edgeoffer.microsoft.com"\n "api.omappapi.com"\n "app.clearbit.com"\n "app.termly.io"\n "assets-tracking.crazyegg.com"\n "cdn.jetboost.io"\n "cdn.jsdelivr.net"\n "cdn.linkedin.oribi.io"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "connect.facebook.net"\n "customerioforms.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hscollectedforms.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "src="https://www.facebook.com/tr?id=1046181442239428&ev=PageView&noscript=1"" (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""url": "https://www.youtube.com/watch?v=Qan_OvBeUpc"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""originalUrl": "https://www.youtube.com/watch?v=Qan_OvBeUpc"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""url": "https://www.youtube.com/watch?v=oa2hb64HdfY"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""originalUrl": "https://www.youtube.com/watch?v=oa2hb64HdfY"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""url": "https://www.youtube.com/watch?v=HsxOzOtdJEU"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""originalUrl": "https://www.youtube.com/watch?v=HsxOzOtdJEU"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string "</svg></div></a><a href="https://twitter.com/OptiSignsInc" target="_blank" class="w-inline-block"><div class="social-icon w-embed"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">" (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string "www.facebook.com" (Indicator: "dir "; File: "PCAP")\n Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge kids mode\\0.0.0.10\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge kids mode\\0.0.0.10\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\eadpdata component\\4.0.2.16\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\eadpdata component\\4.0.2.16\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\extension state\\current"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\extension state\\manifest-000001"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\extension state\\000003.log"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.3784.704.8066580413151223232"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpoptisigns.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003784]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007716]\n "Ruleset Data" has type "data"- [targetUID: 00000000-00003784]\n "wallet-pre-stabl185.199.108.153
2023-05-12 03:01:44Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.233): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:01:F4:5B:7B:F7)34.0544, -118.244
2023-05-12 02:48:26Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://1inchh.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"iexplore.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 750C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 75BE0000\n "iexplore.exe" loaded module "%WINDIR%\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\\comctl32.dll" at 73C00000\n "iexplore.exe" loaded module "%WINDIR%\\WindowsShell.Manifest" at 00430000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\IEShims.dll" at 69090000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 739A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 70440000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 75E50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 74790000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 004F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 74520000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\RpcRtRemote.dll" at 74D20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6E1A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\FWPUCLNT.DLL" at 72C70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 74EF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 74DA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\user32.dll.mui" at 01E90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 75CB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 75020000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 74ED0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mscoree.dll" at 690F0000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" at 671A0000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 66430000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 65E80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sxs.dll" at 74C90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\KernelBase.dll.mui" at 035B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\credssp.dll" at 74450000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 748C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 748A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 74460000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 74E40000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\ow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" at 037F0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\iexplore.exe" at 043A0000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 65790000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 651E0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 021D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 759C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 75050000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 76030000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l1-1-0.dll" at 74EA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 75EE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 77020000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 754D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 75580000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-version-l1-1-0.dll" at 750A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\version.dll" at 74300000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-user32-l1-1-0.dll" at 74E90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 757C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 75970000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\lpk.dll" at 77060000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\usp10.dll" at 75F90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-normaliz-l1-1-0.dll" at 750B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\normaliz.dll" at 77010000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll" at 74E80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 77070000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 000E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 77040000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 75AF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 74C80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 76FD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 75BD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\fltLib.dll" at 6FF60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-core-synch-l1-2-0.dll" at 72500000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 74C10000\n "iexplore.exe" loaded module "%WINDIR%\\Globalization\\Sorting\\SortDefault.nls" at 01EF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shell32-l1-1-0.dll" at 71E80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 76230000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieframe.dll" at 6C860000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\comdlg32.dll" at 75890000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 737C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\urlmon.dll" at 760E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-ole32-l1-1-0.dll" at 74E70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wininet.dll" at 75220000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 74D90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 74EB0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\sqmapi.dll" at 72540000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 74AC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l2-1-0.dll" at 71580000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat" at 00460000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\webio.dll" at 703F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 74750000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll" at 68E00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wship6.dll" at 74740000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 742E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winnsi.dll" at 742D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6E7E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 72F70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 732F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 732E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\srvcli.dll" at 749A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 732D0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\ieproxy.dll" at 69220000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WSHTCPIP.DLL" at 741F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dnsapi.dll" at 74610000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rasadhlp.dll" at 715A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\apphelp.dll" at 74C30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieui.dll" at 69010000\n "iexplore.exe" loaded module "%WINDIR%\\Fonts\\StaticCache.dat" at 038A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WindowsCodecs.dll" at 733F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 71740000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaccrc.dll" at 02830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ExplorerFrame.dll" at 70830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\duser.dll" at 73A10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dui70.dll" at 73560000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msimg32.dll" at 72640000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\msctf.dll.mui" at 037D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 72C40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 74200000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mlang.dll" at 691F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 73AC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 742A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Wldap32.dll" at 75AA0000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000030.db" at 03840000\n "iexplore.exe185.199.110.153
2023-05-12 02:45:39Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://klliii.github.io/clone-netflix/', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://klliii.github.io/clone-netflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://klliii.github.io/clone-netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dd4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "IsoScope_dd4_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_dd4_ConnHashTable<3540>_HashTable_Mutex"\n "IsoScope_dd4_IE_EarlyTabStart_0xc74_Mutex"\n "IsoScope_dd4_IESQMMUTEX_0_331"\n "IsoScope_dd4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3540"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "104.18.23.52:443"\n "142.250.191.74:443"\n "142.250.189.163:443"\n "45.57.91.1:443"\n "172.64.100.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"klliii.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "klliii.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"backgroun-img_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "children_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "everywhere_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "download_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "Logonetflix_1_.png" has type "PNG image data 2226 x 678 8-bit/color RGBA non-interlaced" and extension "png"\n "enjoy_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "free-fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "backgroun-img_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "children_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "o-0NIpQlx3QUlC5A4PNjThZlYA_1_.woff" has type "Web Open Font Format TrueType length 228112 version 1.1"- [targetUID: N/A]\n "o-0IIpQlx3QUlC5A4PNb4Q_1_.woff" has type "Web Open Font Format TrueType length 224624 version 1.1"- [targetUID: N/A]\n "everywhere_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "download_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "Logonetflix_1_.png" has type "PNG image data 2226 x 678 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003540]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF3E012FF382512C9A.TMP" has type "data"- Location: [%TEMP%\\~DF3E012FF382512C9A.TMP]- [targetUID: 00000000-00003540]\n "~DFDA4F25623C99390F.TMP" has type "data"- Location: [%TEMP%\\~DFDA4F25623C99390F.TMP]- [targetUID: 00000000-00003540]\n "~DF8521FB640F54F2EE.TMP" has type "data"- Location: [%TEMP%\\~DF8521FB640F54F2EE.TMP]- [targetUID: 00000000-00003540]\n "~DF8123E484044DA9B7.TMP" has type "data"- Location: [%TEMP%\\~DF8123E484044DA9B7.TMP]- [targetUID: 00000000-00003540]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "enjoy_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-556', u'name': u'Found strings related to keylogger', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1056/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-568', u'attck_id': u'T1056.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "< >"; File: "SSL")'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /clone-netflix/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://klliii.github.io/clone-netflix/"\n Pattern match: "http://klliii.github.io"\n Pattern match: "http://klliii.github.io/clone-netflix"\n Pattern match: "SUIDMmicrosoft.com/9216324768204831030537213959591431030420*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "SUIDMmicrosoft.com/9216324768204831030537213959591431030420*MUID27A7234A5F97654400D0304F5EDB649Amicrosoft.com/1025338017126431108891213975216431030420*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-tv-in-0819.m4v"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-devices-in.m4v"\n Pattern match: "https://kit.fontawesome.com/e5b8e6f1e4.js"\n Pattern match: "SUIDMmicrosoft.com/9216324768204831030537213959591431030420*MUID27A7234A5F97654400D0304F5EDB649Amicrosoft.com/1025338017126431108891213975216431030420*_EDGE_V1microsoft.com/9216338017126431108891213990841431030420*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "MUIDB27A7234A5F97654400D0304F5EDB649Aieonline.microsoft.com/9216338017126431108891213975216431030420*"\n Pattern match: "https://fonts.gstatic.com/s/notosans/v28/o-0NIpQlx3QUlC5A4PNjThZlYA.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosans/v28/o-0IIpQlx3QUlC5A4PNb4Q.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosanssylotinagri/v2185.199.111.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS (Net ID: 00:00:C5:D7:5E:5C)41.8781, -87.6298
2023-05-12 03:09:39Affiliate - Internet NameNoDNS Resolver0040None109.48.229.35.bc.googleusercontent.com35.229.48.109
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00theway.github.io185.199.111.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCHILDERS (Net ID: 00:09:5B:70:17:F2)39.0469, -77.4903
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NonePDI (Net ID: 00:06:25:FE:34:4D)33.6170672,-111.90564645297056
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonevenia1101 5 (Net ID: 00:01:9F:34:7C:24)34.0544, -118.244
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:443104.21.71.14
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.203): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:46:54Affiliate - Domain NameNoDNS Resolver0020Nonecloudflare.netroute1.mx.cloudflare.net
2023-05-12 03:09:28Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Noneacilacikveteriner.com87.248.157.102
2023-05-12 02:54:54HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c552e7289ff8729-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}2a06:98c1:3121::1
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneSnapchat Stories (Category: social) https://story.snapchat.com/s/ayshooayshoo
2023-05-12 02:44:24Software UsedYesTool - Wappalyzer0020NoneCloudflareoldfluid.battleb0t.xyz
2023-05-12 02:44:14SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.apppics.battleb0t.xyz
2023-05-12 02:55:05Open TCP PortNoCensys0020None188.114.97.1:2096188.114.97.1
2023-05-12 02:46:12Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://aegide.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7968:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7968:120:WilError_01"\n "Local\\SM0:8132:120:WilError_01"\n "Local\\SM0:8132:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:8132:120:WilError_01"\n "Local\\SM0:7968:120:WilError_01"\n "SM0:7968:120:WilError_01"\n "SM0:7968:304:WilStaging_02"\n "Local\\SM0:7968:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7968:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7968:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.217.164.106:443"\n "142.251.32.42:443"\n "142.251.214.131:443"\n "104.46.162.226:443"\n "199.232.208.194:443"\n "74.120.184.204:443"\n "151.101.2.91:443"\n "142.250.191.46:443"\n "18.155.181.126:443"\n "142.251.2.155:443"\n "192.184.69.215:443"\n "151.101.128.194:443"\n "172.217.12.104:443"\n "50.112.153.84:443"\n "104.22.4.69:443"\n "108.138.240.127:443"\n "18.155.181.48:443"\n "23.39.0.192:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.ad.gt"\n "ads.servenobid.com"\n "api.rlcdn.com"\n "d.turn.com"\n "eb2.3lift.com"\n "hbopenbid.pubmatic.com"\n "id.hadron.ad.gt"\n "idsync.rlcdn.com"\n "idx.liadm.com"\n "image2.pubmatic.com"\n "image8.pubmatic.com"\n "infinitefusion.fandom.com"\n "lexicon.33across.com"\n "p.ad.gt"\n "pippio.com"\n "pixel.tapad.com"\n "prebid-server.rubiconproject.com"\n "prebid.media.net"\n "rp.liadm.com"\n "s.amazon-adsystem.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007968]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00007968]\n "recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\\7968_773401145\\recovery-component-inner.crx]- [targetUID: 00000000-00007968]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\7968_1915048979\\Filtering Rules]- [targetUID: 00000000-00007968]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_2]- [targetUID: 00000000-00007968]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00007968]\n "59f9f8c0-2fcb-48a3-9c43-382eb668ab90.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 480998"- Location: [%TEMP%\\59f9f8c0-2fcb-48a3-9c43-382eb668ab90.tmp]- [targetUID: 00000000-00007968]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7968_1915048979\\Filtering Rules-AA]- [targetUID: 00000000-00007968]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00007968]\n "f_000241" has type "gzip compressed data from Unix original size modulo 2^32 559102"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000241]- [targetUID: 00000000-00008172]\n "f_000254" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 558245"- [targetUID: N/A]\n "History" has type "SQLite 3.x database last written using SQLite version 3038005"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00008132]\n "f_000259" has type "gzip compressed data max compression original size modulo 2^32 406249"- [targetUID: N/A]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00007968]\n "f_000248" has type "gzip compressed data was "main.bundle.js" last modified: Wed Mar 29 09:20:53 2023 max compression from Unix original size modulo 2^32 631835"- [targetUID: N/A]\n "f_00024d" has type "gzip compressed data max compression from Unix original size modulo 2^32 360702"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00008172]\n "f_000242" has type "gzip compressed data max compression from Unix original size modulo 2^32 494696"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000242]- [targetUID: 00000000-00008172]\n "f_000252" has type "data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://aegide.github.io/"\n Pattern match: "https://aegide.github.io"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://creativecommons.org/"\n Heuristic match: "a.ad.gt"\n Heuristic match: "ads.servenobid.com"\n Heuristic match: "api.rlcdn.com"\n Heuristic match: "d.turn.com"\n Heuristic match: "eb2.3lift.com"\n Heuristic match: "hbopenbid.pubmatic.com"\n Heuristic match: "id.hadron.ad.gt"\n Heuristic match: "idsync.rlcdn.com"\n Heuristic match: "idx.liadm.com"\n Heuristic match: "image2.pubmatic.com"\n Heuristic match: "image8.pubmatic.com"\n Heuristic match: "infinitefusion.fandom.com"\n Heuristic match: "lexicon.33across.com"\n Heuristic match: "p.ad.gt"\n Heuristic match: "pippio.com"\n Heuristic match: "pixel.tapad.com"\n Heuristic match: "prebid-server.rubiconproject.com"\n Heuristic match: "prebid.media.net"\n Heuristic match: "rp.liadm.com"\n Heuristic match: "s.amazon-adsystem.com"\n Heuristic match: "secure.adnxs.com"\n Heuristic match: "seg.ad.gt"\n Heuristic match: "services.fandom.com"\n Heuristic match: "sync.mathtag.com"\n Heuristic match: "token.rubiconproject.com"\n Pattern match: "www.fandom.com"\n Pattern match: "on.fandom.com/\'.\',\'\'ki/F_,k;;l__"\n Heuristic match: "egide.github.io"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.191.46"\n "UDP connection to 172.217.12.104"\n "UDP connection to 35.190.60.146"\n "UDP connection to 34.111.113.62"\n "UDP connection to 34.98.64.218"\n "UDP connection to 142.250.189.162"\n "UDP connection to 142.250.189.226"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "Unknown"- Location: [%TEMP%\\7968_1915048979\\adblock_snippet.js]- [targetUID: 00000000-00007968]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'str185.199.111.153
2023-05-12 02:49:42Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://ovolve.github.io./', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c04_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c04_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c04_IE_EarlyTabStart_0xc28_Mutex"\n "IsoScope_c04_ConnHashTable<3076>_HashTable_Mutex"\n "IsoScope_c04_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c04_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ovolve.github.io"\n "ovolve.github.io."'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ovolve.github.io."'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_E26CC892-B3FD-11ED-8DD4-080027C97B4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC2B4CC769FA8ED96.TMP" has type "data"- Location: [%TEMP%\\~DFC2B4CC769FA8ED96.TMP]- [targetUID: 00000000-00003076]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._DBBF5281-B3FD-11ED-8DD4-080027C97B4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003076]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFA990EBDE4D7AD6EC.TMP" has type "data"- Location: [%TEMP%\\~DFA990EBDE4D7AD6EC.TMP]- [targetUID: 00000000-00003076]\n "~DF2782969D76362D05.TMP" has type "data"- Location: [%TEMP%\\~DF2782969D76362D05.TMP]- [targetUID: 00000000-00003076]\n "DD371DTO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DD371DTO.txt]- [targetUID: 00000000-00003076]\n "~DF871B8F3038523BC2.TMP" has type "data"- Location: [%TEMP%\\~DF871B8F3038523BC2.TMP]- [targetUID: 00000000-00003076]\n "_DBBF5283-B3FD-11ED-8DD4-080027C97B4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "2JR14FFJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2JR14FFJ.txt]- [targetUID: 00000000-00003076]\n "ZPAGZOOJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZPAGZOOJ.txt]- [targetUID: 00000000-00003912]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://ovolve.github.io./"\n Pattern match: "http://ovolve.github.io"\n Heuristic match: "ovolve.github.io"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/70 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63f84e0cf084a4ebbd09e40f', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.110.153'], u'sha256': u'f8d347492a1f6c9b93dc2f32787a5f977924a39f1b3b780e41308e2da9cde63e', u'sha512': u'2a79b0f20b074cf0ee05cae5de8129f8e82728b59771926ef761f5db4c7972c16b093a38e08ce49a784934174b18c7b66aadf02caef3d81f3be87dacb6012134', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://ovolve.github.io./', u'submission_id': u'63f84e0df084a4ebbd09e410', u'created_at': u'2023-02-24T05:41:33+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-24T05:41:33+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'190362034693d3992c7a6e770f7f7b1f', u'network_mode': u'default', u'processes': [], u'sha1': u'a14c41f95cb25b4fba550658bd8036aa7eb96164', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'ovolve.github.io', u'ovolve.github.io.'], u'extracted_files': [], u'type_short': []}]185.199.110.153
2023-05-12 03:03:20Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0-l.github.io
2023-05-12 02:54:48BGP AS MembershipNoCensys0030None39698234.148.97.127
2023-05-12 02:54:23Web Content TypeNoWeb Spider0040Nonetext/csshttps://www.ayhu.xyz/cdn-cgi/styles/challenges.css
2023-05-12 02:55:05HTTP HeadersNoCensys0020None{"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5ddd7eab1d10af-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}188.114.97.1
2023-05-12 03:28:06Open TCP PortNoPulsedive0030None188.114.96.144:80188.114.96.0/24
2023-05-12 02:54:38Open TCP Port BannerNoCensys0030NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 172.67.168.252
2023-05-12 02:44:32Affiliate - Internet NameNoDNS Resolver2020Nonecdn-185-199-110-153.github.com185.199.110.153
2023-05-12 02:44:39Internet Name - UnresolvedNoDNS Resolver0020Noneportainer.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:01 2022 GMT Not After : Feb 15 09:44:00 2023 GMT Subject: CN=portainer.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b: ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3: bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20: df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1: 57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59: fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9: be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47: ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f: 9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de: 5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e: 71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5: 8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98: 8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd: 1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90: c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85: 69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14: 0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef: 5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42: eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d: b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69: 74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9: 94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7: 06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c: ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68: 1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20: ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5: 7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3: 23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82: d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0: 9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9: 0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba: 34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af: b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46: 99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82: 5c:f7:3f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:portainer.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 10:44:01.511 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:BA:66:A9:AA:5E:0F:A6:67:BA:ED:61: B9:4A:97:4F:0B:86:A7:57:50:55:B9:A5:69:1B:DC:7C: 65:C9:5B:E4:5B:02:20:6A:38:79:69:94:85:41:86:C0: 4E:33:F0:44:69:54:C5:A9:40:ED:85:BC:5D:66:70:B8: 31:1F:C8:D3:58:B2:89 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 10:44:01.990 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D7:1B:E9:32:CF:B7:9A:93:B2:BF:77: 63:D5:5A:7F:F4:A0:6C:77:51:03:FE:F1:5C:A7:51:2C: 16:22:63:24:9A:02:21:00:E1:61:68:D5:A1:EE:9A:2E: 9E:AF:84:50:74:9E:B6:EB:55:A1:CA:4D:CE:91:07:8D: 31:2D:F6:05:41:96:C7:BF Signature Algorithm: sha256WithRSAEncryption a4:99:cc:17:c2:9a:8e:12:57:4b:5f:f3:9f:2c:de:1e:67:a2: 15:f4:c2:a6:9a:37:ce:60:60:9f:eb:7b:4e:d1:f5:56:0a:77: 87:4d:62:42:b9:af:17:7b:da:58:7a:6f:13:64:15:09:4e:90: 23:78:51:46:b5:fd:d4:cc:83:1e:ee:91:6d:c6:56:93:07:ae: 30:b8:d8:e6:ea:e5:86:c8:36:d3:3f:ac:2f:8b:df:14:86:08: eb:08:79:b4:e2:b8:85:a4:15:71:51:85:18:65:cb:a8:ed:92: eb:f7:89:15:96:1f:f7:d9:1c:15:d2:aa:fd:8f:7f:2f:0c:fa: 5e:72:7c:3c:89:e8:0c:5a:70:50:ef:1f:1d:93:9d:0a:a2:65: 6b:bc:f9:07:8e:3b:f7:ed:d5:4c:37:b1:48:2b:7b:c8:b0:02: 1d:3a:a2:c7:65:6c:2d:5a:92:f1:fd:51:00:e1:4b:ac:78:1f: 32:ae:7e:03:f4:0b:1f:cf:e7:b2:0f:1e:53:51:4d:d4:41:52: 82:77:57:35:05:af:16:cf:55:87:95:55:14:cd:4c:80:d7:09: 00:5e:46:ac:87:47:23:25:66:0a:6d:de:61:87:1a:7b:22:b8: 5a:2a:93:d2:ac:83:ea:40:df:11:e8:22:85:ab:f2:84:66:88: cc:de:a7:8a
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonemyLGNet (Net ID: 00:01:36:26:A1:14)50.1188, 8.6843
2023-05-12 03:00:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.3): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelogitec-a53c1d (Net ID: 00:01:8E:A5:3C:1C)50.1188, 8.6843
2023-05-12 02:55:56Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bit.ly/3gxx5yk', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ec8_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ec8_ConnHashTable<3784>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_ec8_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ec8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3784"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_ec8_IE_EarlyTabStart_0xc6c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ec8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.94.37.140:443"\n "3.5.21.21:443"\n "104.196.30.220:443"\n "104.16.123.175:443"\n "54.147.12.123:443"\n "23.36.63.240:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/6d548268b2fe4c93b1b74262c8515b07?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/6d548268b2fe4c93b1b74262c8515b07?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "D2684IUR.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D2684IUR.txt]- [target104.196.30.220
2023-05-12 02:44:05SSL Certificate - Raw DataNoCertSpotter1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:05:11 2023 GMT Not After : May 25 03:05:10 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9: ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69: 7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2: 36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91: 79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82: ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50: 74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b: 60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89: 0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee: c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e: 24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b: 96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4: 80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45: 12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93: 2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb: f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1: ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68: ca:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Feb 24 04:05:12.050 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:25:A0:69:FB:7F:3E:63:7D:A0:82:F0:BD: 99:FA:FF:84:20:AF:C5:86:81:24:4B:F7:CB:AB:FB:5E: BD:6B:87:56:02:21:00:8A:56:44:28:2B:0B:E5:D6:3A: F4:15:7E:0A:3C:BA:80:47:38:D3:13:65:D6:8E:A8:E5: 01:04:D3:ED:D7:28:24 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Feb 24 04:05:12.068 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:48:50:77:27:A7:8D:E9:4E:44:5B:E4:B4: 56:50:FB:20:FC:C8:FD:0F:4B:DC:68:08:A4:56:A5:4B: F5:A5:47:B3:02:20:41:B4:A0:0F:22:1C:69:E8:F3:FB: 60:B2:81:61:62:E0:DD:28:37:13:7E:74:2B:26:74:E1: FD:E5:4D:29:61:E7 Signature Algorithm: sha256WithRSAEncryption 61:b4:ef:73:fc:3c:d6:36:f5:75:80:0c:33:8b:9a:05:0b:c4: ef:72:1d:69:74:95:fd:0a:84:bd:b8:b9:3c:12:87:d3:eb:2d: b5:d2:63:2a:29:60:59:c4:11:1c:0f:c3:fb:79:2f:8a:43:57: 38:62:d8:2e:68:34:bb:6c:0e:7a:e3:f8:3d:f5:c1:05:a5:6d: 93:b9:b3:48:22:8e:a3:39:66:e6:a5:9e:dc:e2:98:35:7e:b3: e1:c7:b2:16:b7:b0:2e:70:50:4e:ea:93:d0:f8:5c:69:6c:1b: d2:3e:ee:da:64:1f:ad:97:c8:be:17:38:a6:ed:92:9e:3b:db: 67:c8:b0:5f:e6:af:fd:f7:57:92:7b:87:3d:bf:c4:c1:21:13: ba:c4:d8:85:a3:63:dc:90:ee:df:3d:2a:bc:03:4e:ba:1b:8c: 0c:16:7e:58:e3:ac:7f:dc:3b:40:18:1f:74:98:d5:c4:fa:32: 99:95:a0:64:1e:5b:4d:a8:f5:79:33:2e:3f:43:dc:8d:0e:7d: 28:25:74:7a:93:27:53:2e:6b:ae:4d:81:c1:3c:e0:cd:42:02: 6d:fc:da:f3:52:57:d5:b1:70:8e:1a:91:15:c8:1b:93:cd:40: b8:ff:29:e7:c6:05:ad:63:8c:c8:ec:d7:e9:88:33:a3:5d:43: a1:d5:b9:20 battleb0t.xyz
2023-05-12 02:53:56HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["FA9A:7823:2111191:32C49C6:645C9D43"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683791171.466843,VS0,VE24"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["c2c6815651c463b5fe5f6c442c782301daedbf1f"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-kigq8000156-CHI"], "Accept_Ranges": ["bytes"]}2606:50c0:8001::153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneWile (Net ID: 00:06:25:C6:1D:77)33.336199,-111.89446440830702
2023-05-12 02:58:06Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.148.97.127', u'34.148.97.127', u'104.16.88.20', u'172.67.169.247'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://www.trustsign.com.br/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.trustsign.com.br"\n "ocsp.pki.goog"\n "o.ss2.us"\n "crl.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "crls.pki.goog"\n "crl.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"\n "142.250.217.72:443"\n "142.250.217.106:443"\n "108.139.0.96:443"\n "104.16.88.20:443"\n "172.67.169.247:443"\n "142.250.217.99:80"\n "108.138.245.197:80"\n "108.139.0.211:80"\n "108.139.0.15:80"\n "142.251.33.110:80"\n "108.138.245.171:80"\n "108.138.245.125:80"\n "142.251.211.238:443"\n "142.250.217.99:443"\n "96.6.232.137:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarE40E.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_bd0_ConnHashTable<3024>_HashTable_Mutex"\n "IsoScope_bd0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bd0_IE_EarlyTabStart_0xd60_Mutex"\n "IsoScope_bd0_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3024"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_bd0_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bd0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabE40D.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ_1_.woff" has type "Web Open Font Format TrueType length 20712 version 1.1"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003832]\n "banner-contact-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1920x980 frames 3"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003024]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003832]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003832]\n "TarE40E.tmp" has type "data"- Location: [%TEMP%\\TarE40E.tmp]- [targetUID: 00000000-00003832]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003832]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003832]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003832]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00003832]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QWUH7FY2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QWUH7FY2.txt]- [targetUID: 00000000-00003024]\n "CabE40D.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\CabE40D.tmp]- [targetUID: 00000000-00003832]\n "ce5327c52694093aede79fbdda65cf4496210956_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFCA59CA6228C501E4.TMP" has type "data"- Location: [%TEMP%\\~DFCA59CA6228C501E4.TMP]- [targetUID: 00000000-00003024]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003024]\n "logo-trustsing_1_.png" has type "PNG image data 242 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "A16C6C16D94F76E0808C087DFC657D99_B825D365EADB4B8BDCBA297C066E0152" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A16C6C16D94F76E0808C087DFC657D99_B825D365EADB4B8BDCBA297C066E0152]- [targetUID: 00000000-00003832]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\sqmapi.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IPHLPAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DNSAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RASADHLP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DHCPCSVC.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\MSIMG32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\BCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WINHTTP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WEBIO.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\URL.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.trustsign.com.br"- [34.148.97.127
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.79): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:20Web ContentNoWeb Spider7020None<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html> funny.battleb0t.xyz
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2086172.67.135.9
2023-05-12 02:53:00Web TechnologyNoTool - WAFW00F0020NoneCloudflare Inc. Cloudflareoldfluid.battleb0t.xyz
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+14806242598Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None\012\034\030\003\031\003\007\024\022\001\035\027\0 (Net ID: 00:05:4E:45:3B:FE)39.0469, -77.4903
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-resource-policy: same-origin{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:54:30Software UsedYesCensys0030Nonelinux64.226.81.43
2023-05-12 03:08:55Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.8134.74.170.74
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneBLINK-6985 (Net ID: 00:03:7F:A1:AE:79)33.617190550339146,-111.90827887019054
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-001-0.github.io185.199.111.153
2023-05-12 03:03:47Co-Hosted SiteNoThreatMiner2020Nonejames-gamboa.github.io185.199.111.153
2023-05-12 02:54:16Web ContentNoWeb Spider0040None/** * dat-gui JavaScript Controller Library * http://code.google.com/p/dat-gui * * Copyright 2011 Data Arts Team, Google Creative Lab * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 */ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t(e.dat={})}(this,function(e){"use strict";function t(e,t){var n=e.__state.conversionName.toString(),o=Math.round(e.r),i=Math.round(e.g),r=Math.round(e.b),s=e.a,a=Math.round(e.h),l=e.s.toFixed(1),d=e.v.toFixed(1);if(t||"THREE_CHAR_HEX"===n||"SIX_CHAR_HEX"===n){for(var c=e.hex.toString(16);c.length<6;)c="0"+c;return"#"+c}return"CSS_RGB"===n?"rgb("+o+","+i+","+r+")":"CSS_RGBA"===n?"rgba("+o+","+i+","+r+","+s+")":"HEX"===n?"0x"+e.hex.toString(16):"RGB_ARRAY"===n?"["+o+","+i+","+r+"]":"RGBA_ARRAY"===n?"["+o+","+i+","+r+","+s+"]":"RGB_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+"}":"RGBA_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+",a:"+s+"}":"HSV_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+"}":"HSVA_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+",a:"+s+"}":"unknown format"}function n(e,t,n){Object.defineProperty(e,t,{get:function(){return"RGB"===this.__state.space?this.__state[t]:(I.recalculateRGB(this,t,n),this.__state[t])},set:function(e){"RGB"!==this.__state.space&&(I.recalculateRGB(this,t,n),this.__state.space="RGB"),this.__state[t]=e}})}function o(e,t){Object.defineProperty(e,t,{get:function(){return"HSV"===this.__state.space?this.__state[t]:(I.recalculateHSV(this),this.__state[t])},set:function(e){"HSV"!==this.__state.space&&(I.recalculateHSV(this),this.__state.space="HSV"),this.__state[t]=e}})}function i(e){if("0"===e||S.isUndefined(e))return 0;var t=e.match(U);return S.isNull(t)?0:parseFloat(t[1])}function r(e){var t=e.toString();return t.indexOf(".")>-1?t.length-t.indexOf(".")-1:0}function s(e,t){var n=Math.pow(10,t);return Math.round(e*n)/n}function a(e,t,n,o,i){return o+(e-t)/(n-t)*(i-o)}function l(e,t,n,o){e.style.background="",S.each(ee,function(i){e.style.cssText+="background: "+i+"linear-gradient("+t+", "+n+" 0%, "+o+" 100%); "})}function d(e){e.style.background="",e.style.cssText+="background: -moz-linear-gradient(top, #ff0000 0%, #ff00ff 17%, #0000ff 34%, #00ffff 50%, #00ff00 67%, #ffff00 84%, #ff0000 100%);",e.style.cssText+="background: -webkit-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -o-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -ms-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);"}function c(e,t,n){var o=document.createElement("li");return t&&o.appendChild(t),n?e.__ul.insertBefore(o,n):e.__ul.appendChild(o),e.onResize(),o}function u(e){X.unbind(window,"resize",e.__resizeHandler),e.saveToLocalStorageIfPossible&&X.unbind(window,"unload",e.saveToLocalStorageIfPossible)}function _(e,t){var n=e.__preset_select[e.__preset_select.selectedIndex];n.innerHTML=t?n.value+"*":n.value}function h(e,t,n){if(n.__li=t,n.__gui=e,S.extend(n,{options:function(t){if(arguments.length>1){var o=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:o,factoryArgs:[S.toArray(arguments)]})}if(S.isArray(t)||S.isObject(t)){var i=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:i,factoryArgs:[t]})}},name:function(e){return n.__li.firstElementChild.firstElementChild.innerHTML=e,n},listen:function(){return n.__gui.listen(n),n},remove:function(){return n.__gui.remove(n),n}}),n instanceof q){var o=new Q(n.object,n.property,{min:n.__min,max:n.__max,step:n.__step});S.each(["updateDisplay","onChange","onFinishChange","step"],function(e){var t=n[e],i=o[e];n[e]=o[e]=function(){var e=Array.prototype.slice.call(arguments);return i.apply(o,e),t.apply(n,e)}}),X.addClass(t,"has-slider"),n.domElement.insertBefore(o.domElement,n.domElement.firstElementChild)}else if(n instanceof Q){var i=function(t){if(S.isNumber(n.__min)&&S.isNumber(n.__max)){var o=n.__li.firstElementChild.firstElementChild.innerHTML,i=n.__gui.__listening.indexOf(n)>-1;n.remove();var r=f(e,n.object,n.property,{before:n.__li.nextElementSibling,factoryArgs:[n.__min,n.__max,n.__step]});return r.name(o),i&&r.listen(),r}return t};n.min=S.compose(i,n.min),n.max=S.compose(i,n.max)}else n instanceof K?(X.bind(t,"click",function(){X.fakeEvent(n.__checkbox,"click")}),X.bind(n.__checkbox,"click",function(e){e.stopPropagation()})):n instanceof Z?(X.bind(t,"click",function(){X.fakeEvent(n.__button,"click")}),X.bind(t,"mouseover",function(){X.addClass(n.__button,"hover")}),X.bind(t,"mouseout",function(){X.removeClass(n.__button,"hover")})):n instanceof $&&(X.addClass(t,"color"),n.updateDisplay=S.compose(function(e){return t.style.borderLeftColor=n.__color.toString(),e},n.updateDisplay),n.updateDisplay());n.setValue=S.compose(function(t){return e.getRoot().__preset_select&&n.isModified()&&_(e.getRoot(),!0),t},n.setValue)}function p(e,t){var n=e.getRoot(),o=n.__rememberedObjects.indexOf(t.object);if(-1!==o){var i=n.__rememberedObjectIndecesToControllers[o];if(void 0===i&&(i={},n.__rememberedObjectIndecesToControllers[o]=i),i[t.property]=t,n.load&&n.load.remembered){var r=n.load.remembered,s=void 0;if(r[e.preset])s=r[e.preset];else{if(!r[se])return;s=r[se]}if(s[o]&&void 0!==s[o][t.property]){var a=s[o][t.property];t.initialValue=a,t.setValue(a)}}}}function f(e,t,n,o){if(void 0===t[n])throw new Error('Object "'+t+'" has no property "'+n+'"');var i=void 0;if(o.color)i=new $(t,n);else{var r=[t,n].concat(o.factoryArgs);i=ne.apply(e,r)}o.before instanceof z&&(o.before=o.before.__li),p(e,i),X.addClass(i.domElement,"c");var s=document.createElement("span");X.addClass(s,"property-name"),s.innerHTML=i.property;var a=document.createElement("div");a.appendChild(s),a.appendChild(i.domElement);var l=c(e,a,o.before);return X.addClass(l,he.CLASS_CONTROLLER_ROW),i instanceof $?X.addClass(l,"color"):X.addClass(l,H(i.getValue())),h(e,l,i),e.__controllers.push(i),i}function m(e,t){return document.location.href+"."+t}function g(e,t,n){var o=document.createElement("option");o.innerHTML=t,o.value=t,e.__preset_select.appendChild(o),n&&(e.__preset_select.selectedIndex=e.__preset_select.length-1)}function b(e,t){t.style.display=e.useLocalStorage?"block":"none"}function v(e){var t=e.__save_row=document.createElement("li");X.addClass(e.domElement,"has-save"),e.__ul.insertBefore(t,e.__ul.firstChild),X.addClass(t,"save-row");var n=document.createElement("span");n.innerHTML="&nbsp;",X.addClass(n,"button gears");var o=document.createElement("span");o.innerHTML="Save",X.addClass(o,"button"),X.addClass(o,"save");var i=document.createElement("span");i.innerHTML="New",X.addClass(i,"button"),X.addClass(i,"save-as");var r=document.createElement("span");r.innerHTML="Revert",X.addClass(r,"button"),X.addClass(r,"revert");var s=e.__preset_select=document.createElement("select");if(e.load&&e.load.remembered?S.each(e.load.remembered,function(t,n){g(e,n,n===e.preset)}):g(e,se,!1),X.bind(s,"change",function(){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].innerHTML=e.__preset_select[t].value;e.preset=this.value}),t.appendChild(s),t.appendChild(n),t.appendChild(o),t.appendChild(i),t.appendChild(r),ae){var a=document.getElementById("dg-local-explain"),l=document.getElementById("dg-local-storage");document.getElementById("dg-save-locally").style.display="block","true"===localStorage.getItem(m(e,"isLocal"))&&l.setAttribute("checked","checked"),b(e,a),X.bind(l,"change",function(){e.useLocalStorage=!e.useLocalStorage,b(e,a)})}var d=document.getElementById("dg-new-constructor");X.bind(d,"keydown",function(e){!e.metaKey||67!==e.which&&67!==e.keyCode||le.hide()}),X.bind(n,"click",function(){d.innerHTML=JSON.stringify(e.getSaveObject(),void 0,2),le.show(),d.focus(),d.select()}),X.bind(o,"click",function(){e.save()}),X.bind(i,"click",function(){var t=prompt("Enter a new preset name.");t&&e.saveAs(t)}),X.bind(r,"click",function(){e.revert()})}function y(e){function t(t){return t.preventDefault(),e.width+=i-t.clientX,e.onResize(),i=t.clientX,!1}function n(){X.removeClass(e.__closeButton,he.CLASS_DRAG),X.unbind(window,"mousemove",t),X.unbind(window,"mouseup",n)}function o(o){return o.preventDefault(),i=o.clientX,X.addClass(e.__closeButton,he.CLASS_DRAG),X.bind(window,"mousemove",t),X.bind(window,"mouseup",n),!1}var i=void 0;e.__resize_handle=document.createElement("div"),S.extend(e.__resize_handle.style,{width:"6px",marginLeft:"-3px",height:"200px",cursor:"ew-resize",position:"absolute"}),X.bind(e.__resize_handle,"mousedown",o),X.bind(e.__closeButton,"mousedown",o),e.domElement.insertBefore(e.__resize_handle,e.domElement.firstElementChild)}function w(e,t){e.domElement.style.width=t+"px",e.__save_row&&e.autoPlace&&(e.__save_row.style.width=t+"px"),e.__closeButton&&(e.__closeButton.style.width=t+"px")}function x(e,t){var n={};return S.each(e.__rememberedObjects,function(o,i){var r={},s=e.__rememberedObjectIndecesToControllers[i];S.each(s,function(e,n){r[n]=t?e.initialValue:e.getValue()}),n[i]=r}),n}function E(e){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].value===e.preset&&(e.__preset_select.selectedIndex=t)}function C(e){0!==e.length&&oe.call(window,function(){C(e)}),S.each(e,function(e){e.updateDisplay()})}var A=Array.prototype.forEach,k=Array.prototype.slice,S={BREAK:{},extend:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(t[n])||(e[n]=t[n])}.bind(this))},this),e},defaults:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(e[n])&&(e[n]=t[n])}.bind(this))},this),e},compose:function(){var e=k.call(arguments);return function(){for(var t=k.call(arguments),n=e.length-1;n>=0;n--)t=[e[n].applyhttps://oldfluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 02:44:47Software UsedYesTool - Wappalyzer0030NoneHSTSpanel.battleb0t.xyz
2023-05-12 03:13:01Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0-001-0.github.io] https://www.openphish.com/feed.txt0-001-0.github.io
2023-05-12 02:54:20HTTP HeadersNoWeb Spider2040None{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:20 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:20 GMT", "cf-ray": "7c5f605fb97f4259-EWR", "content-type": "text/css", "x-frame-options": "DENY"}http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css
2023-05-12 03:00:25Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.1): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:00:26Affiliate - Email AddressNoE-Mail Address Extractor0040Nonezlib@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 02:44:21Physical LocationNoipstack0020NoneUnited States185.199.111.153
2023-05-12 02:46:16Affiliate Description - CategoryNoDuckDuckGo0030NoneDevOps - DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development and IT operations as a means for improving and shortening the systems development life cycle.battleb0t.github.io
2023-05-12 02:54:51HTTP HeadersNoCensys0030None{"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06V19Y9J57EVG1E6053DPH4"], "Server": ["Netlify"]}34.74.170.74
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonezoom1330 (Net ID: 00:01:38:92:E5:07)37.780462,-122.390564
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c56db576d8c1409-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.6.166
2023-05-12 03:01:24Web ServerNoTool - WhatWeb0010Nonecloudflareayhu.xyz
2023-05-12 03:01:13Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.128): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:11Raw Data from RIRsNoVenmo0060None{u'username': u'login', u'first_name': u'baptiste', u'last_name': u'vauthey', u'display_name': u'baptiste vauthey', u'identity_type': u'personal', u'profile_picture_url': u'https://s3.amazonaws.com/venmo/no-image.gif', u'id': u'1987457377632256359', u'date_joined': u'2016'}login
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Nonefigma (Category: tech) https://www.figma.com/@loginlogin
2023-05-12 03:01:33Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.92): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonelinksys-a (Net ID: 00:0C:41:0B:AB:D7)39.0469, -77.4903
2023-05-12 03:01:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.201): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:24:33Malicious AffiliateYesVXVault.net0140NoneVXVault Malicious URL List [cdn-185-199-109-154.github.com] http://vxvault.net/URL_List.phpcdn-185-199-109-154.github.com
2023-05-12 03:32:19Open TCP PortNoPulsedive0030None188.114.97.10:8080188.114.97.0/24
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonespeedstream (Net ID: 00:01:24:F1:A9:A3)34.0544, -118.244
2023-05-12 02:44:16Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithub.io185.199.111.153
2023-05-12 02:56:52Internet NameNoDNS Resolver0030Noneoldfluid.battleb0t.xyz[{"url": "https://oldfluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://oldfluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}]
2023-05-12 03:32:52Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:24:22Web Content TypeNoWeb Spider0020Nonetext/htmlhttps://kekw.battleb0t.xyz/jar
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneASI (Net ID: 00:02:6F:51:19:D9)33.6170672,-111.90564645297056
2023-05-12 02:53:57Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wasimreja.me/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e74_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e74_IESQMMUTEX_0_519"\n "IsoScope_e74_ConnHashTable<3700>_HashTable_Mutex"\n "IsoScope_e74_IESQMMUTEX_0_331"\n "IsoScope_e74_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"\n "IsoScope_e74_IE_EarlyTabStart_0xd58_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.250.189.202:443"\n "104.18.28.243:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fonts.googleapis.com"\n "unicons.iconscout.com"\n "wasimreja.me"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<a href="https://www.linkedin.com/in/wasimreja/" target="_blank"" (Indicator: "linkedin.com")\n "<a href="https://twitter.com/_wasimreja" target="_blank" class="home-social-icon">" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt"></i>" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt contact-icon"></i>" (Indicator: "twitter")\n "Twitter" (Indicator: "twitter")\n "<a href="https://twitter.com/_wasimreja" class="footer-social" target="_blank">" (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/wasimreja/" class="footer-social"" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar41C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar38D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "Cab38C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab38C.tmp]- [targetUID: 00000000-00002812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"favicon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "silence_1_.gif" has type "GIF image data version 89a 500 x 682"- [targetUID: N/A]\n "whats%20cooking_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "music%20player_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "task%20buddy_1_.png" has type "PNG image data 1263 x 700 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar41C.tmp" has type "data"- Location: [%TEMP%\\Tar41C.tmp]- [targetUID: 00000000-00002812]\n "swiper-bundle.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "gcr%20leaderboard_1_.png" has type "PNG image data 1919 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "typing%20speed%20test_1_.png" has type "PNG image data 1920 x 874 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "notes%20mini_1_.png" has type "PNG image data 1920 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "sandesh_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=3 software=Adobe Photoshop CC 2017 (Windows) datetime=2020:06:20 11:34:14] progressive precision 8 1920x850 components 3"- [targetUID: N/A]\n "line_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "quizzler_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1652x805 components 3"- [targetUID: N/A]\n "book%20finder_1_.png" has type "PNG image data 1263 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "dictionary%20app_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "avatar_1_.png" has type "PNG image data 500 x 500 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "urlref_httpswasimreja.me" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "unicons-10_1_.eot" has type "Embedded OpenType (EOT) unicons-10 family"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://wasimreja.me/"\n Pattern match: "https://wasimreja.me"\n Pattern match: "https://swiperjs.com"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "https://wasimreja.me/assets/img/opengraph.png"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600&display=swap"\n Pattern match: "https://unicons.iconscout.com/release/v4.0.0/css/line.css"\n Pattern match: "https://www.linkedin.com/in/wasimreja/"\n Pattern match: "https://github.com/wasimreja"\n Pattern match: "https://twitter.com/_wasimreja"\n Pattern match: "https://www.instagram.com/_wasimreja"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://www.w3.org/1999/xlink"\n Pattern match: "https://notes-mini.vercel.app/"\n Pattern match: "https://typing-speed-test.onrender.com/"\n Pattern match: "https://gcr-leaderboard.vercel.app/"\n Pattern match: "https://book-finder.onrender.com/"\n Pattern match: "http://whats-cooking.vercel.app/"\n Pattern match: "https://task-buddy.netlify.app/"\n Pattern match: "https://dictionary-app.onrender.com/"\n Pattern match: "https://quizzler.vercel.app/"\n Pattern match: "https://wasimreja.github.io/music-player/"\n Pattern match: "https://github.com/wasimreja/sandesh"\n Heuristic match: "wr2435@it.jgec.ac.in"\n Pattern match: "https://instagram.com/_wasimreja"\n Heuristic match: "fonts.googleapis.com"\n Heuristic match: "unicons.iconscout.com"\n Heuristic match: "wasimreja.me"\n Pattern match: "https://wasimreja.me/Accept-Language"\n Pattern match: "ns.adobe.com/xap/1.0/"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "http://fontello.comIconscoutunicons-13Regularunicons-13unicons-13Version"\n Pattern match: "http://fontello.comIconscoutunicons-12Regularunicons-12unicons-12Version"\n Pattern match: "http://fontello.comIconscoutunicons-0Regularunicons-0unicons-0Version"\n Pattern match: "http185.199.109.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NonemyLGNet (Net ID: 00:02:A8:C2:91:21)50.1188, 8.6843
2023-05-12 03:09:45Affiliate - Internet NameNoDNS Resolver0040None132.97.148.34.bc.googleusercontent.com34.148.97.132
2023-05-12 03:01:41Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.200): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.249): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:57HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c443d4879e76326-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}2a06:98c1:3120::1
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSX551D17A4D (Net ID: 00:01:E3:D1:7A:4D)50.8897, 6.0563
2023-05-12 03:00:56Co-Hosted SiteNoHackerTarget2020None00root.github.io185.199.111.153
2023-05-12 02:54:34HTTP HeadersNoCensys0030None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}104.21.71.14
2023-05-12 03:23:13Open TCP PortNoPulsedive0030None188.114.96.2:8443188.114.96.0/24
2023-05-12 02:44:40Affiliate - Internet NameNoDNS Resolver0030None116.48.229.35.bc.googleusercontent.com35.229.48.116
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneMy Passport (2.4 GHz) - 0778A5 (Net ID: 00:00:C0:07:78:A5)37.7813933,-122.3918002
2023-05-12 02:50:56SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 18 21:24:59 2022 GMT Not After : Mar 18 21:24:58 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc: d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47: aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0: 0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e: 2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0: da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8: b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff: fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97: a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b: 6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03: 22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d: 9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac: 24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21: da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af: 7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7: 26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81: bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82: d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12: 18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d: 99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0: cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80: d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb: 59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72: 2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7: ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba: 53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33: 69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80: 18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23: 36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13: 84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4: 48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43: bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52: 0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1: 30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c: 5b:43:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 18 22:24:59.092 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:ED:60:61:6F:BC:46:EA:80:D9:9B:7E: 8F:A6:97:51:13:A3:13:6E:09:4B:69:DE:76:DA:06:A4: 9A:F6:AD:26:7A:02:21:00:8D:70:0F:85:A2:37:40:B9: EB:5B:60:8F:DC:06:DD:16:63:C3:4B:C4:FC:99:B1:34: 98:6B:48:67:B4:F0:C6:4E Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Dec 18 22:24:59.634 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:B5:D7:F6:4B:EA:EE:D1:88:2A:2C:A7: F5:CC:0E:34:73:06:3D:CB:97:DC:EE:36:A9:A5:D7:84: 82:BC:B5:EB:C6:02:20:24:29:13:50:A0:1B:E8:D7:8C: B3:4A:9A:51:F0:3A:9F:E5:82:84:2A:82:72:A2:11:F0: F6:5B:BD:6F:C1:6E:17 Signature Algorithm: sha256WithRSAEncryption 9e:bd:00:c7:d3:5f:8b:8e:53:b7:5b:22:5d:0b:6d:c4:d2:9f: fb:d0:a2:7c:44:da:e1:f0:45:3d:e8:3d:22:cc:24:5a:a4:77: b1:7e:a7:5b:7d:47:e3:cc:9f:21:7b:68:ee:4b:fd:96:93:76: 17:26:af:1b:c0:e8:25:4c:33:00:f1:c2:7c:74:4c:aa:65:ed: 92:ae:6a:f9:36:e7:ca:f4:22:6d:f0:eb:29:e7:93:7f:63:23: 5f:e2:ba:1f:83:d2:38:d1:dc:cc:25:4e:61:6b:39:9c:a8:a4: 1a:fc:f9:45:e4:a1:28:63:0f:69:f3:83:90:4b:3d:de:98:18: fa:e8:6b:3c:fb:c2:5d:0d:ab:ed:f9:00:6d:a0:26:46:2f:05: 46:31:32:5f:a6:1d:17:f4:1e:34:3a:f6:2e:f1:f6:1f:09:08: 8f:de:c7:cd:9f:0a:d6:37:e5:8e:ad:71:44:31:1f:ee:c8:d7: 1e:cb:c5:98:bf:4b:bf:03:59:91:6e:75:8b:e9:11:d9:3b:3a: e6:90:a3:02:49:4e:21:28:66:07:46:87:31:86:8a:ff:ea:59: d0:c3:7e:c2:6d:3c:37:07:a6:50:55:a2:45:9b:f8:71:ef:35: ed:7a:04:62:6e:f1:59:e7:59:4b:40:35:fd:a2:ed:39:31:90: 80:53:1f:29 battleb0t.xyz
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/nomnom.jpghttps://pics.battleb0t.xyz/
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c57f0d8baaf3a64-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.135.9
2023-05-12 03:09:26Co-Hosted Site - Domain WhoisNoWhois3040NoneDomain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com/ Updated Date: 2023-01-20T18:05:08.0Z Creation Date: 2022-12-18T04:19:38.0Z Registry Expiry Date: 2031-12-18T23:59:59.0Z Registrar: Name.com, Inc Registrar IANA ID: 625 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Registrant State/Province: YN Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1CNB.NAME.COM Name Server: NS2KNZ.NAME.COM Name Server: NS3CNA.NAME.COM Name Server: NS4BLX.NAME.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: jrupp@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: 007316.XYZ Registry Domain ID: D339018444-CNIC Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com Updated Date: 2023-01-20T18:05:08Z Creation Date: 2022-12-18T04:19:38Z Registrar Registration Expiration Date: 2031-12-18T23:59:59Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Reseller: Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Aaron Young Registrant Organization: Registrant Street: 408 Longquan Rd. Registrant City: KM Registrant State/Province: YN Registrant Postal Code: 650000 Registrant Country: CN Registrant Phone: Non-Public Data Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant Registry Admin ID: Not Available From Registry Admin Name: Aaron Young Admin Organization: Admin Street: 408 Longquan Rd. Admin City: KM Admin State/Province: YN Admin Postal Code: 650000 Admin Country: CN Admin Phone: Non-Public Data Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin Registry Tech ID: Not Available From Registry Tech Name: Aaron Young Tech Organization: Tech Street: 408 Longquan Rd. Tech City: KM Tech State/Province: YN Tech Postal Code: 650000 Tech Country: CN Tech Phone: Non-Public Data Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech Name Server: ns2knz.name.com Name Server: ns4blx.name.com Name Server: ns3cna.name.com Name Server: ns1cnb.name.com DNSSEC: unSigned Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<< For more information on Whois status codes, please visit https://icann.org/epp The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. 007316.xyz
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.101): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:33:45Raw File Meta DataNoBinary String Extractor0040Nonehttp://ns.adobe.com/xap/1.0/ XPhotoshop 3.0 Photo Booth ICC_PROFILE mntrRGB XYZ acspAPPL -appl bdscm vcgt 0ndin >chad 8bTRC aagg desc Display 0daDK FnlNL bfiFI xitIT $viVN .skSK <zhCN $ruRU RenGB vfrFR vesXL "elGR 4svSE VtrTR fptPT zjaJP Dtext A l !H!u! "'"U" 'I'z' -A-v- /$/Z/ 050l0 676r6 7$7`7 :6:t: <'<e< > >`> ?!?a? B0BrB F"FgF P'PqP nmmod B`@$s eww<` FR'<c zR0f9 PFOPx 3nX7 U?.0H Xax9< z41jH @gc3nw9bq Kj @yS S`YdR pj2OL MZw'bp :'W9q 661:H SInxX \1<qXs\ mnMuV: TjO99 VgDer eA$tn: n3 3.y< y78$p o XfI \XYbs HmJ92 5m6s4W6 BMNnW Ye8-uc< -8-"z K1yeb WOCiB :sRWG p1A1w$ p!O9' 9_FTOO TNCaA pEz\3 '-fp? 7m9 z 6:WE: ?Ol<U $hpp@ K$_4e zDrA9 .>`x? \rKis zWGml NOAVR 9?S\. https://pics.battleb0t.xyz/images/jcqn.jpg
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NonePillowfort (Category: social) https://www.pillowfort.social/loginlogin
2023-05-12 02:45:32Malicious IP AddressYesPhishStats0120NonePhishstats [185.199.108.153] 185.199.108.153
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NonePornhub Users (Category: XXXPORNXXX) https://www.pornhub.com/users/AltpapierAltpapier
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBriteMedia (Net ID: 00:00:72:20:59:DD)41.8781, -87.6298
2023-05-12 02:44:09Co-Hosted SiteNoSSL Certificate Analyzer4110Nonewww.github.combattleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneFruityWifi-001 (Net ID: 00:02:72:8E:62:D1)33.6170672,-111.90564645297056
2023-05-12 03:01:26Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.248): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx BYOD (Net ID: 00:01:21:26:42:51)41.8781, -87.6298
2023-05-12 02:46:50SSL Certificate - Raw DataNoSSL Certificate Analyzer0030NoneCertificate: Data: Version: 3 (0x2) Serial Number: 02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 Validity Not Before: Dec 21 00:00:00 2022 GMT Not After : Jan 21 23:59:59 2024 GMT Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae: cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d: b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88: 23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86: 5a:94:02:42:28 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A X509v3 Subject Key Identifier: 3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F X509v3 Subject Alternative Name: DNS:*.netlify.app, DNS:netlify.app X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt X509v3 Basic Constraints: CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Dec 21 09:03:52.902 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB: C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17: 00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58: FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86: 6C:21:15:5D:B2:9C:A1 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB: 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73 Timestamp : Dec 21 09:03:52.857 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B: 44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD: 03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D: D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8: 5D:FA:B6:44:79:49:3C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B: 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17 Timestamp : Dec 21 09:03:52.852 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D: 58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23: F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9: 3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8: 4E:E8:E8:BE:9A:FD:22 Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea: 95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e: 80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02: 31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03: ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6: 8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49 34.148.97.127
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:8443172.67.168.252
2023-05-12 02:50:11Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.rotaryragusa.it/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "rotaryragusa.it"\n "www.rotaryragusa.it"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d28_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d28_IESQMMUTEX_0_331"\n "IsoScope_d28_ConnHashTable<3368>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_d28_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d28_IE_EarlyTabStart_0x910_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d28_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3368"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar4950.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.rotaryragusa.it" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.rotaryragusa.it" (Indicator: "user-agent: ")\n "GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: rotaryragusa.it\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: rotaryragusa.it\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/js/libs/gumby.min.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/js/libs/gumby.min.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/css/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/css/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/js/main.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/js/main.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/js/jquery/jquery.hoverIntent.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/js/jquery/jquery.hoverIntent.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/css/bootstrap-image-gallery.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: 185.199.110.153
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider0010Nonehttp://ayhu.xyzayhu.xyz
2023-05-12 03:00:36Affiliate - Email AddressNoE-Mail Address Extractor0030Noneabusecomplaints@markmonitor.com Domain Name: GITHUB.COM Registry Domain ID: 1264983250_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-09-07T09:10:44Z Creation Date: 2007-10-09T18:20:50Z Registry Expiry Date: 2024-10-09T18:20:50Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: DNS1.P08.NSONE.NET Name Server: DNS2.P08.NSONE.NET Name Server: DNS3.P08.NSONE.NET Name Server: DNS4.P08.NSONE.NET Name Server: NS-1283.AWSDNS-32.ORG Name Server: NS-1707.AWSDNS-21.CO.UK Name Server: NS-421.AWSDNS-52.COM Name Server: NS-520.AWSDNS-01.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 02:55:11HTTP HeadersNoCensys0020None{"_encoding": {"Content_Type": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Pragma": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Content_Type": ["text/html; charset=\"utf-8\""], "Set_Cookie": ["whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "whostmgrsession=%3a6IuBt4aiK1K5mEWt%2ce37772b57ce45a47eb222a7bbd7feb28; HttpOnly; path=/; port=2086", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2086", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Pragma": ["no-cache"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]}87.248.157.102
2023-05-12 02:44:09SSL Certificate - Issued toNoSSL Certificate Analyzer1010NoneC=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.iobattleb0t.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonedenis (Net ID: 00:01:46:02:C4:4C)37.7813933,-122.3918002
2023-05-12 02:45:35Internet NameNoDNSDumpster0010Nonenwapi.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecf-ray: 7c5f6036feab195d-EWR{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:07:25Vulnerability - CVE LowYesTool - testssl.sh0120NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.185.199.110.153
2023-05-12 03:08:53Affiliate - IP AddressNoDNS Look-aside1030None34.74.170.6434.74.170.74
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2087104.21.71.14
2023-05-12 03:13:05Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [003marek.github.io] https://www.openphish.com/feed.txt003marek.github.io
2023-05-12 03:33:51Raw File Meta DataNoBinary String Extractor0040NonePLTE$ kyhNlC2D kShPAJ esyS_S@? txkST`ANdNO rXYuPYXHR XajGc dzvRt IDATx :7MV- '@crrX QK>@W vWP`Z tmv1q XEFi" 4@1hb a'c:3 2FRB> LHiiB YFI6D .f:9Lsy PDad6 k67iB 'phZQ _tJ/o8 qgd0 f D3f1c -\-u?V \e<<N X?YJa IDAT<mJ ISE>E >O$-' H T:1 g !A"B Ff<3Bz\ TQHocI Dp//> <U'Xk V M55j \T:x u>6N9z@ IDATB zt28zQ NL3:\m l?:6 _ycqP t1nT_ o !ABH FbaS\ d5hR8 sGr`G hFGxh\ \0.:H a$QEC o"5mw su<< f33Jt yNEEt IDATd 9LGKOA NwqWx s<N5xh dNHEJrV ?B v-zfB zX 9lkh 0cp/8 Pcwr` sP:\J> .H2Dy InIPC W$4n_ ?S5qq pRoh_ NsV`L XHhLy 1B 2"ND /U.m __OjA lcJE! Hyfoi Xlyfh/ rFtB6 `hPT/ c B/A ` a>A Zl>VEY Yq0Kxq4 Ye-wdW 3s7!B 4`0 V EwJ/.lsQ fyB0I0 Y"<XN/h C 3JE OLbC1 WhdHn l:ZLd Sq4RXv !4hgrhttps://funny.battleb0t.xyz/images/random_6.PNG
2023-05-12 03:18:52Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18}https://funny.battleb0t.xyz/images/withat_1.jpg
2023-05-12 03:01:32Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.77): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:16IPv6 AddressNoDNS Resolver0030None2606:4700:3030::ac43:a8fcoldfluid.battleb0t.xyz
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.55): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:15:35Web Content LanguageNoLanguage Detector0030NoneEnglish<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050Nonescratch (Category: coding) https://scratch.mit.edu/users/Altpapier/Altpapier
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneHakim Evi (Net ID: 00:14:C1:2E:AE:67)40.2024, 29.0398
2023-05-12 02:45:09Physical LocationNoipapi.co1020NoneToronto, Ontario, ON, Canada, CA104.21.6.166
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020None220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 3 of 50 allowed. 220-Local time is now 15:16. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. 87.248.157.102
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Noneoatscream (Net ID: 00:0C:E6:39:59:E1)39.0469, -77.4903
2023-05-12 02:56:25BGP AS MembershipNoRIPE0040None1406146.101.128.0/17
2023-05-12 02:44:24Co-Hosted Site - Domain NameNoSSL Certificate Analyzer0020Nonegithubusercontent.com185.199.109.153
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 401 Unauthorized Date: <REDACTED> Server: cPanel Persistent-Auth: false Host: 87.248.157.102:2078 Cache-Control: no-cache, no-store, must-revalidate, private Connection: close Vary: Accept-Encoding WWW-Authenticate: Basic realm="Restricted Area" Content-Encoding: gzip Content-Length: 52 Content-Type: text/html; charset="utf-8" Expires: Fri, 01 Jan 1990 00:00:00 GMT 87.248.157.102
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Nonelaethof_ipad (Net ID: 00:0C:E6:08:1C:05)50.8897, 6.0563
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneRPOWER3 (Net ID: 00:02:6F:B3:3B:AA)33.617190550339146,-111.90827887019054
2023-05-12 02:44:19Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.110.153
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneMatrixEx Guest (Net ID: 00:01:21:26:54:30)41.8781, -87.6298
2023-05-12 03:19:00WiFi Access Point NearbyNoWigle.net0030NoneSX55154C9AA (Net ID: 00:01:E3:54:C9:AA)52.3759, 4.8975
2023-05-12 02:44:15IPv6 AddressNoDNS Resolver16030None2606:4700:3037::6815:470enuke.battleb0t.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneNBNCorp (Net ID: 00:09:5B:A3:EA:31)33.6170672,-111.90564645297056
2023-05-12 03:24:51CountryNoCountry Name Extractor0060NoneIceland Domain Name: ECASH-PAY.COM Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15Z Creation Date: 2021-04-26T06:58:38Z Registry Expiry Date: 2024-04-26T06:58:38Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain name: ecash-pay.com Registry Domain ID: 2607738264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-03-27T06:28:15.08Z Creation Date: 2021-04-26T06:58:38.00Z Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 Reseller: NAMECHEAP INC Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Redacted for Privacy Registrant Organization: Privacy service provided by Withheld for Privacy ehf Registrant Street: Kalkofnsvegur 2 Registrant City: Reykjavik Registrant State/Province: Capital Region Registrant Postal Code: 101 Registrant Country: IS Registrant Phone: +354.4212434 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Admin ID: Admin Name: Redacted for Privacy Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Street: Kalkofnsvegur 2 Admin City: Reykjavik Admin State/Province: Capital Region Admin Postal Code: 101 Admin Country: IS Admin Phone: +354.4212434 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Registry Tech ID: Tech Name: Redacted for Privacy Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Street: Kalkofnsvegur 2 Tech City: Reykjavik Tech State/Province: Capital Region Tech Postal Code: 101 Tech Country: IS Tech Phone: +354.4212434 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 02:57:26Internet Name - UnresolvedNoCertificate Transparency0010Noneteamcity.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 400 Bad Request Server: cloudflare Date: <REDACTED> Content-Type: text/html Content-Length: 253 Connection: close CF-RAY: - 104.21.71.14
2023-05-12 02:55:22Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://icba.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "icba.com"\n "kenwheeler.github.io"\n "kit.fontawesome.com"\n "static.addtoany.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FCF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar21C5.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"77.72.1.42:443"\n "142.250.189.202:443"\n "104.17.24.14:443"\n "104.16.124.175:443"\n "172.67.39.148:443"\n "142.251.214.136:443"\n "142.250.189.234:443"\n "185.199.109.153:443"\n "69.16.175.42:443"\n "104.18.22.52:443"\n "8.252.188.254:80"\n "142.251.46.227:443"\n "142.251.46.238:443"\n "172.64.169.22:443"\n "142.251.214.131:443"\n "142.251.2.157:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2060"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_IE_EarlyTabStart_0xf90_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_ConnHashTable<2060>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2060"\n "IsoScope_80c_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab21C4.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsicba.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "cookie-law-info-gdpr_1_.css" has type "ASCII text"- [targetUID: N/A]\n "anchor_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "util_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003980]\n "page_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmYUtfBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla"- [targetUID: N/A]\n "~DFDAD05DC8204277E5.TMP" has type "data"- Location: [%TEMP%\\~DFDAD05DC8204277E5.TMP]- [targetUID: 00000000-00002060]\n "js_6_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hand_1_.png" has type "PNG image data 237 x 204 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "jquery-migrate.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "news-default_1_.png" has type "PNG image data 550 x 400 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "regenerator-runtime.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "home-america0_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 1514x813 components 3"- [targetUID: N/A]\n "cropped-icba-favicon-32x32_1_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tick_1_.png" has type "PNG image data 16 x 16 8-bit/color RGBA interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://icba.com/"\n Pattern match: "https://icba.com"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "icba.com"\n Heuristic match: "kenwheeler.github.io"\n Heuristic match: "kit.fontawesome.com"\n Heuristic match: "static.addtoany.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 2, u'size': None, u'job_id': u'63ec913036565a096c7515a3', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'77.72.1.42', u'142.250.189.202', u'104.17.24.14', u'104.16.124.175', u'172.67.39.148', u'142.251.214.136', u'142.250.189.234', u'185.199.109.153', u'69.16.175.42', u'104.18.22.52', u'8.252.188.254', u'142.251.46.227', u'142.251.46.238', u'172.64.169.22', u'142.251.214.131', u'142.251.2.157'], u'sha256': u'6c9318f0a4bac85f99d6040d1988a710d4f868d1e8e1a0bd50397a2df8b3073a', u'sha512': u'92c6d135a7f7364930a9be30552e09343d2f1cbfac310b763eb7280776f4205078448c64d65c324ff4902984bb4eba0f74fb83932d50bf02f71b8b980e2479bf', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://icba.com/', u'submission_id': u'63ec913036565a096c7515a4', u'created_at': u'2023-02-15T08:00:48+00:00', u'filename': None}], u'analysi185.199.109.153
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/nwp.PNGhttps://pics.battleb0t.xyz/
2023-05-12 03:32:00Open TCP PortNoPulsedive0030None188.114.97.1:80188.114.97.0/24
2023-05-12 03:01:26Web ServerNoTool - WhatWeb0020Nonecloudflarenwapi2.battleb0t.xyz
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c572ccdc9c6e26c-ORD Content-Encoding: gzip 104.21.71.14
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneAshburn Square WiFi (Net ID: 00:0C:66:13:0B:72)39.0469, -77.4903
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonex-nf-request-id: 01H06Y2YH7X6V06YSWWEW2NH9C{"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-nf-request-id": "01H06Y2YH7X6V06YSWWEW2NH9C", "content-type": "text/css; charset=UTF-8", "age": "0"}
2023-05-12 03:32:25Open TCP PortNoPulsedive0030None188.114.97.13:443188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneNotABug (Category: coding) https://notabug.org/loginlogin
2023-05-12 02:53:52BGP AS MembershipNoCensys0020None541132606:50c0:8003::153
2023-05-12 03:23:50Open TCP PortNoPulsedive0030None188.114.96.20:8443188.114.96.0/24
2023-05-12 02:54:19HTTP HeadersNoWeb Spider6020None{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"}fluid.battleb0t.xyz
2023-05-12 02:44:24Co-Hosted SiteNoSSL Certificate Analyzer0020Nonegithub.io185.199.109.153
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-cache-status: REVALIDATED{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"}
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0030Nonehttps://pics.battleb0t.xyz/images/master058_3.PNGhttps://pics.battleb0t.xyz/
2023-05-12 03:01:45Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.241): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:58:15Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 65, u'compromised_hosts': [u'34.148.97.127', u'34.148.97.127'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://favicon.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2648"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_IE_EarlyTabStart_0xf0c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_ConnHashTable<2648>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2648"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a58_IE_EarlyTabStart_0xf0c_Mutex"\n "IsoScope_a58_ConnHashTable<2648>_HashTable_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"favicon.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1705.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "Cab1704.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RG184DMB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RG184DMB.txt]- [targetUID: 00000000-00003956]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003956]\n "~DF8145DA2F49859598.TMP" has type "data"- Location: [%TEMP%\\~DF8145DA2F49859598.TMP]- [targetUID: 00000000-00002648]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002648]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003956]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003956]\n "~DF7BCFBE90A6F894E5.TMP" has type "data"- Location: [%TEMP%\\~DF7BCFBE90A6F894E5.TMP]- [targetUID: 00000000-00002648]\n "41F80EAD174A0E782E6E1DBBE6C32CE8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\41F80EAD174A0E782E6E1DBBE6C32CE8]- [targetUID: 00000000-00003956]\n "ETLUKWGX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ETLUKWGX.txt]- [targetUID: 00000000-00002648]\n "~DF42B58D4878F8FC5E.TMP" has type "data"- Location: [%TEMP%\\~DF42B58D4878F8FC5E.TMP]- [targetUID: 00000000-00002648]\n "Tar1705.tmp" has type "data"- Location: [%TEMP%\\Tar1705.tmp]- [targetUID: 00000000-00003956]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "YU3Y19RW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YU3Y19RW.txt]- [targetUID: 00000000-00002648]\n "_0571D1C5-1D1B-11ED-A31E-080027B82EA8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002648]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: favicon.io"- [Source: SSL_34.148.97.127]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://favicon.io/"- [Source: Input]\n Pattern match: "http://favicon.io"- [Source: Input]\n Heuristic match: "favicon.io"- [Source: PCAP]\n Heuristic match: "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: favicon.io"- [Source: SSL_34.148.97.127]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/93 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: http://goldownloads.netlify.app/ (AV positives: 9/88 scanned on 08/16/2022 05:52:09)\n URL: https://legendaryrsps.com/ (AV positives: 1/88 scanned on 08/16/2022 04:34:51)\n URL: http://homeadvice.online/ (AV positives: 1/88 scanned on 08/16/2022 04:01:22)\n URL: http://fomotracker.xyz/ (AV positives: 1/88 scanned on 08/16/2022 03:18:58)\n URL: https://support-dapps.info/ (AV positives: 15/88 scanned on 08/16/2022 03:03:31)\n File SHA256: 524180810d0b9764e5ef3923a8eb34b2ed8ca1923244be37e94ca57d889ede9b (AV positives: 56/75 scanned on 08/12/2022 02:05:05)\n File SHA256: 782eda6bdf7c6cb6067637f06c9a69c3fda5e4d6efbf7a744bc1b7574311d6ca (AV positives: 26/75 scanned on 07/31/2022 23:13:31)\n File SHA256: 53b6bcc44935e6141356b24f7e68b4970457269119a206c0a0b5d731f2e556d4 (AV positives: 6/74 scanned on 07/31/2022 22:52:37)\n34.148.97.127
2023-05-12 02:44:39Internet Name - UnresolvedNoDNS Resolver0020Nonetiktok.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 29 13:55:16 2022 GMT Not After : Mar 29 13:55:15 2023 GMT Subject: CN=tiktok.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17: 4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9: 65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62: f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc: 9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64: 24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69: 27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c: 6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a: f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c: a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a: 60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df: 3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d: e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f: cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de: d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d: f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92: 59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16: 87:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:tiktok.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77: 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13 Timestamp : Dec 29 14:55:17.050 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:28:6D:42:8E:49:9E:0C:06:C1:19:32:87: BF:75:CE:80:8F:D6:EA:C5:3B:07:D6:4C:75:42:82:B7: AF:11:51:87:02:21:00:AE:B6:AE:63:CB:FF:A9:BC:83: A0:CB:D1:C6:02:EE:7B:8C:98:F1:37:20:95:B3:3D:3B: 1D:2E:39:2F:06:AF:D5 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 29 14:55:17.019 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:D9:21:B2:7A:EF:D8:EF:8A:6A:56:47: 07:FC:9B:67:B8:AE:3E:10:F9:AF:08:C7:4F:19:35:0D: C5:86:2C:A0:FC:02:20:23:BD:B1:50:ED:06:FD:32:BC: AE:E7:5A:20:25:B5:AF:2F:31:CA:1D:81:02:1B:A1:2C: F3:DE:98:F2:29:F5:42 Signature Algorithm: sha256WithRSAEncryption 69:a8:61:13:18:01:a6:06:e2:eb:7a:7f:50:95:06:92:17:8d: ca:63:d6:69:98:12:cf:b0:fa:ee:80:84:43:ff:f7:1f:35:fe: 72:06:36:88:ae:e4:77:27:a1:93:d1:eb:02:37:43:a8:e0:86: 61:58:2f:fd:b8:58:c4:fe:4d:1e:e7:cc:96:cf:0a:d5:16:48: 9f:46:b8:50:28:e1:ed:1e:1c:e8:de:90:ce:fd:33:bc:3a:3f: eb:8c:75:a9:62:13:f7:4f:2b:08:b6:ff:b0:a0:90:34:79:dc: 8f:45:7a:05:74:fa:fc:67:dc:64:6a:b8:82:b5:d8:15:dc:e6: 30:a1:47:0a:e3:0b:70:53:63:1c:e4:bd:93:48:f8:f8:a9:29: 47:b8:8c:e0:2a:aa:34:51:c8:15:63:92:48:e4:5c:09:73:8c: 34:26:6a:c2:dd:6d:88:c9:62:37:c7:07:7b:a7:cb:0b:65:95: 3b:9c:ec:a8:8e:63:0a:23:39:ab:20:1d:fa:d0:19:f8:cd:6c: 5b:28:00:57:e4:27:6a:d2:8b:10:68:0f:2e:76:30:48:41:7b: 10:5a:d6:74:99:4a:28:13:dc:83:45:4c:b2:5e:dd:bc:a4:73: 29:47:2c:b2:ad:19:c4:e8:3c:a6:e9:8a:06:b9:d6:a7:ca:fd: 6d:cd:fb:dd
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneRick (Net ID: 00:0F:B5:14:80:C2)50.8897, 6.0563
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneClementine (Net ID: 00:02:2D:39:EC:00)37.7642, -122.3993
2023-05-12 03:32:08Open TCP PortNoPulsedive0030None188.114.97.5:443188.114.97.0/24
2023-05-12 02:54:49Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 20, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3948:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3948:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:7384:304:WilStaging_02"\n "Local\\SM0:7384:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:7384:120:WilError_01"\n "SM0:7384:304:WilStaging_02"\n "Local\\SM0:3948:304:WilStaging_02"\n "SM0:3948:120:WilError_01"\n "Local\\SM0:3948:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:3948:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3948:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3948:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"\n "104.18.10.207:443"\n "142.250.189.228:443"\n "104.26.9.175:443"\n "172.217.12.99:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"4e051b49-59db-4540-8b2e-31bf0ff2c4be.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4e051b49-59db-4540-8b2e-31bf0ff2c4be.tmp]- [targetUID: 00000000-00003948]\n "Session_13322826248083631" has type "data"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003948]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003948]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003948]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\3948_1394555003\\edge_checkout_page_validator.js]- [targetUID: 00000000-00003948]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00003912]\n "d632ab85-22c5-4d58-aa3b-6f1d5e994f5f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\d632ab85-22c5-4d58-aa3b-6f1d5e994f5f.tmp]- [targetUID: 00000000-00003948]\n "7ae86b14-961b-4af0-b1f5-83780632a832.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7ae86b14-961b-4af0-b1f5-83780632a832.tmp]- [targetUID: 00000000-00003948]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\3948_931751445\\Filtering Rules]- [targetUID: 00000000-00003948]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003948]\n "Tabs_13322826250079073" has type "data"- [targetUID: N/A]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003948]\n "f34135bd94e6cca1_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f34135bd94e6cca1_0]- [targetUID: 00000000-00003948]\n "1ccf603e-eda4-4df8-bba2-0e7bfd009569.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1ccf603e-eda4-4df8-bba2-0e7bfd009569.tmp]- [targetUID: 00000000-00003948]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.4\\edge_autofill_field_data.json]- [targetUID: 00000000-00003948]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00003948]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\3948_1394555003\\auto_open_controller.js]- [targetUID: 00000000-00003948]\n "ce116d68-26b8-44ed-a9db-e5a854af5c79.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ce116d68-26b8-44ed-a9db-e5a854af5c79.tmp]- [targetUID: 00000000-00003948]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens\\LOG]- [targetUID: 00000000-00003948]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Pattern match: "Math.PI/180"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://llink.to"\n Pattern match: "https://rabetsanatkoosha.com/SNS/site.php"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "rabetsanatkoosha.com"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "track.salesflare.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://idsync.rlcdn.com,supports_spdy:true},{isolation:[],server:https://pippio.com,supports_spdy:true},{isolation:[],server:https://assets.msn.com,supports_spdy:true},{isolation:[],server:https://ntp.msn.com,supports_spdy:true}"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Heuristic match: "ishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Pattern match: "llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Heuristic match: "ouncil.org"\n Heuristic match: "link.to"\n Heuristic match: "u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.brit"\n Pattern match: "https://llx"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuristic match: "geoiptool.com"\n Heuristic match: "getmyip.co.uk"\n Heuristic match: "getmyip.org"\n Heuristic match: "icanhazip.com"\n Heuristic match: "ifconfig.me"\n Heuristic match: "ip-addr.es"\n Heuristic match: "ip-address.domaintools.com"\n Heuristic match: "ip-api.com"\n Heuristic match: "ip-score.com"\n Heuristic match: "ip.jsontest.com"\n Heuristic match: "ip.xss.ru"\n Heuristic match: "ip4.telize.com"\n Heuristic match: "ipchicken.com"\n Heuristic match: "ipecho.net"\n Heuristic match: "ipinfo.info"\n Heuristic match: "ipinfo.io"\n Heuristic match: "ipleak.net"\n Heuristic match: "ipligence.com"\n Heuristic match: "knowmyip.com"\n Heuristic match: "maxmind.com"\n Heuristic match: "meineipadresse.de"\n Heuristic match: "myexternalip.com"\n Heuristic match: "myip.dnsomatic.com"\n Heuristic match: "myip.ht"\n Heuristic match: "myip.nl"\n Heuristic 185.199.109.153
2023-05-12 02:55:11Open TCP Port BannerNoCensys0120None220-cp.keyubu.net ESMTP Exim 4.95 #2 Thu, 11 May 2023 00:03:02 +0300 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. 87.248.157.102
2023-05-12 03:09:35Affiliate - Internet NameNoDNS Resolver0040None216.30.196.104.bc.googleusercontent.com104.196.30.216
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesflan47b (Net ID: 00:02:6F:08:22:03)37.7642, -122.3993
2023-05-12 02:45:56Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://angryip.org/download/#windows', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_8b8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_8b8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_8b8_IESQMMUTEX_0_519"\n "IsoScope_8b8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "IsoScope_8b8_IE_EarlyTabStart_0xdb4_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2232"\n "IsoScope_8b8_ConnHashTable<2232>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.189.226:443"\n "142.251.46.226:443"\n "142.251.32.33:443"\n "74.125.137.157:443"\n "142.251.32.34:443"\n "142.250.189.195:443"\n "142.250.191.42:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"angryip.org"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "googleads.g.doubleclick.net"\n "pagead2.googlesyndication.com"\n "partner.googleadservices.com"\n "stats.g.doubleclick.net"\n "tpc.googlesyndication.com"\n "www.googletagservices.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"function Hn(a){switch(a){case "true":return!0;case "false":return!1;case "null":return null;case "undefined":break;default:try{var b=a.match(/^(?:\'(.*)\'|"(.*)")$/);if(b)return b[1]||b[2]||"";if(/^[-+]?\\d*(\\.\\d+)?$/.test(a)){var c=parseFloat(a);return c===c?c:void 0}}catch(d){}}};function In(a){if(a.google_ad_client)return String(a.google_ad_client);var b,c,d,e,f;if(null!=(e=null!=(d=null==(b=X(a).head_tag_slot_vars)?void 0:b.google_ad_client)?d:null==(c=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:c.getAttribute("data-ad-client")))b=e;else{b:{b=a.document.getElementsByTagName("script");a=a.navigator&&a.navigator.userAgent||"";a=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")\n "function iF(a){var b=a.j.wpc;if(null!==b&&""!==b)var c=b;else{b=a.j;a=a.win;if(a.google_ad_client)var d=String(a.google_ad_client);else{var e,f,g;if(null!=(g=null!=(f=null==(d=ME(a).head_tag_slot_vars)?void 0:d.google_ad_client)?f:null==(e=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:e.getAttribute("data-ad-client")))d=g;else{c:{d=a.document.getElementsByTagName("script");e=a.navigator&&a.navigator.userAgent||"";e=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB03F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB01E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003832]\n "CabB02E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB02E.tmp]- [targetUID: 00000000-00003832]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "f_2_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarB03F.tmp" has type "data"- Location: [%TEMP%\\TarB03F.tmp]- [targetUID: 00000000-00003832]\n "rx_lidar_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ads_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003832]\n "analytics_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "20bbf47129839b0fb73908ded7623d1d_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "DzRfYBHlb_-YbcWIbUWhaiqMI2yuoh2HvVgg6okGiSg_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_5_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_3_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpy8_1_.woff" has type "Web Open Font Format TrueType length 24196 version 1.1"- [targetUID: N/A]\n "4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpy8_1_.woff" has type "Web Open Font Format TrueType length 23148 version 1.1"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002232]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "sodar2_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_3_.txt" has type "JSON data"- [targetUID: N/A]\n "~DFA0DE7E20CA2F8F31.TMP" has type "data"- Location: [%TEMP%\\~DFA0DE7E20CA2F8F31.TMP]- [targetUID: 00000000-00002232]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"angryip_1_.xml" has type "Unknown"\n "www.google_1_.xml" has type "Unknown"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://angryip.org/download/#windows"\n Pattern match: "https://angryip.org"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe;yd(a,function(d,e){if(d||0===d)c+=&+e+=+encodeURIComponent(+d)});Od(c,b)}function"\n Pattern match: "https://pagead2.googlesyndication.com+b,d=ke(a)-b.length;if"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/ping,If,void"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/js/err_rep.js"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics;window.LayoutShift&&"\n Pattern match: "https://www.google.com/adsense"\n Pattern match: "https://adsense.com"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/,/slotcar_library,.js"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "www.google-analytics.com},Ge=function(a){switch(a){default:case"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://tagassistant.google.com/"\n P185.199.111.153
2023-05-12 02:54:38Open TCP PortNoCensys0030None172.67.168.252:2052172.67.168.252
2023-05-12 02:44:04Web TechnologyNoTool - WAFW00F0010NoneFastly CDN Fastlybattleb0t.xyz
2023-05-12 03:01:46Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.254): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:03HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c52e4b1988e1e3e-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}172.67.135.9
2023-05-12 02:54:10HTTP HeadersNoCensys0020None{"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]}2606:4700:3031::6815:6a6
2023-05-12 03:09:27SSL Certificate - Issued byNoSSL Certificate Analyzer0020NoneC=US,O=Cloudflare\, Inc.,CN=Cloudflare Inc ECC CA-3188.114.97.1
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider0030Nonehttps://pics.battleb0t.xyz/images/master058_2.PNGhttps://pics.battleb0t.xyz/
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050None<no ssid> (Net ID: 00:06:25:AC:5B:3E)39.0469, -77.4903
2023-05-12 02:46:50Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app34.148.97.127
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonePumaLANd Airport 1 (Net ID: 00:02:2D:39:EC:A6)34.0544, -118.244
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneEnis_Home (Net ID: 00:02:CF:DB:CE:E7)40.2024, 29.0398
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030Nonesuddenlink.net-9796 (Net ID: 5C:8F:E0:22:97:94)37.751, -97.822
2023-05-12 02:48:36Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 64, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://rathook.cc/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:4108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3580:304:WilStaging_02"\n "SM0:3580:120:WilError_01"\n "Local\\SM0:3580:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:4108:120:WilError_01"\n "SM0:4108:304:WilStaging_02"\n "Local\\SM0:4108:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4108:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rathook.cc"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta name="twitter:card" content="summary_large_image">" (Indicator: "twitter")\n "<meta name="twitter:title" content="rathook.cc">" (Indicator: "twitter")\n "<meta name="twitter:description" content="So good that it rm -rf\'s your /">" (Indicator: "twitter")\n "<meta name="twitter:image" content="https://rathook.cc/rat.gif">" (Indicator: "twitter")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00004108]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00004108]\n "f_0004c4" has type "Audio file with ID3 version 2.4.0 contains:MPEG ADTS layer III v1 64 kbps 44.1 kHz Stereo"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c4]- [targetUID: 00000000-00003380]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00004108]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00003580]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00004108]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00004108]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_0]- [targetUID: 00000000-00004108]\n "Tabs_13325492462112767" has type "data"- [targetUID: N/A]\n "ba9eeff3-0e9b-418b-bd12-291953464a4e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "a3bc7a46-aa43-4dec-aba5-04629b4b4587.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- [targetUID: N/A]\n "Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]\n "History-journal" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00004108]\n "Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Favicons]- [targetUID: 00000000-00004108]\n "Cookies-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Vpn Tokens]- [targetUID: 00000000-00004108]\n "f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 106255"- [targetUID: N/A]\n "73cdbe4b-9686-4d04-b7be-c9c3f4f3e672.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://rathook.cc/"\n Pattern match: "https://rathook.cc"\n Heuristic match: "rathook.cc"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "assets.db/MANIFEST-0000012023/04/08-22:41:11.570"\n Pattern match: "assets.db/MANIFEST-000001"\n Pattern match: "assets.db/000003.log"\n Pattern match: "https://rathook.cc/rat.gif"\n Heuristic match: "athook.cc"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="&#x2a;",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n "192.168.241.220"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- [targetUID: N/A]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/91 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'64324ea527cf82106202bff7', u'target_url': None, u'in185.199.110.153
2023-05-12 02:50:13Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'Voicemail Message (Elodie Raven_ Fernando R ) From_(178-077-5401)_part_001.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:443"\n "185.199.110.153:443"\n "13.227.74.112:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5828:304:WilStaging_02"\n "Local\\SM0:5828:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8140:304:WilStaging_02"\n "Local\\SM0:8140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6188:304:WilStaging_02"\n "Local\\SM0:6188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"\n "zeptojs.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n Dropped file: "product_page.js" - Location: [%TEMP%\\5828_1708721866\\product_page.js]- [targetUID: 00000000-00005828]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\5828_946205218\\adblock_snippet.js]- [targetUID: 00000000-00005828]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\5828_1708721866\\auto_open_controller.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_checkout_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\5828_1708721866\\shoppingfre.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_tracking_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005828]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00005828]\n "Part-DE" has type "data"- Location: [%TEMP%\\5828_946205218\\Part-DE]- [targetUID: 00000000-00005828]\n "6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp]- [targetUID: 00000000-00006188]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005828]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE]- [targetUID: 00000000-00005828]\n "75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp]- [targetUID: 00000000-00005828]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00005828]\n "7de06ccc-e1f1-446e-9777-eeec16b06646.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7de06ccc-e1f1-446e-9777-eeec16b06646.tmp]- [targetUID: 00000000-00005828]\n "e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp]- [targetUID: 00000000-00005828]\n "d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp]- [targetUID: 00000000-00005828]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005828]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00005828]\n "39d75e53-4923-4b9e-bc44-d169ef496172.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\39d75e53-4923-4b9e-bc44-d169ef496172.tmp]- [targetUID: 00000000-00005828]\n "72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp]- [targetUID: 00000000-00005828]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00005828]\n "8590c4d3-1805-4c87-83be-f642e5ed3447.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8590c4d3-1805-4c87-83be-f642e5ed3447.tmp]- [targetUID: 00000000-00005828]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\5828_1392880218\\_metadata\\verified_contents.json]- [targetUID: 00000000-00005828]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"\n Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki':185.199.110.153
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneSWKIDNEY1 (Net ID: 00:02:6F:ED:54:F6)33.336199,-111.89446440830702
2023-05-12 02:54:16Web Content TypeNoWeb Spider0040Noneapplication/javascripthttps://oldfluid.battleb0t.xyz/dat.gui.min.js
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:2052188.114.96.1
2023-05-12 03:08:50Affiliate - IP AddressNoDNS Look-aside1030None34.148.97.11834.148.97.127
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:8880188.114.96.1
2023-05-12 03:09:27SSL Certificate - Raw DataNoSSL Certificate Analyzer0020NoneCertificate: Data: Version: 3 (0x2) Serial Number: 09:6b:82:e9:73:99:94:ba:fd:55:b0:21:db:c7:c8:bf Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 Validity Not Before: Aug 3 00:00:00 2022 GMT Not After : Aug 2 23:59:59 2023 GMT Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:76:16:8f:f9:e3:b6:aa:dc:0b:91:40:d8:f1:ee: e8:7f:8e:97:0e:7d:bd:b0:c5:93:63:66:fa:7b:4f: 17:a1:09:ff:20:68:33:a3:45:37:1f:e8:4b:eb:77: 53:b6:57:60:ef:a1:af:f1:36:97:26:c7:fa:95:e9: 9a:ab:1a:dd:7d ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F X509v3 Subject Key Identifier: 18:B9:52:2C:13:17:3E:3A:39:88:53:5C:BD:9C:BE:05:0B:02:25:90 X509v3 Subject Alternative Name: DNS:cdnjs.cloudflare.com, DNS:*.cdnjs.cloudflare.com, DNS:sni.cloudflaressl.com X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl Full Name: URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt X509v3 Basic Constraints: critical CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Aug 3 19:12:00.178 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:35:9E:7D:1C:03:B8:4A:87:C0:13:01:D5: 28:AD:64:70:5B:10:FC:72:88:58:48:7A:E3:4C:D5:27: DB:76:00:22:02:20:12:E0:E2:34:44:22:24:C1:E5:7A: 25:12:AD:9E:F8:88:A1:A0:65:AF:1A:76:C9:03:41:4F: 8A:70:C8:E6:BA:DA Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB: B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C Timestamp : Aug 3 19:12:00.017 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:EE:6E:D3:CF:4A:8A:13:16:AB:6B:C2: F7:32:B6:2A:5B:13:45:7A:44:ED:3B:86:8B:85:F4:94: BA:E0:8C:12:60:02:21:00:8C:46:CA:E7:C6:A7:69:C8: 22:62:61:BA:E1:29:8F:BC:3C:BF:F4:A2:81:44:80:DA: F5:C9:B6:E6:AF:CD:A6:FB Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09: 4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A Timestamp : Aug 3 19:12:00.038 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:E5:0C:F6:4E:3C:40:01:1A:EC:D8:91: 2D:69:6A:1C:FF:4F:75:55:8C:D7:D2:38:86:36:36:FA: EE:4F:65:29:FC:02:21:00:9F:BC:3F:8A:93:C7:A2:ED: F5:94:99:85:01:90:F2:60:36:3B:2E:03:0E:E0:46:5E: 8C:3E:16:39:2B:64:D1:78 Signature Algorithm: ecdsa-with-SHA256 30:45:02:21:00:d8:35:e0:5c:fe:c9:39:b4:06:5a:95:36:1c: 73:f4:85:1c:c5:6e:6b:ef:48:76:d6:7f:a3:fe:55:ed:82:7f: c5:02:20:7f:8c:86:3a:6f:04:3e:0d:d7:cc:87:51:a8:0d:5c: ce:bc:93:88:aa:35:4a:5c:02:bb:47:5c:7c:87:7b:21:de 188.114.97.1
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00why00.github.io] https://www.openphish.com/feed.txt00why00.github.io
2023-05-12 03:00:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.26): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:54:18HTTP HeadersNoWeb Spider2020None{"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WDQHNHJAAXWWVJBZZ5B", "content-type": "text/html; charset=UTF-8", "age": "0"}pics.battleb0t.xyz
2023-05-12 02:54:41Open TCP PortNoCensys0030None104.196.30.220:443104.196.30.220
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NonemyLGNet2EE2 (Net ID: 00:01:36:5B:2E:E0)37.7813933,-122.3918002
2023-05-12 03:23:15Open TCP PortNoPulsedive0030None188.114.96.3:80188.114.96.0/24
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneBurfas10 (Net ID: 00:15:6D:A0:BD:ED)40.2024, 29.0398
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneBrown?s Living Room (Net ID: 00:19:9D:FF:D0:E3)32.8608, -79.9746
2023-05-12 02:44:09SSL Certificate ExpiringYesCertSpotter0010None2023-05-12 05:22:09ayhu.xyz
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor5020None+14806242599Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 02:55:05Physical LocationNoCensys0020NoneSan Francisco, California, 94107, United States, North America188.114.97.1
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c575ea9e94610e1-ORD Content-Encoding: gzip 172.67.135.9
2023-05-12 03:03:39Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io01001101ck.github.io
2023-05-12 02:58:22SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 17:51:43 2022 GMT Not After : Mar 13 17:51:42 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e: d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22: e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c: dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65: eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87: 63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79: 63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96: 79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c: 81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f: c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9: e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e: 7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8: 77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13: b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9: 37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1: b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa: 98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71: 67:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption b3:28:33:86:e5:dc:4a:a5:0d:54:63:88:53:14:c5:02:19:6c: 52:0c:eb:6c:53:81:1e:79:fa:32:9b:67:92:47:04:43:5c:50: 0d:d4:24:6a:dc:a8:66:3f:6f:01:46:76:6d:ab:41:86:f7:8a: 9f:a9:30:88:c8:3c:39:d0:93:9d:c0:84:21:71:d0:ed:5b:fd: 37:f1:e5:b1:17:44:f1:5d:0d:e3:ee:59:71:ab:af:ea:49:a9: 6f:46:0a:b8:4f:fb:b3:90:f5:22:5b:f7:15:85:47:7f:49:6f: 40:88:be:87:42:31:e5:73:5b:21:63:86:05:bf:5e:c7:08:7b: 22:bd:7c:ea:3c:10:5d:31:48:93:7d:11:b0:63:57:aa:ac:8f: 0e:e2:79:b2:0b:1e:4c:22:c3:9b:30:05:63:91:46:7c:08:bc: 0b:a5:df:0d:fa:d4:f5:ca:11:e2:c3:e9:3b:84:63:2a:e1:83: 23:69:5a:17:9e:82:bd:3e:38:bf:2f:e0:e7:d8:8e:1f:89:ec: 98:5e:98:15:2d:6f:da:3d:c3:ff:6f:27:47:e4:75:ff:0f:27: 54:ce:7a:dc:ed:b7:3c:34:cb:a9:19:03:70:2a:f8:d1:db:82: d5:fe:f6:78:e7:00:e6:9d:bd:26:7b:70:c5:8a:f4:85:0a:5c: ca:c5:68:7d ayhu.xyz
2023-05-12 03:01:37Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.137): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:44:12SSL Certificate - Issued toNoSSL Certificate Analyzer1020NoneC=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.iowww.battleb0t.xyz
2023-05-12 02:53:25Raw Data from RIRsNoHybrid Analysis1020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamasko.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b7c_IE_EarlyTabStart_0xea4_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2940"\n "IsoScope_b7c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b7c_ConnHashTable<2940>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b7c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.186:80"\n "154.82.100.186:443"\n "172.217.12.106:443"\n "47.253.50.2:443"\n "142.250.191.42:443"\n "142.251.214.131:443"\n "43.251.41.15:443"\n "104.17.210.243:443"\n "142.250.191.67:443"\n "103.143.19.103:443"\n "104.17.213.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "185.199.109.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamasko.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "collect-v6.51.la"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "metamask.io"\n "metamasko.com"\n "perf.hsforms.com"\n "sdk.51.la"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "<meta content="MetaMask - A crypto wallet &amp; gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="A crypto wallet &amp; gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="summary_large_image" name="twitter:card">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<div style="padding-top:56.17021276595745%" class="video w-video w-embed"><iframe class="embedly-embed" src="widgets/media.html" scrolling="no" title="YouTube embed" frameborder="0" allow="autoplay; fullscreen" allowfullscreen="true"></iframe></div>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<a href="javascript:;" rel="noreferer\n noopener" target="_blank" class="footer-link">Twitter</a>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlref_httpmetamasko.com" as clean (type is "HTML document UTF-8 Unicode text with very long lines")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF342.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF3C1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 450x450 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003916]\n "CabF331.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression185.199.109.153
2023-05-12 03:11:22Physical CoordinatesNoAbstractAPI0030None50.1188, 8.6843207.154.228.169
2023-05-12 03:24:48CountryNoCountry Name Extractor0040NoneUnited StatesNorth Charleston, South Carolina, 29405, United States, North America
2023-05-12 03:12:12Vulnerability - CVE LowYesTool - testssl.sh0220NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.188.114.96.1
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneVillakakelbond2 (Net ID: 00:14:5C:8C:72:80)50.8897, 6.0563
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.169): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:00:37Affiliate - Email AddressNoE-Mail Address Extractor0030Noneregistrar-abuse@cloudflare.comDomain Name: TAYHU.XYZ Registry Domain ID: D286586654-CNIC Registrar WHOIS Server: whois.cloudflare.com Registrar URL: http://cloudflare.com Updated Date: 2023-03-07T02:18:07.0Z Creation Date: 2022-03-31T20:18:56.0Z Registry Expiry Date: 2024-03-31T23:59:59.0Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant Organization: Registrant State/Province: Hamburg Registrant Country: DE Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: PRANAB.NS.CLOUDFLARE.COM Name Server: JOCELYN.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: TAYHU.XYZ Registry Domain ID: D286586654-CNIC Registrar WHOIS Server: whois.cloudflare.com Registrar URL: https://www.cloudflare.com Updated Date: 2023-03-09T21:53:06Z Creation Date: 2022-03-31T20:18:56Z Registrar Registration Expiration Date: 2024-03-31T23:59:59Z Registrar: Cloudflare, Inc. Registrar IANA ID: 1910 Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Registry Registrant ID: Registrant Name: DATA REDACTED Registrant Organization: DATA REDACTED Registrant Street: DATA REDACTED Registrant City: DATA REDACTED Registrant State/Province: Hamburg Registrant Postal Code: DATA REDACTED Registrant Country: DE Registrant Phone: DATA REDACTED Registrant Phone Ext: DATA REDACTED Registrant Fax: DATA REDACTED Registrant Fax Ext: DATA REDACTED Registrant Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Registry Admin ID: Admin Name: DATA REDACTED Admin Organization: DATA REDACTED Admin Street: DATA REDACTED Admin City: DATA REDACTED Admin State/Province: DATA REDACTED Admin Postal Code: DATA REDACTED Admin Country: DATA REDACTED Admin Phone: DATA REDACTED Admin Phone Ext: DATA REDACTED Admin Fax: DATA REDACTED Admin Fax Ext: DATA REDACTED Admin Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Registry Tech ID: Tech Name: DATA REDACTED Tech Organization: DATA REDACTED Tech Street: DATA REDACTED Tech City: DATA REDACTED Tech State/Province: DATA REDACTED Tech Postal Code: DATA REDACTED Tech Country: DATA REDACTED Tech Phone: DATA REDACTED Tech Phone Ext: DATA REDACTED Tech Fax: DATA REDACTED Tech Fax Ext: DATA REDACTED Tech Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Registry Billing ID: Billing Name: DATA REDACTED Billing Organization: DATA REDACTED Billing Street: DATA REDACTED Billing City: DATA REDACTED Billing State/Province: DATA REDACTED Billing Postal Code: DATA REDACTED Billing Country: DATA REDACTED Billing Phone: DATA REDACTED Billing Phone Ext: DATA REDACTED Billing Fax: DATA REDACTED Billing Fax Ext: DATA REDACTED Billing Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz Name Server: jocelyn.ns.cloudflare.com Name Server: pranab.ns.cloudflare.com DNSSEC: unsigned Registrar Abuse Contact Email: registrar-abuse@cloudflare.com Registrar Abuse Contact Phone: +1.4153197517 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:59:45Z <<< For more information on Whois status codes, please visit https://icann.org/epp Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience. NOTICE: Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/ By submitting this query, you agree to abide by these terms. Register your domain name at https://www.cloudflare.com/registrar/
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneREL (Net ID: 00:02:2D:02:35:63)37.7813933,-122.3918002
2023-05-12 03:03:40Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0101dd.github.io
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030Nonetotamay (Net ID: 00:02:2D:29:D3:71)34.0544, -118.244
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneMPR1 (Net ID: 00:02:6F:BD:4E:18)33.336199,-111.89446440830702
2023-05-12 02:45:53Physical LocationNoAbstractAPI0040NoneMontreal, Quebec, H4X, United States, North America2606:4700:3037::6815:470e
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneWLAN (Net ID: 00:01:24:F0:17:4A)37.7813933,-122.3918002
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020NoneInstagram (Category: social) https://instagram.com/ayhuayhu
2023-05-12 02:46:49Co-Hosted SiteNoSSL Certificate Analyzer0030Nonecloudwaysapps.com64.226.81.43
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 401 Unauthorized Date: <REDACTED> Server: cPanel Persistent-Auth: false Host: 87.248.157.102:2091 Connection: close WWW-Authenticate: Basic realm="Restricted Area" Content-Encoding: gzip Content-Length: 52 Content-Type: text/html; charset="utf-8" 87.248.157.102
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NoneCompanies based in Bath, Somersetbaffin.netcraft.com
2023-05-12 03:01:39Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.165): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:47Account on External SiteNoAccount Finder0020NoneSnapchat Stories (Category: social) https://story.snapchat.com/s/patrickpogodapatrickpogoda
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonecpanel.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3: a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c: 8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3: 6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa: c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca: f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58: b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28: b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e: 26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2: d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c: 40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a: 2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67: 8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99: 1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c: 4e:9f:6c:9d
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c53def4fc411045-ORD Content-Encoding: gzip 104.21.71.14
2023-05-12 03:09:40Affiliate - Internet NameNoDNS Resolver0040None115.48.229.35.bc.googleusercontent.com35.229.48.115
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneWireless (Net ID: 00:09:5B:31:8E:D4)39.0469, -77.4903
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0030Nonenel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 02:58:35Phone NumberNoPhone Number Extractor0020None+14806242599Domain Name: AYHU.XYZ Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com/ Updated Date: 2023-01-27T12:12:18.0Z Creation Date: 2022-12-13T18:01:25.0Z Registry Expiry Date: 2023-12-13T23:59:59.0Z Registrar: Go Daddy, LLC Registrar IANA ID: 146 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4805058800 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayhu.xyz Registry Domain ID: D338262912-CNIC Registrar WHOIS Server: whois.godaddy.com Registrar URL: https://www.godaddy.com Updated Date: 2022-12-13T18:01:26Z Creation Date: 2022-12-13T18:01:25Z Registrar Registration Expiration Date: 2023-12-13T23:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: CR599348184 Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Registrant Street: 2155 E Warner Rd Registrant City: Tempe Registrant State/Province: Arizona Registrant Postal Code: 85284 Registrant Country: US Registrant Phone: +1.4806242599 Registrant Phone Ext: Registrant Fax: +1.4806242598 Registrant Fax Ext: Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Admin ID: CR599348186 Admin Name: Registration Private Admin Organization: Domains By Proxy, LLC Admin Street: DomainsByProxy.com Admin Street: 2155 E Warner Rd Admin City: Tempe Admin State/Province: Arizona Admin Postal Code: 85284 Admin Country: US Admin Phone: +1.4806242599 Admin Phone Ext: Admin Fax: +1.4806242598 Admin Fax Ext: Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Registry Tech ID: CR599348185 Tech Name: Registration Private Tech Organization: Domains By Proxy, LLC Tech Street: DomainsByProxy.com Tech Street: 2155 E Warner Rd Tech City: Tempe Tech State/Province: Arizona Tech Postal Code: 85284 Tech Country: US Tech Phone: +1.4806242599 Tech Phone Ext: Tech Fax: +1.4806242598 Tech Fax Ext: Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz Name Server: BRETT.NS.CLOUDFLARE.COM Name Server: LEANNA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp TERMS OF USE: The data contained in this registrar's Whois database, while believed by the registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose is expressly forbidden without the prior written permission of this registrar. By submitting an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not to use this data to allow, enable, or otherwise support the dissemination or collection of this data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations of any kind, including spam. You further agree not to use this data to enable high volume, automated or robotic electronic processes designed to collect or compile this data for any purpose, including mining this data for your own personal or commercial purposes. Failure to comply with these terms may result in termination of access to the Whois database. These terms may be subject to modification at any time without notice.
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneHOME-4F32 (Net ID: 00:1D:D4:64:4F:30)32.8608, -79.9746
2023-05-12 02:45:35Raw DNS RecordsNoDNS Raw Records0020Nonewww.battleb0t.xyz. 300 IN CNAME battleb0t.github.io.www.battleb0t.xyz
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060Noneimgur (Category: images) https://imgur.com/user/login/aboutlogin
2023-05-12 03:31:27Affiliate - Email AddressNoE-Mail Address Extractor0050Noneabuse@ascio.com Domain Name: DONTKILLMYAPP.COM Registry Domain ID: 2344645406_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ascio.com Registrar URL: http://www.ascio.com Updated Date: 2022-11-24T07:34:59Z Creation Date: 2018-12-19T04:28:10Z Registry Expiry Date: 2023-12-19T04:28:10Z Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA Registrar IANA ID: 106 Registrar Abuse Contact Email: abuse@ascio.com Registrar Abuse Contact Phone: +1.4165350123 Domain Status: ok https://icann.org/epp#ok Name Server: NS.WEDOS.COM Name Server: NS.WEDOS.CZ Name Server: NS.WEDOS.EU Name Server: NS.WEDOS.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:09:05Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: dontkillmyapp.com Registry Domain ID: 2344645406_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.ascio.com Registrar URL: http://www.ascio.com Updated Date: 2022-11-24T07:35:59Z Creation Date: 2018-12-19T00:00:00Z Registrar Registration Expiration Date: 2023-12-19T04:28:10Z Registrar: Ascio Technologies, Inc Registrar IANA ID: 106 Registrar Abuse Contact Email: abuse@ascio.com Registrar Abuse Contact Phone: +44 (20) 81583881 Domain Status: OK https://icann.org/epp#ok Registry Registrant ID: Not Disclosed Registrant Name: Not Disclosed Registrant Organization: Not Disclosed Registrant Street: Not Disclosed Registrant City: Not Disclosed Registrant State/Province: Registrant Postal Code: Not Disclosed Registrant Country: CZ Registrant Phone: Not Disclosed Registrant Phone Ext: Not Disclosed Registrant Fax: Not Disclosed Registrant Fax Ext: Not Disclosed Registrant Email: https://whoiscontact.ascio.com?domainname=dontkillmyapp.com Registry Admin ID: Not Disclosed Admin Name: Not Disclosed Admin Organization: Not Disclosed Admin Street: Not Disclosed Admin City: Not Disclosed Admin State/Province: Not Disclosed Admin Postal Code: Not Disclosed Admin Country: Not Disclosed Admin Phone: Not Disclosed Admin Phone Ext: Not Disclosed Admin Fax: Not Disclosed Admin Fax Ext: Not Disclosed Admin Email: Not Disclosed Registry Tech ID: Not Disclosed Tech Name: Not Disclosed Tech Organization: Not Disclosed Tech Street: Not Disclosed Tech City: Not Disclosed Tech State/Province: Not Disclosed Tech Postal Code: Not Disclosed Tech Country: Not Disclosed Tech Phone: Not Disclosed Tech Phone Ext: Not Disclosed Tech Fax: Not Disclosed Tech Fax Ext: Not Disclosed Tech Email: Not Disclosed Name Server: ns.wedos.net Name Server: ns.wedos.cz Name Server: ns.wedos.eu Name Server: ns.wedos.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: https://icann.org/wicf >>> Last update of WHOIS database: 2023-05-12T03:09:25Z <<< For more information on Whois status codes, please visit https://icann.org/epp The data in Ascio Technologies' WHOIS database is provided by Ascio Technologies for information purposes only. By submitting a WHOIS query, you agree that you will use this data only for lawful purpose. In addition, you agree not to: (a) use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts; or (b) use the data to enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. (c) sell or redistribute the data except insofar as it has been incorporated into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties. Ascio Technologies reserves the right to modify these terms at any time. Ascio Technologies cannot guarantee the accuracy of the data provided. By accessing and using Ascio Technologies WHOIS service, you agree to these terms.
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneAshton7346 (Net ID: 00:06:25:61:05:DC)33.336199,-111.89446440830702
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0101.github.io] https://www.openphish.com/feed.txt0101.github.io
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonesnoopyine (Net ID: 00:01:E3:4A:B1:79)50.1188, 8.6843
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonevapor (Net ID: 00:02:2D:09:FC:69)37.780462,-122.390564
2023-05-12 03:03:17Internet Name - UnresolvedNoDNS Resolver0020Nonecpcontacts.ayhu.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 14 03:53:54 2022 GMT Not After : Mar 14 03:53:53 2023 GMT Subject: CN=ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81: fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6: b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8: 02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7: e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86: 41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47: b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1: d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c: 38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f: 39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d: 72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66: f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01: b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31: 4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4: 71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5: ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3: 29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90: f8:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 14 04:53:54.573 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0: E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94: 30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59: 8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63: FB:4F:E2:E6:C3:EE:2C:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9: 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E Timestamp : Dec 14 04:53:55.080 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A: 02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81: BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D: D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90: F0:18:EF:92:21:63:F2 Signature Algorithm: sha256WithRSAEncryption 47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7: 4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f: ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec: 3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2: 3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64: 37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8: 92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9: 05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84: 7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d: 6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c: 36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78: 12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d: 48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab: a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82: 84:78:32:a1
2023-05-12 03:00:49Co-Hosted SiteNoHackerTarget2020None0-fog.github.io185.199.111.153
2023-05-12 02:50:19Physical LocationNoipstack0030NoneUnited States104.21.71.14
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NonemyLGNet_411 (Net ID: 00:01:36:45:14:AA)34.0544, -118.244
2023-05-12 02:50:19Physical LocationNoipstack0030NoneUnited States172.67.168.252
2023-05-12 02:44:49Raw Data from RIRsNoCRXcavator0010None[{"platform": "Chrome", "version": "1.6.1", "data": {"webstore": {"website": "https://github.com/jawil/GayHub", "rating": 4.6923075, "privacy_policy": "", "last_updated": "2018-02-20", "name": "GayHub", "price": "", "offered_by": "", "support_site": "", "version": "", "address": "", "short_description": "An awesome chrome extension for github", "permission_warnings": ["Your data on github.com and gist.github.com", "Your tabs and browsing activity"], "users": 3000, "size": "475KiB", "type": "Extension", "email": "", "rating_users": 26, "icon": "https://lh3.googleusercontent.com/rZ8V_inU3Be2PxnPEyV9srR3G_5mJ_618v81YKqluedhhRG1boWeD5rZHFFN4VI0_7dmWXBueXjQBFnTN4kAfCmNbQ=w128-h128-e365-rj-sc0x00ffffff"}, "risk": {"webstore": {"privacy_policy": 1, "last_updated": 5, "users": 1, "email": 1, "address": 1, "total": 11, "support_site": 1, "rating_users": 1}, "metadata": {}, "total": 403, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "permissions": {"total": 15}}, "related": {"opljiobgnagdjikipnagigiacllolpaj": {"rating": 4.25, "users": 2000, "platform": "", "short_description": "This extension shows the external&internal IP addresses when you click the extension icon. https://helloacm.com/what-is-my-ip/", "icon": "https://lh3.googleusercontent.com/OurtCVWPKROdy5kH63tDPxXBL3vvou2I83sUOA-jLe-YqgroIGs-lbPy9vGBfqswfTrgxpEXmdFzqLlxFxWYXn-dzQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8, "name": "Show My IP Addresses (External and Local)"}, "lfjcgcmkmjjlieihflfhjopckgpelofo": {"rating": 4.6489363, "users": 10000, "platform": "", "short_description": "Manage your gas code with github/github enterprise/bitbucket/gitlab", "icon": "https://lh3.googleusercontent.com/JQyTyCU3aXSfpzGXEYZDelP5ybdWSGiUk9ji6YW512-z3rHuyqaLizFmvf82tfGK3yNNtNmEagNnestoBypiYfWg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 94, "name": "Google Apps Script GitHub Assistant"}, "lomkpheldlbkkfiifcbfifipaofnmnkn": {"rating": 4.6296296, "users": 30000, "platform": "", "short_description": "Code Cola is a chrome extension for editing online pages' css style visually.", "icon": "https://lh3.googleusercontent.com/GQWBPNAC8Q7LdRt-cnVK4JrImzSNY2HVSNWgsZlup1YaXFLx5VVr7fa34WEvV0cPv-zalCCQ5_3ck7IHBxrhgsGuKA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 189, "name": "Code Cola"}, "deeboegbjcnfgidliakhpoapnpomphji": {"rating": 3.857143, "users": 1000000, "platform": "", "short_description": "Toolbar for web development", "icon": "https://lh3.googleusercontent.com/di-L2xSddlNgutumTJHpRrMBo5ZbzogHp923sYoHpOhfY4MH4x6Oq_XAuc3m1bzp3wU2btfH=w128-h128-e365", "rating_users": 21, "name": "Web Developer Toolbar"}, "bhghoamapcdpbohphigoooaddinpkbai": {"rating": 3.9225047, "users": 3000000, "platform": "", "short_description": "Authenticator generates two-factor authentication codes in your browser.", "icon": "https://lh3.googleusercontent.com/LEgohRXYMasRoU-SXiJrkH_LsMMMgpKERWbOCpofID-cbbtKm4DjovRnDo2eiyvWBGcOUSjvQmBPOGKJW7g8y1aJCw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1613, "name": "Authenticator"}, "dnkhdiodfglfckibnfcjbgddcgjgkacd": {"rating": 4.6666665, "users": 2000, "platform": "", "short_description": "a command launcher with extension management/app launcher/tab management/history search/alfred", "icon": "https://lh3.googleusercontent.com/SIB0XUxRArOkDoQEj3OXtt3X8-NphqgNyXwHNI6TBaIFKYOn-cXNakkxFMXIQd7qOQO76QZ-K21qwfvSnDgJHEW-=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 45, "name": "Steward Plus"}, "pdnaboncdpkapafcfbajadgknpfjegod": {"rating": 4.7608695, "users": 10000, "platform": "", "short_description": "This Chrome Extension adds audio download links for several online dictionaries.", "icon": "https://lh3.googleusercontent.com/dZbwAzFrBHjjcXq2qVL6TJl4_3UOU4fwEsYqAnzmpzYb00qLThXY3SzkoHQtHViLN5XnPs-MTlGXPpQCf0v-VRM_ng=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 92, "name": "Download Audio of Online Dictionaries"}, "mdolidbiejfnaejdoagjacapnichoccj": {"rating": 4.1538463, "users": 6000, "platform": "", "short_description": "Change every web page style, darken background color and brighten font color, prevent users see high brightness web page.", "icon": "https://lh3.googleusercontent.com/1JZIBrNIhozVuMip1G94Dh_fUaA4_Z-9YPGOHIyPleEphEcxtYZ7P41-tokT9f0iOferGYTOLdI4flseKdEsHZjy8g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 39, "name": "Darker Background Brighter Font"}, "gcalenpjmijncebpfijmoaglllgpjagf": {"rating": 4.7571106, "users": 600000, "platform": "", "short_description": "Change the web at will with userscripts", "icon": "https://lh3.googleusercontent.com/gi92Uq5ScxlMrm9WbsCN09d8KCLZ9JXgc8sWr4qCTu7EGFD9jcVAI3zQvTC-MDBBLpLO8Rbj7knyQy77YXGFghxtAQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4430, "name": "Tampermonkey BETA"}, "effllpcngdchldpedlbehnipblaamnng": {"rating": 5, "users": 88, "platform": "", "short_description": "Blocking offending scripts related to the GitHub DDoS incident, annoying messages and being exploited as source of attack.", "icon": "https://ssl.gstatic.com/chrome/webstore/images/thumb_1280x800.png", "rating_users": 9, "name": "Blockdu"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "padekgcemlokbadohgkifijomclgjgif": {"rating": 4.6292105, "users": 2000000, "platform": "", "short_description": "Manage and switch between multiple proxies quickly & easily.", "icon": "https://lh3.googleusercontent.com/Ar6pRol9XdP7QSJdQPlWUngT111eg-HCjcavM7DVg3UUIuICRhvL6_v0UcIaNt3xLuBsP0_EUww2RftpnWzYgv_MFA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 3711, "name": "Proxy SwitchyOmega"}, "mnloefcpaepkpmhaoipjkpikbnkmbnic": {"rating": 3.7554348, "users": 100000, "platform": "", "short_description": "Set proxy for Google Chrome browser", "icon": "https://lh3.googleusercontent.com/PkscN0Tmyvc2QN9fac507RxloPLUmpt0XleReFKtefpg_BLAF7w2raCsZqDcpxAlARfIRg4r2Hv9FMM6glQufRCz3bg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 184, "name": "Proxy Helper"}, "bgjfekefhjemchdeigphccilhncnjldn": {"rating": 4.6003976, "users": 90000, "platform": "", "short_description": "A customizable web browser extension that enhances productivity and efficiency through the use of mouse.", "icon": "https://lh3.googleusercontent.com/r8NbCimEmdt_Y_rN_qvBygGXqQZZuktE3iVsqPg2PDNtH0sLFIMTKIhitG0nRYi1fhOTqkhLJOV7YfGgZKQR8wpPKQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1509, "name": "smartUp Gestures"}, "giompennnhheakjcnobejbnjgbbkmdnd": {"rating": 3.9375, "users": 10000, "platform": "", "short_description": "Unites Local Storage, Session Storage and Cookie in one place. Powerful functions with intuitive and concise UI.", "icon": "https://lh3.googleusercontent.com/iQU5omt0D6V3VkW961Xw7PchpmSE57ELnxy2bFv65046rzzF3oMOW5wdMQDoraJZPKkzYPpxoBPPoewZ3V1J75o=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 112, "name": "Swoosh Cookie and Local Storage Specialist"}, "ehnambpmkdhopilaccgfmojilolcglhn": {"rating": 3.9767442, "users": 4000, "platform": "", "short_description": "View markdown file in Chrome.", "icon": "https://lh3.googleusercontent.com/FU0pA5x7SMXMsTaPqfs-gQ3Wizxi4cAYd2oVstoXb4pj2d3QqrPkYZ0tGrWn9YYhNNO18j1QsXMgMDGkU5-oxaAQ4w=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 43, "name": "MarkView"}, "aajodjghehmlpahhboidcpfjcncmcklf": {"rating": 4.5122952, "users": 20000, "platform": "", "short_description": "A powerful Extensions Manager and Userscript Manager with many unique features", "icon": "https://lh3.googleusercontent.com/p8_fd7TENaa2HASn2bHS7O2cwGdcXnyJr0Q7Kjxlqt_G5ralSx93hBvhME4UrXpSWDCp-zdPrwuqf_EgyiQPMIt8gg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 244, "name": "NooBoss"}, "ljjpkibacifkfolehlgaolibbnlapkme": {"rating": 3.5555556, "users": 5000, "platform": "", "short_description": "Assistant for get HTTP ONLY Cookies.", "icon": "https://lh3.googleusercontent.com/zZPUPORBzI7kmAkRFkyjtrLiM17p37HeJGNTKVPfY_IaMjX3BUgpiQXtA2UWrompAqK_E-ixFfU=w128-h128-e365", "rating_users": 18, "name": "Cookies Get Assistant"}, "kaodcnpebhdbpaeeemkiobcokcnegdki": {"rating": 4.387755, "users": 10000, "platform": "", "short_description": "Gives you approximate count of lines of code on GitHub", "icon": "https://lh3.googleusercontent.com/wVtUFY8eOOwpsblTcFWpOmQt4yB2BF3aVumaIgMZMf_L6i9ynhcGdXdI7f256COTYOzhxvWGJLcelzBm_5-jq3Y8=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 49, "name": "GitHub Gloc"}, "clngdbkpkpeebahjckkjfobafhncgmne": {"rating": 4.5206184, "users": 600000, "platform": "", "short_description": "Redesign the web with Stylus, a user styles manager. Stylus allows you to easily install themes and skins for many popular sites.", "icon": "https://lh3.googleusercontent.com/2K8pc_5-2DkPam9b3oAWoITZ7IuIz68A5a8Ssg2_MNNHTPWPOPSBVTFdTmeVu9hi8GJxpKbvTekgwpeyGV6vXyBKH80=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 970, "name": "Stylus"}, "fpnknfakcmgkbhccgpgnbaddggjligol": {"rating": 4.7973566, "users": 8000, "platform": "", "short_description": "A handful player built for easy use in youku. \n\nOpen source\uff1ahttps://github.com/esterTion/Youku-HTML5-Player", "icon": "https://lh3.googleusercontent.com/I_gHk0mIY6XM0RyRno2WO0rsH3VDOwVf1rUKy4E88kDpm5b3Yslv1d3I1qQL4318c8g0gYqLuCZhSDFtJ6N3WP_46Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 227, "name": "Yet Another Player for Youku"}, "baggcehellihkglakjnmnhpnjmkbmpkf": {"rating": 4.5283017, "users": 9000, "platform": "", "short_description": "Missing mate of GitHub, making single file download effortless and with more features", "icon": "https://lh3.googleusercontent.com/lu8gjeuKCYW846Y-l8tt4PulU4R3TBXqe0FDwmve_DhHD5RDuf6lUps2d0isFU-WLzjgrXZ5PQ=w128-h128-e365", "rating_users": 53, "name": "Octo Mate"}, "nkbihfbeogaeaoehlefnkodbefgpgknn": {"rating": 3.2891767, "users": 10000000, "platform": "", "short_description": "An Ethereum Wallet in your Browser", "icon": "https://lh3.googleusercontent.com/QW0gZ3yugzXDvTANa5-cc1EpabQ2MGnl6enW11O6kIerEaBQGOhgyUOvhRedndD9io8RJMmJZfIXq1rMxUsFHS2Ttw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 3012, "name": "MetaMask"}, "klbibkeccnjlkjkiokjodayhu.xyz
2023-05-12 03:31:58Open TCP PortNoPulsedive0030None188.114.97.0:443188.114.97.0/24
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050Nonepancakes (Net ID: 00:00:48:67:6D:D1)37.780462,-122.390564
2023-05-12 03:33:47Raw File Meta DataNoBinary String Extractor0040NoneIDATx m_p Y 0a6-X h5Zh5b 4L8uS >m7xY YGhP5 10IMLR bc<p0 :"CGlZ k>04D A nL/ "KBt:-t h\dHkQU 2<qC jg>v\i AW$@C V3\/g :>2'F WF93l IDATV S93lg `f--p >m'xY3t` :'9Pp .C-Z1 0BL@'x IgL<S` b5la- ?sbrH Bq18x A92tp f!34_ 4tk 3F@s.F y by2 .z23c :\i_U 0`S7g 0.H@1 VXR/t DeuLK L5g0s o:LGXb Q3w5c af`03 3EEito D:hSE p6!X3 L<vf: T>wke M46@LR AY5:3 NGqyG mFEmF ujL l s"978b avEV1 T.f>Bo `t3@V jvQ@M9 4:k?u\ a\'c03q fjAYU XT7B/ Nt3te -94tc TOM' L<fv? :1teL? KeTN3 R1G3@ L2rf: z94-L 95K95 p_KcW 8-X8eR 4qZ0qR`l \5Q F yLSzA'm1 YC5NV 6/F1/z rRZ21 >ifp3 9CI<c\ Tfx2B Ql2 l 8rFLV !Lrlv Otu43a k`XjcT 3l9? _JbXI Z\qcd3 aF<3L aDs?cc@uF \.:8_u 0.WF<5_ 0Tfx H`U?X 7IaSahttps://pics.battleb0t.xyz/images/kappi_1.png
2023-05-12 03:01:07Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.117): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBitchute (Category: political) https://www.bitchute.com/channel/login/login
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneProCare-Guest (Net ID: 00:01:21:1C:30:F0)37.7813933,-122.3918002
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None002evapey.github.io185.199.111.153
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030None2WIRE119 (Net ID: 00:02:2D:68:85:12)34.0544, -118.244
2023-05-12 02:55:11Open TCP Port BannerNoCensys0020NoneHTTP/1.1 401 Unauthorized Date: <REDACTED> Server: cPanel Persistent-Auth: false Host: 87.248.157.102:2080 Cache-Control: no-cache, no-store, must-revalidate, private Connection: close Vary: Accept-Encoding WWW-Authenticate: Basic realm="Horde DAV Server" Content-Encoding: gzip Content-Length: 52 Content-Type: text/html; charset="utf-8" Expires: Fri, 01 Jan 1990 00:00:00 GMT 87.248.157.102
2023-05-12 02:46:04Physical LocationNoMetaDefender0030NoneJacksonville, United States64.226.81.43
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonecross-origin-embedder-policy: require-corp{"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"}
2023-05-12 03:24:50CountryNoCountry Name Extractor0050NoneAustraliaDomain Name: scoop.sh Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS Registrar WHOIS Server: whois.gandi.net Registrar URL: https://www.gandi.net Updated Date: 2022-05-25T08:13:34Z Creation Date: 2013-06-20T11:02:06Z Registry Expiry Date: 2023-06-20T11:02:06Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: QLD Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: ns-1530.awsdns-63.org Name Server: ns-604.awsdns-11.net Name Server: ns-308.awsdns-38.com Name Server: ns-1776.awsdns-30.co.uk DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://icann.org/epp Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain Name: scoop.sh Registry Domain ID: UNDEF-ROID Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2023-04-21T08:07:40Z Creation Date: 2013-06-20T09:02:06Z Registrar Registration Expiration Date: 2023-06-20T11:02:06Z Registrar: GANDI SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Reseller: Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: Domain Status: Domain Status: Domain Status: Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: StudyStays Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AU Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net Name Server: NS-604.AWSDNS-11.NET Name Server: NS-1776.AWSDNS-30.CO.UK Name Server: NS-308.AWSDNS-38.COM Name Server: NS-1530.AWSDNS-63.ORG Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp Reseller Email: Reseller URL: Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden. A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts. For additional information, please contact us via the following form: https://www.gandi.net/support/contacter/mail/
2023-05-12 03:08:46Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.215104.196.30.220
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Noneinfinity2 (Net ID: 00:06:25:DA:3E:86)33.6170672,-111.90564645297056
2023-05-12 02:51:22Malicious Co-Hosted SiteYesVirusTotal0130NoneVirusTotal [netlify.app] https://www.virustotal.com/en/domain/netlify.app/information/netlify.app
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneToddNet (Net ID: 00:01:24:F2:5E:43)37.7813933,-122.3918002
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneMobileInternet (Net ID: 00:02:B3:AE:FA:18)50.1188, 8.6843
2023-05-12 02:48:14Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Freadymag.com%2Fu2462346896%2F4244462%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bc0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bc0_IESQMMUTEX_0_303"\n "IsoScope_bc0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bc0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3008"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_bc0_ConnHashTable<3008>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_bc0_IE_EarlyTabStart_0xdec_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3008"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.106:443"\n "52.16.183.191:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "llink.to"\n "readymag.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarBAD.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB9B.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBAC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBAC.tmp]- [targetUID: 00000000-00003240]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003240]\n "CabB9A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB9A.tmp]- [targetUID: 00000000-00003240]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bc6018f44d91351.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{a4c88c9d-e909-11ed-b4ce-080027d6e927}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bc6018f44d91351.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{a4c88c9d-e909-11ed-b4ce-080027d6e927}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{a4c88c9f-e909-11ed-b4ce-080027d6e927}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df1b0105ea70f55f81.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "TarBAD.tmp" has type "data"- Location: [%TEMP%\\TarBAD.tmp]- [targetUID: 00000000-00003240]\n "CabBAC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBAC.tmp]- [targetUID: 00000000-00003240]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003008]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFCC28235309D36060.TMP" has type "data"- Location: [%TEMP%\\~DFCC28235309D36060.TMP]- [targetUID: 00000000-00003008]\n "~DF1B0105EA70F55F81.TMP" has type "data"- Location: [%TEMP%\\~DF1B0105EA70F55F81.TMP]- [targetUID: 00000000-00003008]\n "~DF4A816B7A645900CB.TMP" has type "data"- Location: [%TEMP%\\~DF4A816B7A645900CB.TMP]- [targetUID: 00000000-00003008]\n "~DF7BC6018F44D91351.TMP" has type "data"- Location: [%TEMP%\\~DF7BC6018F44D91351.TMP]- [targetUID: 00000000-00003008]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "_A4C88C9F-E909-11ED-B4CE-080027D6E927_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._A4C88C9D-E909-11ED-B4CE-080027D6E927_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AD106546-E909-11ED-B4CE-080027D6E927_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003240]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "3014XX9H.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3014XX9H.txt]- [targetUID: 00000000-00003008]\n "T4W3H708.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T4W3H708.txt]- [targetUID: 00000000-00003008]\n "urlref_httpsllink.tou_https%3A%2F%2Freadymag.com%2Fu2462346896%2F4244462%2F" has type "HTML document ASCII text"- [targetUID: N/A]\n "S9KISB1I.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S9KISB1I.txt]- [targetUID: 00000000-00003008]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003240]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "0LUJE7ZY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0LUJE7ZY.txt]- [targetUID: 00000000-00003008]\n "SWVETGDV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SWVETGDV.txt]- [targetUID: 00000000-00003008]\n "P4PAXQDE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P4PAXQDE.txt]- [targetUID: 00000000-00003008]\n "ETGUG1H9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ETGUG1H9.txt]- [targetUID: 00000000-00003008]\n "TarB9B.tmp" has type "data"- Location: [%TEMP%\\TarB9B.tmp]- [targetUID: 00000000-00003240]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003240]\n "CabB9A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB9A185.199.110.153
2023-05-12 02:45:30SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 23 20:32:58 2023 GMT Not After : Jun 21 20:32:57 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc: 59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01: 7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be: 0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa: 26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8: 92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd: c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed: 95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5: c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4: 72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c: 13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce: 3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6: be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1: ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14: 9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31: 9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02: ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60: db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23: 66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d: 1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29: 9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46: 76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb: 5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2: c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87: 99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1: d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e: cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6: 3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7: 6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e: 4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4: 1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e: 5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40: 7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71: 68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94: 83:4a:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 51:bc:8d:7a:19:49:b5:11:f4:b9:09:41:b5:bf:9e:b6:a0:1f: 30:6c:d0:86:d8:2e:1c:f6:c2:f3:8a:e9:28:07:3c:4c:1b:5d: f4:93:c1:07:2c:53:ba:36:23:93:d1:2b:ae:40:d0:d7:9a:3d: 52:13:07:ac:5a:f9:bc:8e:9a:26:48:2d:63:da:42:87:4d:b8: 79:91:2d:a5:15:c9:8f:18:d0:19:dc:82:a0:c9:2f:ff:14:7f: 6e:d9:7c:10:fd:42:c5:1f:9f:69:db:a2:e3:f6:77:ca:6b:4d: 70:8d:c7:08:12:a2:cb:2b:e2:0f:fa:b5:ad:d0:98:5b:e2:5d: 54:f6:0b:28:1a:42:4d:c5:06:75:82:0f:6a:07:8d:19:7b:08: 12:7b:65:35:ae:e0:fb:30:c6:19:89:90:6c:f3:9f:d1:68:80: fa:bb:16:fe:59:7b:6b:32:af:7b:3b:c0:6b:66:67:55:6e:9c: 27:ae:59:b7:71:9d:56:92:7b:0c:2b:27:d8:38:32:c8:ff:2f: 02:3f:56:f2:68:67:dc:8c:2f:a9:bc:e8:3a:f8:d6:0d:e4:fc: ea:65:23:2c:d6:31:a2:34:ab:8b:fc:76:7c:26:2d:87:ae:ee: a9:61:86:49:d1:02:02:98:49:50:4a:f8:24:91:f5:5d:f3:f7: 98:5f:57:37 battleb0t.xyz
2023-05-12 03:19:01WiFi Access Point NearbyNoWigle.net0030NoneBeyza (Net ID: 00:13:49:45:9F:FA)40.2024, 29.0398
2023-05-12 03:03:16Internet NameNoDNS Resolver0020Noneayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 03:01:40Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.188): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneiMGSRC.RU (Category: images) https://imgsrc.ru/main/user.php?lang=ru&user=loginlogin
2023-05-12 02:45:22Raw Data from RIRsNoipapi.co0040None{u'region_code': u'VA', u'country_tld': u'.us', u'ip': u'2600:1f18:2489:8202::c8', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'Ashburn', u'network': u'2600:1f18::/33', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 39.0469, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'AMAZON-AES', u'postal': u'20149', u'asn': u'AS14618', u'country': u'US', u'region': u'Virginia', u'longitude': -77.4903, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}2600:1f18:2489:8202::c8
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.10): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:15:05Account on External SiteNoAccount Finder0010NoneTwitter (Category: social) https://twitter.com/Battleb0tBattleb0t
2023-05-12 02:49:28Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://cyberchef.io/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32.DLL" at base 50960000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 4b910000\n "msedge.exe" loaded module "COMBASE.DLL" at base 4e5e0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 32cf0000\n "msedge.exe" loaded module "NTDLL.DLL" at base 50f80000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base 4ef60000\n "msedge.exe" loaded module "SHELL32.DLL" at base 4f1e0000\n "msedge.exe" loaded module "USER32.DLL" at base 4e450000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 4dce0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 4dce0000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base 50a10000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 4dce0000\n "msedge.exe" loaded module "KERNEL32" at base 50960000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base 4dce0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base 4dce0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base 4dce0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a002101000040c7e54df87f0000@ntdll.dll"\n "220023002101000018c7e54df87f0000@ntdll.dll"\n "19001a006de6000040c7e54df87f0000@ntdll.dll"\n "220023006de6000018c7e54df87f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4664:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:4176:304:WilStaging_02"\n "Local\\SM0:4176:120:WilError_01"\n "SM0:4176:120:WilError_01"\n "SM0:4176:304:WilStaging_02"\n "Local\\SM0:4664:120:WilError_01"\n "Local\\SM0:4664:304:WilStaging_02"\n "SM0:4664:120:WilError_01"\n "SM0:4664:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4664:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "216.239.36.178:443"\n "142.251.2.155:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00004176.00000000.77481.4EB6F000.00000002.mdmp]'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00004176"\n YARA signature for RC4 encryption matched on file "Ruleset Data"\n YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00004664]\n "ef14caa0-45b8-4340-8ce8-25763dac1526.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ef14caa0-45b8-4340-8ce8-25763dac1526.tmp]- [targetUID: 00000000-00004664]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\hyphen-data\\101.0.4906.0\\manifest.json]- [targetUID: 00000000-00004664]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004664]\n "f_00023e" has type "Web Open Font Format (Version 2) TrueType length 44300 version 1.720"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00004664]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\4664_24740021\\deny_domains.list]- [targetUID: 00000000-00004664]\n "6714d6eb-a6fb-4baa-978b-770bb059a14a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6714d6eb-a6fb-4baa-978b-770bb059a14a.tmp]- [targetUID: 00000000-00004664]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 4279879"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4664_220317772\\Filtering Rules-AA]- [targetUID: 00000000-00004664]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\hyphen-data\\101.0.4906.0\\manifest.fingerprint]- [targetUID: 00000000-00004664]\n "4b9e49a8-043a-44fa-8115-86fd2dca8e57.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4b9e49a8-043a-44fa-8115-86fd2dca8e57.tmp]- [targetUID: 00000000-00004664]\n "Session_13322605195158610" has type "data"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00001268]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4664_770442581\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004664]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00004664]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00004664]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\Trust Protection Lists\\Mu\\LICENSE]- [targetUID: 00000000-00004664]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00004664]\n "a940d667-2ab1-4f32-83c5-cd719578504a.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-4', u'name': u'Found a string that may be used as part of an injection method', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1055/011', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1055.011', u'relevance': 4, u'threat_level': 0, u'type': 2, u'description': u'"Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry location strings which can modifies auto-execute functionality', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1547/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-270', u'attck_id': u'T1547.001', u'relevance': 5, u'threat_level': 0, u'type': 2, u'description': u'Observed string:"software\\microsoft\\windows\\currentversion\\run" [Source: 00000000-00004176.00000000.77481.4EB6F000.00000002.mdmp]\n Observed string:"software\\microsoft\\windows\\currentversion\\runonce" [Source: 00000000-00004176.00000000.77481.4EB6F000.00000002.mdmp]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-143', u'name': u'Contains ability to retreive system language (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1614/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1614.001', u'relevance': 1, u'threat185.199.110.153
2023-05-12 02:57:04Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF182.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2108"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_IE_EarlyTabStart_0x280_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_ConnHashTable<2108>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2108"\n "IsoScope_83c_ConnHashTable<2108>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_83c_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "J04ZLJNG.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J04ZLJNG.txt]- [targetUID: 00000000-00002108]\n Dropped file: "SM32LH0E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SM32LH0E.txt]- [targetUID: 00000000-00002108]\n Dropped file: "QA9U9LE5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QA9U9LE5.txt]- [targetUID: 00000000-00003816]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "CabF181.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002108]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003816]\n "RecoveryStore._45126F33-4631-11ED-9DDA-080027F73AF2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "2D02C83649E3FA2E79606E9C14752B3F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\2D02C83649E3FA2E79606E9C14752B3F]- [targetUID: 00000000-00003816]\n "J04ZLJNG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J04ZLJNG.txt]- [targetUID: 00000000-00002108]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002108]\n "~DFA8CA6D99ACF67640.TMP" has type "data"- Location: [%TEMP%\\~DFA8CA6D99ACF67640.TMP]- [targetUID: 00000000-00002108]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003816]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003816]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002108]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002108]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/"\n Pattern match: "https://www.moneygeek.com"\n Pattern match: "www.moneygeek.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /insurance/health/best-cheap-health-insurance-texas/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.moneygeek.com\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/89 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'6340254340d16e0a2d1801df', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'35.229.48.116'], u'sha256': u'3915ff7b4886499db28474c559936c4f13989a8c13d55ca8942d98b74060b5bf', u'sha512': u'ba6b1d0c54260ad883d3a8f976592dfaebbbae2be1a6a847c63838eacbc4d35c133e0ffead79115d306f43850ad6025f535973fd2d6cb6dc07c902b1db39db31', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'submission_id': u'634d90f65d75c6515c6735fa', u'created_at': u'2022-10-17T17:29:26+00:00', u'filename': None}, {u'url': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'submission_id': u'6345893916c2ca0c6f6ab2fc', u'created_at': u'2022-10-11T15:18:17+00:00', u'filename': None}, {u'url': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'submission_id': u'6340254340d16e0a2d1801e0', u'created_at': u'2022-10-07T13:10:27+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-07T13:10:28+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1,35.229.48.116
2023-05-12 02:58:39Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://sofrescousa.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.65:443"\n "162.159.134.68:443"\n "142.251.215.234:443"\n "142.250.217.106:443"\n "142.251.33.72:443"\n "104.18.11.207:443"\n "157.240.19.26:443"\n "134.122.45.153:443"\n "162.159.130.71:443"\n "172.67.143.128:443"\n "142.251.33.99:443"\n "142.250.217.110:443"\n "108.177.98.154:443"\n "172.217.14.194:443"\n "142.251.215.226:443"\n "23.227.38.33:443"\n "104.17.202.53:443"\n "52.84.52.94:443"\n "104.18.40.169:443"\n "104.21.73.210:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aly.jst.ai"\n "app.sealsubscriptions.com"\n "cdn.jst.ai"\n "cdn.shopify.com"\n "cloud.goldendev.win"\n "forms.soundestlink.com"\n "maxcdn.bootstrapcdn.com"\n "monorail-edge.shopifysvc.com"\n "my.jst.ai"\n "omnisnippet1.com"\n "scripttags.jst.ai"\n "shop.app"\n "sofrescousa.com"\n "widgets.automizely.com"\n "www.goldendev.win"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3EB2.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_330_IESQMMUTEX_0_519"\n "IsoScope_330_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_330_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "IsoScope_330_IE_EarlyTabStart_0x960_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_331"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "265V7D09.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\265V7D09.txt]- [targetUID: 00000000-00003688]\n Dropped file: "FPRCNTTM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FPRCNTTM.txt]- [targetUID: 00000000-00003688]\n Dropped file: "5LPDV3VI.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5LPDV3VI.txt]- [targetUID: 00000000-00003688]\n Dropped file: "CZY0F9ZV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CZY0F9ZV.txt]- [targetUID: 00000000-00003688]\n Dropped file: "W1QY00XB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W1QY00XB.txt]- [targetUID: 00000000-00003688]\n Dropped file: "ZT5CWOJ1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZT5CWOJ1.txt]- [targetUID: 00000000-00003688]\n Dropped file: "RI0YAIE5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI0YAIE5.txt]- [targetUID: 00000000-00003688]\n Dropped file: "S400158B.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S400158B.txt]- [targetUID: 00000000-00003688]\n Dropped file: "T3A6HIO0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T3A6HIO0.txt]- [targetUID: 00000000-00003688]\n Dropped file: "Q5Y294TZ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q5Y294TZ.txt]- [targetUID: 00000000-00003688]\n Dropped file: "H37KS5W3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H37KS5W3.txt]- [targetUID: 00000000-00003688]\n Dropped file: "Y17VN9WN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y17VN9WN.txt]- [targetUID: 00000000-00003688]\n Dropped file: "G21EGNE3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\G21EGNE3.txt]- [targetUID: 00000000-00003688]\n Dropped file: "1E3MRT27.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1E3MRT27.txt]- [targetUID: 00000000-00003688]\n Dropped file: "HX819AAK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HX819AAK.txt]- [targetUID: 00000000-00003688]\n Dropped file: "L8VVD2ON.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L8VVD2ON.txt]- [targetUID: 00000000-00003688]\n Dropped file: "LXRS9H1E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LXRS9H1E.txt]- [targetUID: 00000000-00003688]\n Dropped file: "2O9VPV20.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2O9VPV20.txt]- [targetUID: 00000000-00003688]\n Dropped file: "PH9TMVHE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PH9TMVHE.txt]- [targetUID: 00000000-00003688]\n Dropped file: "Y30HZTHE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y30HZTHE.txt]- [targetUID: 00000000-00003688]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3EB1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "dwn_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpssofrescousa.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "265V7D09.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\265V7D09.txt]- [targetUID: 00000000-00003688]\n "jquery.currencies.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "FPRCNTTM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FPRCNTTM.txt]- [targetUID: 00000000-00003688]\n "5LPDV3VI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5LPDV3VI.txt]- [targetUID: 00000000-00003688]\n "CZY0F9ZV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CZY0F9ZV.txt]- [targetUID: 00000000-00003688]\n "launcher_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "W1QY00XB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W1QY00XB.txt]- [targetUID: 00000000-00003688]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003688]\n "fbevents_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ZT5CWOJ1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZT5CWOJ1.txt]- [targetUID: 00000000-00003688]\n "mwgt_4.1_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RI0YAIE5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI0YAIE5.txt]- [targetUID: 00000000-00003688]\n "load_feature-ab38017af3cf759db0af0bbd1e75229f6a189f5bf1f2db42169630998b969021_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "S400158B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S400158B.txt]- [targetUID: 00000000-00003688]\n "loader_1_.js" has type "ASCII text"- [targetUID: N/A]\n "nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiunDXbtU_1_.woff" has type "Web Open Font Format TrueType length 25168 version 1.1"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://sofrescousa.com/"\n Pattern match: "https://sofrescousa.com"\n Heuristic match: "aly.jst.ai"\n Heuristic match: "app.sealsubscriptions.com"\n Heuristic match: "cdn.jst.ai"\n Heuristic match: "cdn.shopify.com"\n Heuristic match: "forms.soundestlink.com"\n Heuristic match: "maxcdn.bootstrapcdn.com"\n Heuristic match: "monorail-edge.shopifysvc.com"\n Heuristic match: "my.jst.ai"\n Heuristic match: "omnisnippet1.com"\n Heuristic match34.74.170.74
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneaahu.xyzayhu.xyz
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050Nonepadt-1 (Net ID: 00:01:21:1F:75:30)33.336199,-111.89446440830702
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonelogitec-a028e9 (Net ID: 00:01:8E:A0:28:E8)50.1188, 8.6843
2023-05-12 03:02:26Software UsedYesTool - Wappalyzer0020NoneCloudflare Turnstilewww.ayhu.xyz
2023-05-12 02:46:42Physical LocationNoFraudguard0030NoneUnited States, South Carolina, North Charleston34.148.97.127
2023-05-12 03:13:09Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0101kvmt.github.io] https://www.openphish.com/feed.txt0101kvmt.github.io
2023-05-12 03:01:06Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.116): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:31:34Affiliate - Email AddressNoE-Mail Address Extractor0030Noneproxy@whoisprotectservice.comDomain Name: AYHA.XYZ Registry Domain ID: D293590239-CNIC Registrar WHOIS Server: whois.discount-domain.com Registrar URL: http://www.onamae.com Updated Date: 2022-04-30T16:37:38.0Z Creation Date: 2022-04-25T16:34:12.0Z Registry Expiry Date: 2024-04-25T23:59:59.0Z Registrar: GMO Internet Group, Inc. d/b/a Onamae.com Registrar IANA ID: 49 Domain Status: ok https://icann.org/epp#ok Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Registrant Organization: Whois Privacy Protection Service by onamae.com Registrant State/Province: Tokyo Registrant Country: JP Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS1.GM111.PARKLOGIC.COM Name Server: NS2.GM111.PARKLOGIC.COM DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@gmo.jp Registrar Abuse Contact Phone: +81.337709199 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayha.xyz Registry Domain ID: D293590239-CNIC Registrar WHOIS Server: whois.discount-domain.com Registrar URL: http://www.onamae.com Updated Date: 2023-04-26T06:12:30Z Creation Date: 2022-04-25T16:34:14Z Registrar Registration Expiration Date: 2023-04-25T23:59:59Z Registrar: GMO INTERNET, INC. Registrar IANA ID: 49 Registrar Abuse Contact Email: abuse@gmo.jp Registrar Abuse Contact Phone: +81.337709199 Domain Status: ok https://icann.org/epp#ok Registry Registrant ID: E4D57C1767DC8C Registrant Name: Whois Privacy Protection Service by onamae.com Registrant Organization: Whois Privacy Protection Service by onamae.com Registrant Street: 26-1 Sakuragaoka-cho Registrant Street: Cerulean Tower 11F Registrant City: Shibuya-ku Registrant State/Province: Tokyo Registrant Postal Code: 150-8512 Registrant Country: JP Registrant Phone: +81.354562560 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: proxy@whoisprotectservice.com Registry Admin ID: E4D57C3C00BE9C Admin Name: Whois Privacy Protection Service by onamae.com Admin Organization: Whois Privacy Protection Service by onamae.com Admin Street: 26-1 Sakuragaoka-cho Admin Street: Cerulean Tower 11F Admin City: Shibuya-ku Admin State/Province: Tokyo Admin Postal Code: 150-8512 Admin Country: JP Admin Phone: +81.354562560 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: proxy@whoisprotectservice.com Registry Tech ID: E4D27D6C252D99 Tech Name: Whois Privacy Protection Service by onamae.com Tech Organization: Whois Privacy Protection Service by onamae.com Tech Street: 26-1 Sakuragaoka-cho Tech Street: Cerulean Tower 11F Tech City: Shibuya-ku Tech State/Province: Tokyo Tech Postal Code: 150-8512 Tech Country: JP Tech Phone: +81.354562560 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: proxy@whoisprotectservice.com Name Server: ns1.gm111.parklogic.com Name Server: ns2.gm111.parklogic.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-04-26T06:12:30Z <<< For more information on Whois status codes, please visit https://icann.org/epp
2023-05-12 03:23:29Open TCP PortNoPulsedive0030None188.114.96.10:8080188.114.96.0/24
2023-05-12 02:44:21Co-Hosted SiteNoSSL Certificate Analyzer0020Nonewww.github.com185.199.108.153
2023-05-12 02:59:21SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Dec 13 19:16:54 2022 GMT Not After : Mar 13 19:16:53 2023 GMT Subject: CN=*.ayhu.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72: ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02: 41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31: b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d: cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94: 1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8: ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d: 38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8: 2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89: 33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1: 40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70: fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9: 72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4: 6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41: 26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7: 68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03: 83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5: 91:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.ayhu.xyz, DNS:ayhu.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Dec 13 20:16:54.437 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C8:55:7C:0B:F2:4A:D4:C9:EE:94:0C: EF:F0:9C:B6:19:B4:91:58:D6:05:71:7A:F5:C2:94:2C: 9E:8C:8E:37:13:02:21:00:C3:46:D2:16:74:93:8F:9F: 59:96:75:0B:A5:1F:5C:5A:BA:2E:0B:68:95:99:31:FD: 8E:F4:F0:AD:8C:28:9C:38 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Dec 13 20:16:54.945 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:56:36:5F:B8:65:E8:68:80:21:A3:19:B2: BC:D2:DF:5E:37:2A:78:11:0B:85:DC:F6:3B:9D:68:A0: 01:45:B2:7A:02:21:00:F7:C3:7B:2A:F6:13:73:9F:A7: 7D:92:7F:BE:68:5C:0B:AC:65:3E:D3:C0:77:63:D7:8E: 8C:49:1F:4E:78:C9:F8 Signature Algorithm: sha256WithRSAEncryption 19:28:98:d2:20:85:e1:e5:94:d2:07:4b:30:9a:e6:b6:e4:f1: ad:75:85:78:99:6b:59:96:02:40:a2:83:06:c7:f8:4b:09:6b: d8:c6:16:df:8e:4c:8d:6d:4a:1d:5a:f5:c8:a4:e3:2f:c5:9a: c2:e7:23:9f:4a:37:31:fd:55:44:73:22:2a:44:61:cf:38:41: c2:bf:84:91:0c:26:d9:7f:95:38:c2:5e:aa:df:96:5c:61:36: 99:62:0f:05:bf:92:14:5f:8a:b8:a2:35:64:d7:1c:77:57:f2: 14:f6:3d:8f:7c:2a:9d:f0:7f:5d:fa:03:91:91:47:ff:d2:1a: 85:ec:d6:48:54:87:06:a2:cf:92:72:de:97:97:3d:dc:bf:11: 68:d0:47:02:79:9f:6f:0e:40:4b:ee:a8:97:3a:1f:7e:86:fc: be:c0:35:24:74:e2:90:dc:a8:be:80:41:5d:16:68:1a:e2:f2: 91:2d:ad:23:3a:69:76:43:d0:49:f2:a4:be:8e:a3:7f:0d:0c: dc:d6:f8:b0:66:4e:c9:15:34:47:d2:92:fb:73:d0:4a:4c:2e: 53:df:fc:69:43:c4:55:ae:6f:33:b7:7f:e1:98:80:11:3e:a5: b5:ef:1b:cd:21:0c:3d:64:7d:11:08:c6:8c:70:59:7e:61:c0: ea:e4:74:3d ayhu.xyz
2023-05-12 02:44:09SSL Certificate - Issued byNoCertSpotter0010NoneC=US,O=Google Trust Services LLC,CN=GTS CA 1P5ayhu.xyz
2023-05-12 02:54:03Open TCP Port BannerNoCensys0020NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5eacee2fce86e1-ORD Content-Encoding: gzip 172.67.135.9
2023-05-12 02:46:49Co-Hosted SiteNoSSL Certificate Analyzer0030Nonenetlify.app104.196.30.220
2023-05-12 02:58:55Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://prizewon.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_1e4_IE_EarlyTabStart_0x92c_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00000484]\n "_0120F538-2ED4-11ED-979B-080027824D91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F6914A8F-2ED3-11ED-979B-080027824D91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000484]\n "GPONACP1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GPONACP1.txt]- [targetUID: 00000000-00003248]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003248]\n "RecoveryStore._F6914A8D-2ED3-11ED-979B-080027824D91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003248]\n "~DFCD2D3215CD5B7958.TMP" has type "data"- Location: [%TEMP%\\~DFCD2D3215CD5B7958.TMP]- [targetUID: 00000000-00000484]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00003248]\n "~DF3484836589E2DE35.TMP" has type "data"- Location: [%TEMP%\\~DF3484836589E2DE35.TMP]- [targetUID: 00000000-00000484]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00000484]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTBASE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEFRAME.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SSPICLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEShims.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\sqmapi.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NETAPI32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NETUTILS.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SRVCLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WKSCLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SUSPEND.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\ieproxy.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\GROOVEEX.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://prizewon.netlify.app/"\n Pattern match: "https://prizewon.netlify.app"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: https://trustpadclaim.com/ (AV positives: 18/88 scanned on 09/07/2022 18:54:04)\n URL: http://sneakerheads.cloud/ (AV positives: 2/88 scanned on 09/07/2022 18:55:54)\n URL: http://nintransfer.netlify.app/ (AV positives: 4/88 scanned on 09/07/2022 18:34:11)\n URL: http://idyllic-daifuku-b85f05.netlify.app/ (AV positives: 13/88 scanned on 09/07/2022 17:49:10)\n URL: http://blazedeyesnft.com/ (AV positives: 1/88 scanned on 09/07/2022 16:56:25)\n File SHA256: 36eb1753e832efc58da3e4cabb41889431d40148c764102779990002ba64d406 (AV positives: 25/75 scanned on 09/07/2022 02:21:27)\n File SHA256: 6f9c9c07baf531f437439e7ca85d184ad2aa50ac0fc19ae7df1a0200ee6662c1 (AV positives: 16/75 scanned on 09/02/2022 23:37:08)\n File SHA256: af8e70766c48acbad202f632a415cb626f12d4e7f79199f4fa962c5742ec013a (AV positives: 14/74 scanned on 09/01/2022 01:42:29)\n File SHA256: b826852864a22bd5a2ec0917c78324b0bf826b9e91d699a4e58143f7c5c0ff2d (AV positives: 22/74 scanned on 08/29/2022 11:54:56)\n File SHA256: 3438c53d0f0c41ec6144a95f74dc47efd13884baa23539445bc174ca0c299f51 (AV positives: 25/75 scanned on 08/27/2022 23:46:12)\n File SHA256: faa32adb3d32d68cd8bc667b146e874a96cb4469d8e5dbbe4122216b9771bd2e (Date: 11/17/2019 03:18:46)'}], u'threat_level': 0, u'size': None, u'job_id': u'6318f2cc0b9d381dff465a33', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'suspicious_identifiers': [], u'attck_id': u'T1083', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'File and Directory Discovery', u'informative_identifiers': [], u'tactic': u'Discovery', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'f47a058697e7bd050260e62793cca89181c3f1843751027258c6005091b1159d', u'sha512': u'84382d77818279513fffe39003de9fe34.74.170.74
2023-05-12 02:57:38Vulnerability - CVE LowYesTool - testssl.sh0210NoneCVE-2013-0169 https://nvd.nist.gov/vuln/detail/CVE-2013-0169 Score: 2.6 Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.battleb0t.xyz
2023-05-12 02:59:44Co-Hosted Site - Domain WhoisNoWhois2030NoneDomain Name: netlify.app Registry Domain ID: 2CB5C0CD0-APP Registrar WHOIS Server: whois.nic.google Registrar URL: http://www.name.com Updated Date: 2023-04-11T15:58:16Z Creation Date: 2018-05-08T22:48:05Z Registry Expiry Date: 2024-05-08T22:48:05Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Netlify Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: CA Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: US Registrant Phone: REDACTED FOR PRIVACY Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.p01.nsone.net Name Server: dns2.p01.nsone.net Name Server: dns3.p01.nsone.net Name Server: dns4.p01.nsone.net DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely for query-based, informational purposes. By querying our WHOIS database, you are agreeing to comply with these terms (https://www.registry.google/about/whois-disclaimer.html) and acknowledge that your information will be used in accordance with CRR's Privacy Policy (https://www.registry.google/about/privacy.html), so please read those documents carefully. Any information provided is "as is" without any guarantee of accuracy. You may not use such information to (a) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations; (b) enable high volume, automated, electronic processes that access the systems of CRR or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations; or (c) engage in or support unlawful behavior. CRR reserves the right to restrict or deny your access to the Whois database, and may modify these terms at any time. Domain Name: netlify.app Registry Domain ID: 2CB5C0CD0-APP Registrar WHOIS Server: whois.nic.google Registrar URL: http://www.name.com Updated Date: 2023-04-11T15:58:16Z Creation Date: 2018-05-08T22:48:05Z Registry Expiry Date: 2024-05-08T22:48:05Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: +1.7203101849 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Netlify Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: CA Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: US Registrant Phone: REDACTED FOR PRIVACY Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registry Billing ID: REDACTED FOR PRIVACY Billing Name: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Street: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Phone: REDACTED FOR PRIVACY Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: dns1.p01.nsone.net Name Server: dns2.p01.nsone.net Name Server: dns3.p01.nsone.net Name Server: dns4.p01.nsone.net DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<< For more information on Whois status codes, please visit https://icann.org/epp Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely for query-based, informational purposes. By querying our WHOIS database, you are agreeing to comply with these terms (https://www.registry.google/about/whois-disclaimer.html) and acknowledge that your information will be used in accordance with CRR's Privacy Policy (https://www.registry.google/about/privacy.html), so please read those documents carefully. Any information provided is "as is" without any guarantee of accuracy. You may not use such information to (a) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations; (b) enable high volume, automated, electronic processes that access the systems of CRR or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations; or (c) engage in or support unlawful behavior. CRR reserves the right to restrict or deny your access to the Whois database, and may modify these terms at any time. netlify.app
2023-05-12 02:46:49SSL Certificate - Raw DataNoSSL Certificate Analyzer0030NoneCertificate: Data: Version: 3 (0x2) Serial Number: 9d:49:08:08:d4:e9:44:f0:ed:d2:82:b7:e0:6b:90:98 Signature Algorithm: sha256WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA Validity Not Before: Apr 27 00:00:00 2023 GMT Not After : May 27 23:59:59 2024 GMT Subject: CN=*.cloudwaysapps.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d1:3a:67:3d:ac:93:fe:a1:38:17:a2:78:ab:33: a2:2b:b2:61:9e:b0:28:f5:b1:4b:36:8d:ac:be:b1: c0:fe:fd:0b:68:83:80:c9:b2:6b:9d:ce:40:cb:26: 30:81:2e:8f:4e:77:39:58:cb:20:c2:55:5e:20:7e: 53:22:78:e6:78:4b:04:8a:75:da:4a:51:8e:ae:c5: 7b:1a:6f:d9:5b:ee:cf:33:36:2b:2b:82:8c:3f:b8: 39:3e:ff:79:43:92:54:ec:54:d0:bf:11:c0:cd:11: b1:92:f3:c3:cd:cc:a8:82:83:49:22:4d:4a:5e:05: 4b:3f:17:54:c9:df:81:d5:41:55:ad:33:2b:a8:09: 08:7f:43:35:1d:1c:dd:5a:53:87:bf:e3:84:b1:0d: 90:8d:c9:d7:3f:49:88:74:31:7a:b1:b0:e7:b3:d9: 25:22:dd:3d:3f:9f:60:d3:32:fe:f8:e6:52:22:4b: db:21:12:b2:be:42:9c:9a:9f:bb:dc:74:11:17:4a: 63:9f:64:98:d9:12:4a:30:4c:41:ce:02:25:3c:32: b3:70:72:ea:0c:c3:d1:97:6c:cf:f1:37:08:77:34: 63:17:f5:f8:ad:16:1a:eb:8c:b1:aa:63:18:20:3b: 38:58:f9:e1:92:9a:3b:73:9b:93:2b:b7:f8:4c:52: 14:d5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1 X509v3 Subject Key Identifier: C9:A4:B7:DE:EA:0B:C6:29:AD:C2:08:FF:9A:8D:BB:00:2C:61:53:C2 X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.2.7 CPS: https://sectigo.com/CPS Policy: 2.23.140.1.2.1 Authority Information Access: CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt OCSP - URI:http://ocsp.sectigo.com X509v3 Subject Alternative Name: DNS:*.cloudwaysapps.com, DNS:cloudwaysapps.com CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Apr 27 08:49:21.510 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:54:5F:22:AA:E5:91:D8:97:BC:1A:12:E0: 0D:19:AD:B4:23:74:C7:19:0B:C4:40:FB:51:89:5B:39: 3E:C4:C1:CC:02:21:00:DD:E6:D8:AC:B4:ED:A2:F3:9F: C5:81:F6:57:5C:08:09:CE:A0:CE:8E:00:A3:67:0E:10: B5:84:4C:5D:F0:6B:A3 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70: 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB Timestamp : Apr 27 08:49:21.600 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:9D:80:77:45:D7:5E:B4:81:61:12:02: 29:B7:09:6D:AA:A8:EE:C0:C9:01:FE:75:B3:DD:F0:06: DC:3E:42:DF:D0:02:21:00:F3:29:18:40:3E:1C:7B:74: 47:39:A3:57:7F:3D:0C:BE:90:CC:A8:A1:A7:11:FB:28: 6B:3A:89:A0:1D:92:A4:B6 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2: 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B Timestamp : Apr 27 08:49:21.550 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:7C:D6:D7:21:C2:B8:D3:3C:1A:E2:29:5D: A7:78:9A:B9:61:1E:8F:1D:0D:45:66:77:67:5A:0C:C3: 73:FD:9F:2E:02:20:1B:D9:E7:E8:46:D6:95:23:C8:69: C9:B7:FD:00:71:38:3D:72:E8:26:CA:93:39:E1:22:47: 44:C3:7B:B6:58:C7 Signature Algorithm: sha256WithRSAEncryption c2:e5:27:b1:49:8d:0c:b8:23:cc:ad:af:a2:37:17:1f:51:5f: 10:2b:2e:2c:a5:d0:39:c9:d2:53:1f:0e:b5:e4:c2:19:75:77: 48:c8:b8:2e:d8:97:35:66:1c:7f:72:90:0f:1a:b8:3a:65:bd: 9f:90:0c:35:2b:9e:fa:54:ce:78:18:0b:07:4e:0e:d6:da:2d: b2:8b:53:d5:da:55:08:c8:37:85:a6:8b:12:14:78:6a:d5:51: 7e:f7:58:58:6a:f4:59:0c:a3:31:26:2d:fd:1a:fe:da:d0:05: 5d:26:d1:01:9e:67:1c:9c:4d:2b:07:03:e0:1f:19:40:76:89: 3d:9f:ba:6c:0c:01:c7:12:04:82:d0:3c:b5:b0:6c:8c:48:af: 91:80:42:07:ba:a0:18:f2:c7:57:76:34:05:a4:b2:7b:9f:cd: f2:57:04:13:8a:15:7b:e3:78:fd:cc:f9:fb:3e:ee:46:57:be: a8:be:94:c1:0c:96:ec:10:93:e0:36:2d:91:5c:a3:c9:e4:2d: 7c:ba:e9:51:8b:91:a0:77:08:a8:df:48:5b:6f:72:7a:d3:ed: ad:97:85:76:71:19:18:df:9e:f7:1b:82:3f:24:cc:75:af:96: 74:0e:15:b3:cc:fb:a8:3c:e6:07:2b:89:aa:f9:0a:70:0d:02: b5:99:9c:87 64.226.81.43
2023-05-12 03:01:34Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.105): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:08:46Affiliate - IP AddressNoDNS Look-aside1030None104.196.30.216104.196.30.220
2023-05-12 02:53:11Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.infura-ipfs.io/sharepoint.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "IsoScope_de8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_de8_IE_EarlyTabStart_0x8b0_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_de8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_de8_ConnHashTable<3560>_HashTable_Mutex"\n "IsoScope_de8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3560"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_de8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.80.64.45:443"\n "209.94.90.1:443"\n "185.199.109.153:443"\n "69.16.175.10:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link"\n "bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.infura-ipfs.io"\n "code.jquery.com"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfee8339b462d85023.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c8fced47-ece3-11ed-b5bc-0800279f3332}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4135609b0254a2dd.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c8fced49-ece3-11ed-b5bc-0800279f3332}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfee8339b462d85023.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c8fced47-ece3-11ed-b5bc-0800279f3332}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c8fced49-ece3-11ed-b5bc-0800279f3332}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4135609b0254a2dd.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "sharepoint_2_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "fontawesome-webfont_3_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "Cab387B.tmp" has type "data"- Location: [%TEMP%\\Cab387B.tmp]- [targetUID: 00000000-00003120]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003560]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF95F11EBB1A557328.TMP" has type "data"- Location: [%TEMP%\\~DF95F11EBB1A557328.TMP]- [targetUID: 00000000-00003560]\n "~DF4135609B0254A2DD.TMP" has type "data"- Location: [%TEMP%\\~DF4135609B0254A2DD.TMP]- [targetUID: 00000000-00003560]\n "~DFC782EAE3F96BDD8E.TMP" has type "data"- Location: [%TEMP%\\~DFC782EAE3F96BDD8E.TMP]- [targetUID: 00000000-00003560]\n "~DFEE8339B462D85023.TMP" has type "data"- Location: [%TEMP%\\~DFEE8339B462D85023.TMP]- [targetUID: 00000000-00003560]\n "RecoveryStore._C8FCED47-ECE3-11ED-B5BC-0800279F3332_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C8FCED49-ECE3-11ED-B5BC-0800279F3332_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "_D2333118-ECE3-11ED-B5BC-0800279F3332_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003120]\n "BX9T8Y4S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BX9T8Y4S.txt]- [targetUID: 00000000-00003560]\n "UK2REO93.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UK2REO93.txt]- [targetUID: 00000000-00003560]\n "7NLF2DJG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7NLF2DJG.txt]- [targetUID: 00000000-00003560]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003120]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "2N428A4N.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2N428A4N.txt]- [targetUID: 00000000-00003560]\n "sharepoint_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "CTXLPLXJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CTXLPLXJ.txt]- [targetUID: 00000000-00003560]\n "2OBJD0QQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2OBJD0QQ.txt]- [targetUID: 00000000-00003560]\n "L7SEJ68Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L7SEJ68Q.txt]- [targetUID: 00000000-00003560]\n "urlref_httpsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.infura-ipfs.iosharepoint.html" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "Cab22DC.tmp" has type "data"- Location: [%TEMP%\\Cab22DC.tmp]- [targetUID: 00000000-00003120]\n "Cab22ED.tmp" has type "data"- Location: [%TEMP%\\Cab22ED.tmp]- [targetUID: 00000000-00003120]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003120]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Window185.199.109.153
2023-05-12 03:12:10Affiliate Description - CategoryNoDuckDuckGo0050NoneWOT Services , community of volunteer users ranking website reputation.baffin.netcraft.com
2023-05-12 02:54:44Open TCP PortNoCensys0030None35.229.48.116:44335.229.48.116
2023-05-12 03:09:43Affiliate - Internet NameNoDNS Resolver0040None122.97.148.34.bc.googleusercontent.com34.148.97.122
2023-05-12 02:44:06Internet NameNoCertSpotter28010Nonenwapi2.battleb0t.xyzbattleb0t.xyz
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0050Nonecf-ray: 7c5f60721cb70f8d-EWR{"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:23 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:23 GMT", "cf-ray": "7c5f60721cb70f8d-EWR", "content-type": "text/css", "x-frame-options": "DENY"}
2023-05-12 02:45:24Physical LocationNoipapi.co1030NoneFrankfurt am Main, Hesse, HE, Germany, DE64.226.81.43
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.56): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:46:42SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 14 17:33:43 2023 GMT Not After : Apr 14 17:33:42 2023 GMT Subject: CN=funny.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96: e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57: f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f: 0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a: 5c:c8:f0:96:d7 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:funny.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 35:8e:ad:47:f4:d5:0c:35:7b:16:d0:9b:94:a8:b1:26:20:fb: c5:de:a5:93:db:57:19:e0:12:90:43:82:bc:d6:2f:43:eb:2e: 4c:de:6a:4e:5a:f7:3a:69:b4:d3:79:d5:3c:fc:10:95:09:06: 01:1c:46:7d:6d:7c:be:7f:a8:01:e3:93:44:8e:bd:bd:0d:b0: bd:c9:0f:53:30:c3:5b:43:1c:de:0d:db:29:b4:9c:76:9a:cb: 51:4b:06:1b:20:dd:ec:e9:a2:bf:56:76:bf:92:0c:eb:70:70: 9b:b4:4a:4f:2d:37:e0:34:a0:a3:ff:13:86:8a:79:7e:16:1e: 8e:c6:82:ca:0f:96:f3:8a:2f:c4:0b:aa:a8:ac:55:f4:88:40: e0:16:cf:a7:dc:c0:30:00:8e:a5:37:c8:bd:86:e7:c9:7f:a2: 43:a8:8f:4d:72:0e:2a:78:36:4d:70:de:f4:63:fb:7a:69:dd: eb:ae:02:25:ec:2e:30:97:68:f6:5a:d7:e8:b6:58:95:b6:c1: cc:b3:c2:25:09:9a:c8:a4:d7:3d:29:63:7c:34:a0:fc:c2:d0: 5c:94:37:dd:b4:c4:b6:03:3f:3d:50:00:5d:5e:7b:c9:e9:6b: 3d:db:2e:3d:c8:b1:34:d0:37:5f:80:1d:38:7f:1c:95:f3:da: c4:21:7d:17 battleb0t.xyz
2023-05-12 02:59:49Affiliate - Email AddressNoE-Mail Address Extractor0020Nonecarymolinaro12@gmail.com[{"platform": "Chrome", "version": "2.1", "data": {"entrypoints": {"window.addEventListener": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jstorage.min.js": [14, 15]}, "chrome.tabs.query": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [59, 82], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/popup.js": [13], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [34, 49]}, "chrome.runtime.onMessage": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/content.js": [367], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [4], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [21]}}, "risk": {"webstore": {"website": 1, "last_updated": 2, "users": 1, "address": 1, "total": 7, "support_site": 1, "rating_users": 1}, "retire": {"total": 110, "medium": 100, "low": 10}, "permissions": {"total": 30}, "total": 524, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "metadata": {}}, "extcalls": ["https://s.click.aliexpress.com/deep_link.htm?aff_short_key=_DClxvSL&dl_target_url=", "https://www.ebay.", "http://www.dropshipping-ebay.com", "https://", "https://www.google.com/analytics/web/inpage/pub/inpage.js?", "https://ssl.google-analytics.com/j/__utm.gif", "http://www.google-analytics.com", "https://www.google.%/ads/ga-audiences?", "http://www.google.com/"], "retire": [{"results": [{"detection": "filename", "vulnerabilities": [{"info": ["https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "2432", "summary": "3rd party CORS request may execute"}, "severity": "medium"}, {"info": ["https://bugs.jquery.com/ticket/11974", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "11974", "summary": "parseHTML() executes scripts in event handlers"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"], "identifiers": {"CVE": ["CVE-2019-11358"], "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11022"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11023"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://github.com/jquery/jquery.com/issues/162"], "identifiers": {"summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates"}, "severity": "low"}], "version": "2.2.4.min", "component": "jquery"}], "file": "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jquery-2.2.4.min.js"}], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "ohfgljdgelakfkefopgklcohadegdpjf": {"rating": 4.65096, "users": 3000000, "platform": "", "short_description": "Easy-to-use PDF tools to Edit, Convert, Merge, Split and Compress PDF files.", "icon": "https://lh3.googleusercontent.com/JeGWeZiGxLb3KWGAn6FWnAjCyJDsmC7lu_O_x-h8TpDGQRa_VBnOhh-Uxh_XocOgczrfiPO_hzR_MDCleFQJeyiMwg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2865, "name": "Smallpdf - Edit, Compress and Convert PDF"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "icnekagcncdgpdnpoecofjinkplbnocm": {"rating": 4.4411764, "users": 2000000, "platform": "", "short_description": "Read articles without distractions - use reader view. Make your reading process exceptional.", "icon": "https://lh3.googleusercontent.com/YBio0Hy33x3naSYfOCJBEMCntZexQLygzl17tRtLkxQXhR6esY8BtGoe7tgYNDmg3ZYAC2iTrQBdY-NVWXivPsn6r5A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34, "name": "Easyview Reader view"}, "fejgiddmdpgdmhhdjbophmflidmdpgdi": {"rating": 4.3333335, "users": 2000000, "platform": "", "short_description": "Increase audio volume up to 600% from the maximum! Boost your sound", "icon": "https://lh3.googleusercontent.com/0LHATIT-6LW9AX2Yy9uzoPDenL7TkUN-C_nsXHx9fODi7cQCp97p20zVArwcsk4UcocYknKLTd5Wyr6y4iW1q5T3hWE=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Volume Booster Plus"}, "efaidnbmnnnibpcajpcglclefindmkaj": {"rating": 4.290437, "users": 10000000, "platform": "", "short_description": "Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.", "icon": "https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34937, "name": "Adobe Acrobat: PDF edit, convert, sign tools"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "bpconcjcammlapcogcnnelfmaeghhagj": {"rating": 4.6261697, "users": 1000000, "platform": "", "short_description": "Record screencasts - record video from your screen. Screen Capture FULL Web page or any part. Edit screenshots.", "icon": "https://lh3.googleusercontent.com/VOnmhiXEBw4cIinxoJYNVSdqWr-xOchHol4frxQCitlE2mmsh1TByQ2zYNDv8sdyEP0lNrmwY4_FOi64MV1WQCnRS6U=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 16882, "name": "Nimbus Screenshot & Screen Video Recorder"}, "admmjipmmciaobhojoghlmleefbicajg": {"rating": 3.0946643, "users": 4000000, "platform": "", "short_description": "A cloud-based password manager that makes it easy to log in to your favorite sites.", "icon": "https://lh3.googleusercontent.com/uJX-GTxk93n7vQYuG55g9ULQFUknftFjN3ZAjbObhTQ3DIQlDHrcVfgfw7sLBpvSQDSl_Kv10WqpB1HvNUg9nWF_YQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1162, "name": "Norton Password Manager"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "bkkbcggnhapdmkeljlodobbkopceiche": {"rating": 4.7756734, "users": 2000000, "platform": "", "short_description": "Block popups, ads, cookie requests, trackers, notifications, ads on social media & more. A clean browsing experience starts today.", "icon": "https://lh3.googleusercontent.com/R9P6olNFUIkjebO_S6vG-1SulDiFYNVgtI8U-r3rm9Gq6TI__wd5ZIdeMxEB_9jL01MmRJve7CI28HLY18dJUOFibJs=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 80784, "name": "Pop up blocker for Chrome\u2122 - Poper Blocker"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "mlomiejdfkolichcflejclcbmpeaniij": {"rating": 4.6202865, "users": 2000000, "platform": "", "short_description": "Ghostery is a powerful privacy extension. Block ads, stop trackers and speed up websites.", "icon": "https://lh3.googleusercontent.com/CpXOKuccvzh9oCG7G6NLr5nAvqUEdMLgfqWsYrKR92loF74N42s1B6LPtolnoVJphyP7WMTOtQRY7eAb2v61x1tOmQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 12836, "name": "Ghostery \u2013 Privacy Ad Blocker"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "fjgncogppolhfdpijihbpfmeohpaadpc": {"rating": 4.473016, "users": 2000000, "platform": "", "short_description": "Fast, one-click access to millions of research papers.", "icon": "https://lh3.googleusercontent.com/orDWHjYrSVYleMvmm7KTV9GHN_DcjWfOUKP6MVQ-JxjaW3BUF61B9Z2gPU__qY23z764gn7FLubSqYbcZZ8H_w3LJg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 315, "name": "EndNote Click - Formerly Kopernio"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you
2023-05-12 03:10:05Co-Hosted Site - Domain NameNoDNS Resolver0040Noneecash-pay.comwww.donation.ecash-pay.com
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneCableWiFi (Net ID: 00:0D:67:8C:21:AB)39.0469, -77.4903
2023-05-12 03:16:31Physical LocationNoipapi.co0030NoneFrankfurt am Main, Hesse, HE, Germany, DE207.154.228.169
2023-05-12 03:24:19Account on External SiteNoAccount Finder0080NoneGravatar (Category: images) http://en.gravatar.com/profiles/baptistevautheybaptistevauthey
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040Nonexfinitywifi (Net ID: 00:0D:67:65:A6:FB)32.8608, -79.9746
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2053172.67.135.9
2023-05-12 03:03:23Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io00-evan.github.io
2023-05-12 02:55:21Open TCP PortNoCensys0030None207.154.228.169:80207.154.228.169
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/carti_3.JPGhttps://pics.battleb0t.xyz/
2023-05-12 03:03:16Internet Name - UnresolvedNoDNS Resolver0020Nonecpcalendars.ayhu.xyz[{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}]
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneSF Library (Net ID: 00:02:2D:01:53:3D)37.7642, -122.3993
2023-05-12 03:01:31Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.60): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030None<no ssid> (Net ID: 00:02:2D:03:B5:CA)37.7642, -122.3993
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneNSA (Net ID: 00:02:6F:24:1C:7D)32.8608, -79.9746
2023-05-12 03:18:06URL (Uses Javascript)NoPage Information0030Nonehttp://pics.battleb0t.xyz<!DOCTYPE html> <html> <head> <title>Funny Forehead Gallery</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script src="https://use.fontawesome.com/9dfc16ed6b.js"></script> <link rel="stylesheet" type="text/css" href="gallery.css"> <link rel="icon" type="image/png" href="/images/favicon.png"> </head> <body> <nav class = "nav navbar-inverse navbar-fixed-top"> <div class = "container"> <div class = "navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a> </div> </nav> <div class = "container"> <div class = "jumbotron"> <h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1> <p>A bunch of beautiful images!</p> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a> <a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a> </div> <div class = "row"> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/carti_3.JPG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nomnom.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/fredo.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jonas.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_1.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_2.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/master058_3.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/ein_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/reveloder.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_1.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/kappi_2.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_1.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_2.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_4.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/withat_5.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_1.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_2.jpeg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_3.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_4.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_5.png"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/random_6.PNG"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/jcqn.jpg"> </div> </div> <div class = "col-lg-4 col-sm-6"> <div class = "thumbnail"> <img src="/images/nwp.PNG"> </div> </div> </div> </body> </html>
2023-05-12 02:54:13Linked URL - InternalNoWeb Spider4020Nonehttps://battleb0t.xyz/./src/style.css?4https://battleb0t.xyz/
2023-05-12 02:50:07SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:58:43 2023 GMT Not After : Apr 27 17:58:42 2023 GMT Subject: CN=kekw.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce: 46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72: 5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc: 7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7: 3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06: 76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb: eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14: 9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9: 44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5: 19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2: 66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc: 05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50: 9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36: 95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f: a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25: 57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25: 11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb: b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d: dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10: 3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d: c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63: 71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f: 7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03: 79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47: 92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14: e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a: e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7: 99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43: 9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44: dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d: 0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6: 47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16: ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9: 41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae: 83:f7:8f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:kekw.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 21:3b:56:fc:2b:9c:93:20:c1:2c:91:09:0d:ac:90:cb:0e:5c: 72:a2:ce:e5:13:5d:8c:49:8f:a0:ab:25:c3:01:70:a2:21:9b: 8b:b6:a5:f7:63:ac:53:cb:24:a6:ea:5e:26:dc:03:0c:34:93: 73:f1:ea:e9:83:ea:f0:f1:48:6c:3f:59:c0:85:06:54:41:39: 5b:b3:26:bb:7a:96:75:79:fe:94:2f:c7:2a:70:6e:62:2c:e5: 2b:cd:c4:cc:04:db:95:58:db:1b:87:6d:b6:6d:c8:2f:59:5b: 39:ce:0c:cc:c2:81:21:d5:39:65:f4:d2:81:33:62:bc:90:85: 91:2d:26:36:92:58:81:83:eb:0d:ef:49:b4:e4:7f:d5:0e:52: 0c:52:84:c3:8e:4d:32:02:c5:1e:50:b5:40:16:c2:b6:c6:6e: 3d:81:1a:b3:79:4c:24:0d:78:1b:2a:54:25:79:64:52:43:bf: 71:af:ac:4c:51:53:d6:09:ca:97:bf:92:2f:82:52:84:26:0d: bf:e6:b9:bb:f6:11:a7:a2:20:01:a8:36:6d:46:b5:e4:bb:8e: 29:b6:1f:de:40:9e:e0:c3:15:57:b2:d7:4c:51:da:7a:e5:7e: 99:07:5f:64:ef:07:83:68:13:88:12:62:08:ba:bc:99:f4:d8: 79:5b:89:67 battleb0t.xyz
2023-05-12 03:06:53Vulnerability - CVE MediumYesTool - testssl.sh0120NoneCVE-2013-3587 https://nvd.nist.gov/vuln/detail/CVE-2013-3587 Score: 5.9 Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.185.199.111.153
2023-05-12 03:00:25Affiliate - Email AddressNoE-Mail Address Extractor0040Noneaes128-gcm@openssh.com{"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b
2023-05-12 03:18:25Account on External SiteNoAccount Finder0050NoneLinktree (Category: social) https://linktr.ee/AltpapierAltpapier
2023-05-12 02:44:45Similar DomainYesSimilar Domain Finder1010Nonebattlebot.xyzbattleb0t.xyz
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050NoneProCare-Staff (Net ID: 00:01:21:1C:31:01)37.7813933,-122.3918002
2023-05-12 02:48:08Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 20, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://185.199.110.153/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:4892:304:WilStaging_02"\n "Local\\SM0:4892:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:4892:120:WilError_01"\n "Local\\SM0:4892:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "138.91.254.96:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET / HTTP/1.1\nHost: 185.199.110.153\nConnection: keep-alive\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "githubstatus.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\shopping.js]- [targetUID: 00000000-00002988]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00002988]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2988_1618861475\\edge_driver.js]- [targetUID: 00000000-00002988]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\edge_driver.js]- [targetUID: 00000000-00002988]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2988_35760083\\Filtering Rules]- [targetUID: 00000000-00002988]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00002988]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2988_1618861475\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00002988]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002988]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\product_page.js]- [targetUID: 00000000-00002988]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002988]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\auto_open_controller.js]- [targetUID: 00000000-00002988]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2988_1618861475\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00002988]\n "tokenized-card.bundle.js" has 185.199.110.153
2023-05-12 03:08:42Affiliate - IP AddressNoDNS Look-aside0030None64.226.81.3364.226.81.43
2023-05-12 02:45:46Physical CoordinatesNoAbstractAPI0020None37.751, -97.8222606:50c0:8003::153
2023-05-12 02:53:45Open TCP PortNoCensys0020None2606:50c0:8002::153:4432606:50c0:8002::153
2023-05-12 03:12:15Affiliate - Domain WhoisNoWhois6060None Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:40:26Z Creation Date: 2018-06-27T20:51:35Z Registry Expiry Date: 2024-06-27T20:51:35Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:12:06Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: ONDIGITALOCEAN.COM Registry Domain ID: 2280019987_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2023-04-28T07:41:04Z Creation Date: 2018-06-27T20:51:35Z Registrar Registration Expiration Date: 2024-06-27T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32256 Registrant Country: US Registrant Phone: +1.5707088622 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Admin ID: Admin Name: PERFECT PRIVACY, LLC Admin Organization: Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Admin City: Jacksonville Admin State/Province: FL Admin Postal Code: 32256 Admin Country: US Admin Phone: +1.5707088622 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com Registry Tech ID: Tech Name: PERFECT PRIVACY, LLC Tech Organization: Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459 Tech City: Jacksonville Tech State/Province: FL Tech Postal Code: 32256 Tech Country: US Tech Phone: +1.5707088622 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com Name Server: KIM.NS.CLOUDFLARE.COM Name Server: WALT.NS.CLOUDFLARE.COM DNSSEC: unsigned Registrar Abuse Contact Email: domain.operations@web.com Registrar Abuse Contact Phone: +1.8777228662 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en This listing is a Network Solutions Private Registration. Mail correspondence to this address must be sent via USPS Express Mail(TM) or USPS Certified Mail(R); all other mail will not be processed. Be sure to include the registrant's domain name in the address. The data in Networksolutions.com's WHOIS database is provided to you by Networksolutions.com for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. Networksolutions.com makes this information available "as is," and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; or (2) enable high volume, automated, electronic processes that apply to Networksolutions.com (or its systems). The compilation, repackaging, dissemination or other use of this data is expressly prohibited without the prior written consent of Networksolutions.com. Networksolutions.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. ondigitalocean.com
2023-05-12 03:23:02Account on External SiteNoAccount Finder0020Noneask.fm (Category: social) https://ask.fm/ayhuayhu
2023-05-12 02:59:08Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://agretermco.com/?ud=PN6m0hZcGA8vvPdtJgFGz92gcS&e=8b2395da&h=a67b717b&f=y&p=n', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2300 -s 132" (UID: 00000000-00002136)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCDC7.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_50c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_50c_IESQMMUTEX_0_303"\n "IsoScope_50c_IESQMMUTEX_0_519"\n "IsoScope_50c_ConnHashTable<1292>_HashTable_Mutex"\n "IsoScope_50c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_50c_IE_EarlyTabStart_0xfd8_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1292"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00002136) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00001292-00000BCA-31267394\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00001292-00000BCA-31268488'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2300 -s 132" (UID: 00000000-00002136)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabCDC6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"9VHR8B4B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9VHR8B4B.txt]- [targetUID: 00000000-00001292]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002388]\n "IQO9YSQA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQO9YSQA.txt]- [targetUID: 00000000-00001292]\n "~DF08918F10D128602A.TMP" has type "data"- Location: [%TEMP%\\~DF08918F10D128602A.TMP]- [targetUID: 00000000-00001292]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001292]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001292]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001292]\n "~DFC9A238F73E498DE2.TMP" has type "data"- Location: [%TEMP%\\~DFC9A238F73E498DE2.TMP]- [targetUID: 00000000-00001292]\n "7OCETGYM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7OCETGYM.txt]- [targetUID: 00000000-00001292]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001292]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001292]\n "CabCDC6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabCDC6.tmp]- [targetUID: 00000000-00002388]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002388]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00002388]\n "61DA5DFAF74A80490B74893AB3138953" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\61DA5DFAF74A80490B74893AB3138953]- [targetUID: 00000000-00002388]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001292]\n "~DF9ACEEE1176E79600.TMP" has type "data"- Location: [%TEMP%\\~DF9ACEEE1176E79600.TMP]- [targetUID: 00000000-00001292]\n "TarCDC7.tmp" has type "data"- Location: [%TEMP%\\TarCDC7.tmp]- [targetUID: 00000000-00002388]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://agretermco.com/?ud=PN6m0hZcGA8vvPdtJgFGz92gcS&e=8b2395da&h=a67b717b&f=y&p=n"- [Source: Input]\n Pattern match: "https://agretermco.com"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 7, u'description': u'TCP traffic to 34.74.170.74 on port 443 is sent without HTTP header'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: http://fantastic-croquembouche-4fbca6.netlify.app/ (AV positives: 5/88 scanned on 08/03/2022 15:39:24)\n URL: http://fanciful-torte-7830d3.netlify.app/?naps (AV positives: 3/88 scanned on 08/03/2022 14:54:22)\n URL: https://helpful-begonia-df9d89.netlify.app/?naps (AV positives: 6/89 scanned on 08/03/2022 13:53:18)\n URL: https://jolly-hotteok-091832.netlify.app/?naps (AV positives: 4/89 scanned on 08/03/2022 13:49:20)\n URL: https://wondrous-manatee-be49bf.netlify.app/?naps (AV positives: 6/834.74.170.74
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonexfinitywifi (Net ID: 00:0D:67:33:68:60)39.0469, -77.4903
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneBudgetScottsdale (Net ID: 00:09:5B:29:02:37)33.617190550339146,-111.90827887019054
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneSSR (Net ID: 00:01:E3:51:27:11)50.1188, 8.6843
2023-05-12 03:18:49Raw File Meta DataNoFile Metadata Extractor0040None{'Image Orientation': (0x0112) Short=Rotated 90 CW @ 18}https://pics.battleb0t.xyz/images/withat_4.jpg
2023-05-12 03:10:06Malicious IP AddressYesVoIPBL OpenPBX IPs0120NoneVOIPBL Publicly Accessible PBX List [185.199.109.153] http://www.voipbl.org/update185.199.109.153
2023-05-12 02:44:27Software UsedYesTool - Wappalyzer0020NoneExpressnwapi.battleb0t.xyz
2023-05-12 02:59:53Affiliate - Email AddressNoE-Mail Address Extractor0030Nonedavid@14islands.com[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/form.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ie.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ajax.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/fx_methods.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/deferred.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/zepto.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/data.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/gesture.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/selector.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ios3.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://zeptojs.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:120:WilError_01"\n "SM0:6976:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "138.91.254.96:443"\n "185.199.110.153:443"\n "104.21.16.28:443"\n "192.30.255.116:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.github.com"\n "ghbtns.com"\n "zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<figure class="highlight"><pre><code class="language-js" data-lang="js"><span class="c1">// autolink everything that looks like a Twitter username</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")\n Found string "<span class="s1">\'$1@&lt;a href="http://twitter.com/$2"&gt;$2&lt;/a&gt;\'</span><span class="p">)</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpzeptojs.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\shopping.js]- [targetUID: 00000000-00004044]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00004072]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4044_1336506228\\edge_driver.js]- [targetUID: 00000000-00004044]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_driver.js]- [targetUID: 00000000-00004044]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004072]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004044]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\auto_open_controller.js]- [targetUID: 00000000-00004044]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004044]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00004044]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004044]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004044]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004044]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\product_page.js]- [targetUID: 00000000-00004044]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004044]\n "load_statistics.db" has type "SQLite 3.x database
2023-05-12 02:46:06SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Mar 13 12:50:47 2023 GMT Not After : Jun 11 12:50:46 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a: 3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a: 0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64: 46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17: 93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe: 36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc: 48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59: 03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74: fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53: 3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70: ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59: b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42: ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79: b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b: 32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54: 41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd: 32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4: 25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10: 3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7: 49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62: f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6: 4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5: 97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c: 11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48: bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a: 86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb: 35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5: f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1: 59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee: ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97: a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7: 5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c: 9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f: a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92: a6:63:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 3a:9c:49:d5:78:f8:ac:5a:ba:61:60:6a:4f:18:04:e8:71:47: 69:62:76:f2:cc:e1:7a:77:c4:76:2d:14:ad:8a:51:f0:c8:e8: f9:38:53:48:90:b9:69:2e:c4:f1:18:37:86:86:25:90:2d:e5: dd:87:c3:e4:30:76:38:c5:2d:b9:29:35:8f:95:4f:0a:47:25: 94:fe:7d:19:c2:82:cf:f4:d6:6f:2b:05:f9:ef:21:99:a0:d9: 36:83:ad:ba:2a:71:8c:ce:04:55:e9:a3:ae:0f:98:dd:33:3e: 45:9e:26:1e:62:2f:e5:b0:c1:a2:6e:6b:64:03:05:91:c5:ca: 50:6d:e8:c1:41:d8:07:0e:25:58:e8:76:72:9e:b3:02:79:6d: 1c:be:17:b1:a7:32:cd:3e:e0:3c:2c:87:d6:3f:c4:48:c0:a3: 08:59:a0:4e:0f:07:7f:61:15:d7:87:60:df:16:46:c9:31:1c: 35:61:49:d1:30:f6:df:8b:a1:f3:b4:55:7d:23:f2:7e:02:d1: 77:34:24:b1:27:08:2c:2f:5f:8e:75:03:e6:17:9c:33:bc:f3: b6:45:1b:5b:14:7b:ab:6c:5f:cc:d8:bb:78:b2:59:03:74:72: 01:65:2e:6e:c2:e6:b0:7e:32:e9:3b:23:f0:2f:a8:b0:4a:66: 8f:c0:d5:69 battleb0t.xyz
2023-05-12 02:44:03UsernameNoSpiderFoot UI0000NoneKekwltd"Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz
2023-05-12 03:24:50CountryNoCountry Name Extractor0040NoneCocos Islandsrathook.cc
2023-05-12 03:18:58WiFi Access Point NearbyNoWigle.net0050NoneHPN (Net ID: 00:0C:41:76:71:40)33.6170672,-111.90564645297056
2023-05-12 02:56:15Non-Standard HTTP HeaderNoStrange Header Identifier0040Nonex-fastly-request-id: 81f392d6f8601ba9f7017cc835b0845172eec1e9{"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"}
2023-05-12 02:54:19Web ContentNoWeb Spider0040None/* MIT License Copyright (c) 2017 Pavel Dobryakov Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ 'use strict'; // Mobile promo section const promoPopup = document.getElementsByClassName('promo')[0]; const promoPopupClose = document.getElementsByClassName('promo-close')[0]; if (isMobile()) { setTimeout(() => { promoPopup.style.display = 'table'; }, 20000); } promoPopupClose.addEventListener('click', e => { promoPopup.style.display = 'none'; }); const appleLink = document.getElementById('apple_link'); appleLink.addEventListener('click', e => { ga('send', 'event', 'link promo', 'app'); window.open('https://apps.apple.com/us/app/fluid-simulation/id1443124993'); }); const googleLink = document.getElementById('google_link'); googleLink.addEventListener('click', e => { ga('send', 'event', 'link promo', 'app'); window.open('https://play.google.com/store/apps/details?id=games.paveldogreat.fluidsimfree'); }); // Simulation section const canvas = document.getElementsByTagName('canvas')[0]; resizeCanvas(); let config = { SIM_RESOLUTION: 128, DYE_RESOLUTION: 1024, CAPTURE_RESOLUTION: 512, DENSITY_DISSIPATION: 1, VELOCITY_DISSIPATION: 0.2, PRESSURE: 0.8, PRESSURE_ITERATIONS: 20, CURL: 30, SPLAT_RADIUS: 0.25, SPLAT_FORCE: 6000, SHADING: true, COLORFUL: true, COLOR_UPDATE_SPEED: 10, PAUSED: false, BACK_COLOR: { r: 0, g: 0, b: 0 }, TRANSPARENT: false, BLOOM: true, BLOOM_ITERATIONS: 8, BLOOM_RESOLUTION: 256, BLOOM_INTENSITY: 0.8, BLOOM_THRESHOLD: 0.6, BLOOM_SOFT_KNEE: 0.7, SUNRAYS: true, SUNRAYS_RESOLUTION: 196, SUNRAYS_WEIGHT: 1.0, } function pointerPrototype () { this.id = -1; this.texcoordX = 0; this.texcoordY = 0; this.prevTexcoordX = 0; this.prevTexcoordY = 0; this.deltaX = 0; this.deltaY = 0; this.down = false; this.moved = false; this.color = [30, 0, 300]; } let pointers = []; let splatStack = []; pointers.push(new pointerPrototype()); const { gl, ext } = getWebGLContext(canvas); if (isMobile()) { config.DYE_RESOLUTION = 512; } if (!ext.supportLinearFiltering) { config.DYE_RESOLUTION = 512; config.SHADING = false; config.BLOOM = false; config.SUNRAYS = false; } startGUI(); function getWebGLContext (canvas) { const params = { alpha: true, depth: false, stencil: false, antialias: false, preserveDrawingBuffer: false }; let gl = canvas.getContext('webgl2', params); const isWebGL2 = !!gl; if (!isWebGL2) gl = canvas.getContext('webgl', params) || canvas.getContext('experimental-webgl', params); let halfFloat; let supportLinearFiltering; if (isWebGL2) { gl.getExtension('EXT_color_buffer_float'); supportLinearFiltering = gl.getExtension('OES_texture_float_linear'); } else { halfFloat = gl.getExtension('OES_texture_half_float'); supportLinearFiltering = gl.getExtension('OES_texture_half_float_linear'); } gl.clearColor(0.0, 0.0, 0.0, 1.0); const halfFloatTexType = isWebGL2 ? gl.HALF_FLOAT : halfFloat.HALF_FLOAT_OES; let formatRGBA; let formatRG; let formatR; if (isWebGL2) { formatRGBA = getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, halfFloatTexType); formatRG = getSupportedFormat(gl, gl.RG16F, gl.RG, halfFloatTexType); formatR = getSupportedFormat(gl, gl.R16F, gl.RED, halfFloatTexType); } else { formatRGBA = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType); formatRG = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType); formatR = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType); } ga('send', 'event', isWebGL2 ? 'webgl2' : 'webgl', formatRGBA == null ? 'not supported' : 'supported'); return { gl, ext: { formatRGBA, formatRG, formatR, halfFloatTexType, supportLinearFiltering } }; } function getSupportedFormat (gl, internalFormat, format, type) { if (!supportRenderTextureFormat(gl, internalFormat, format, type)) { switch (internalFormat) { case gl.R16F: return getSupportedFormat(gl, gl.RG16F, gl.RG, type); case gl.RG16F: return getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, type); default: return null; } } return { internalFormat, format } } function supportRenderTextureFormat (gl, internalFormat, format, type) { let texture = gl.createTexture(); gl.bindTexture(gl.TEXTURE_2D, texture); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MIN_FILTER, gl.NEAREST); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MAG_FILTER, gl.NEAREST); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_S, gl.CLAMP_TO_EDGE); gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_T, gl.CLAMP_TO_EDGE); gl.texImage2D(gl.TEXTURE_2D, 0, internalFormat, 4, 4, 0, format, type, null); let fbo = gl.createFramebuffer(); gl.bindFramebuffer(gl.FRAMEBUFFER, fbo); gl.framebufferTexture2D(gl.FRAMEBUFFER, gl.COLOR_ATTACHMENT0, gl.TEXTURE_2D, texture, 0); let status = gl.checkFramebufferStatus(gl.FRAMEBUFFER); return status == gl.FRAMEBUFFER_COMPLETE; } function startGUI () { var gui = new dat.GUI({ width: 300 }); gui.add(config, 'DYE_RESOLUTION', { 'high': 1024, 'medium': 512, 'low': 256, 'very low': 128 }).name('quality').onFinishChange(initFramebuffers); gui.add(config, 'SIM_RESOLUTION', { '32': 32, '64': 64, '128': 128, '256': 256 }).name('sim resolution').onFinishChange(initFramebuffers); gui.add(config, 'DENSITY_DISSIPATION', 0, 4.0).name('density diffusion'); gui.add(config, 'VELOCITY_DISSIPATION', 0, 4.0).name('velocity diffusion'); gui.add(config, 'PRESSURE', 0.0, 1.0).name('pressure'); gui.add(config, 'CURL', 0, 50).name('vorticity').step(1); gui.add(config, 'SPLAT_RADIUS', 0.01, 1.0).name('splat radius'); gui.add(config, 'SHADING').name('shading').onFinishChange(updateKeywords); gui.add(config, 'COLORFUL').name('colorful'); gui.add(config, 'PAUSED').name('paused').listen(); gui.add({ fun: () => { splatStack.push(parseInt(Math.random() * 20) + 5); } }, 'fun').name('Random splats'); let bloomFolder = gui.addFolder('Bloom'); bloomFolder.add(config, 'BLOOM').name('enabled').onFinishChange(updateKeywords); bloomFolder.add(config, 'BLOOM_INTENSITY', 0.1, 2.0).name('intensity'); bloomFolder.add(config, 'BLOOM_THRESHOLD', 0.0, 1.0).name('threshold'); let sunraysFolder = gui.addFolder('Sunrays'); sunraysFolder.add(config, 'SUNRAYS').name('enabled').onFinishChange(updateKeywords); sunraysFolder.add(config, 'SUNRAYS_WEIGHT', 0.3, 1.0).name('weight'); let captureFolder = gui.addFolder('Capture'); captureFolder.addColor(config, 'BACK_COLOR').name('background color'); captureFolder.add(config, 'TRANSPARENT').name('transparent'); captureFolder.add({ fun: captureScreenshot }, 'fun').name('take screenshot'); let github = gui.add({ fun : () => { window.open('https://github.com/PavelDoGreat/WebGL-Fluid-Simulation'); ga('send', 'event', 'link button', 'github'); } }, 'fun').name('Github'); github.__li.className = 'cr function bigFont'; github.__li.style.borderLeft = '3px solid #8C8C8C'; let githubIcon = document.createElement('span'); github.domElement.parentElement.appendChild(githubIcon); githubIcon.className = 'icon github'; let twitter = gui.add({ fun : () => { ga('send', 'event', 'link button', 'twitter'); window.open('https://twitter.com/PavelDoGreat'); } }, 'fun').name('Twitter'); twitter.__li.className = 'cr function bigFont'; twitter.__li.style.borderLeft = '3px solid #8C8C8C'; let twitterIcon = document.createElement('span'); twitter.domElement.parentElement.appendChild(twitterIcon); twitterIcon.className = 'icon twitter'; let discord = gui.add({ fun : () => { ga('send', 'event', 'link button', 'discord'); window.open('https://discordapp.com/invite/CeqZDDE'); } }, 'fun').name('Discord'); discord.__li.className = 'cr function bigFont'; discord.__li.style.borderLeft = '3px solid #8C8C8C'; let discordIcon = document.createElement('span'); discord.domElement.parentElement.appendChild(discordIcon); discordIcon.className = 'icon discord'; let app = gui.add({ fun : () => { ga('send', 'event', 'link button', 'app'); window.open('http://onelink.to/5b58bn'); } }, 'fun').name('Check out mobile app'); app.__li.className = 'cr function appBigFont'; app.__li.style.borderLeft = '3px solid #00FF7F'; let appIcon = document.createElement('span'); app.domElement.parentElement.appendChild(appIcon); appIcon.className = 'icon app'; if (isMobile()) gui.close(); } function isMobile () { return /Mobi|Android/i.test(navigator.userAgent); } function captureScreenshot () { let res = getResolution(config.CAPTURE_RESOLUTION); let target = createFBO(res.width, res.height, ext.formatRGBA.internalForhttps://fluid.battleb0t.xyz/./script.js
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050NoneThomasWirelessNetwork (Net ID: 00:0D:3A:2C:F8:2D)39.0469, -77.4903
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneSitecomD86B30 (Net ID: 00:0C:F6:D8:6B:30)50.8897, 6.0563
2023-05-12 02:56:07Raw Data from RIRsNoHybrid Analysis0030None[{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://cakrakembang-hotel.com/wp-admin/ms-footer/28390012/fguy3d273d723482345d/r1.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wm50098748930309454ft456.netlify.app/index.htm#icoh%40inail.it%26data%3D05%7C01%7Cioc%40inail.it%7C98d23947704a4d7f239f08dac8a747e7%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638042919755577393%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cakrakembang-hotel.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.htm HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index.htm HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /index_files/style_v2_optimized.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index_files/style_v2_optimized.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /index_files/open_sans.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index_files/open_sans.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /index_files/webmail-logo.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index_files/webmail-logo.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-BoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-BoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192032/unprotected/cpanel/fonts/open_sans/OpenSans-Italic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicat104.196.30.220
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None0000cap.github.io185.199.111.153
2023-05-12 03:17:44Account on External SiteNoAccount Finder0010NonePronouns.Page (Category: social) https://pronouns.page/api/profile/get/_BattleB0t_?version=2_BattleB0t_
2023-05-12 02:44:15Software UsedYesTool - Wappalyzer0020NonePatreonnwapi2.battleb0t.xyz
2023-05-12 03:13:02Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [0.github.io] https://www.openphish.com/feed.txt0.github.io
2023-05-12 02:56:50Internet NameNoDNS Resolver0020Nonefluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 13:23:04 2022 GMT Not After : Feb 15 13:23:03 2023 GMT Subject: CN=fluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a: ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73: 1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1: f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00: 78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39: 10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7: b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3: 5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39: 57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08: 2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a: 22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d: c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26: f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87: e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a: 2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70: bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e: 32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03: a2:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:fluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 14:23:04.766 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D4:53:59:2F:EB:FF:FB:09:BA:76:BB: E9:A4:81:C3:B1:93:13:10:22:54:A7:54:1C:46:19:3B: 6F:1B:01:CB:65:02:21:00:BB:AD:59:07:F2:64:D8:C4: FA:7C:E2:49:2B:E4:9B:86:A7:0D:4A:BE:2B:43:0F:BA: C2:73:EA:C3:69:47:E2:C3 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Nov 17 14:23:04.781 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:97:4D:DC:2F:D1:9B:1A:BE:09:EC:A2: 59:20:1E:95:7C:4B:C9:87:AC:96:9A:C3:4F:C0:0E:23: 4F:BC:16:AA:14:02:21:00:B1:07:3B:2C:0B:51:21:34: 74:50:BD:8C:B3:BE:A9:50:07:9B:F0:85:AB:3F:69:A1: 3D:6A:46:9D:88:A6:9A:89 Signature Algorithm: sha256WithRSAEncryption ad:f7:33:43:81:f3:8d:21:44:85:e2:84:76:49:bc:87:f0:51: 96:b7:88:05:55:85:b8:e1:90:97:3e:c1:69:16:a8:c5:f1:39: 0d:d1:5f:8d:38:e4:0d:8b:e6:47:2a:f6:40:63:03:2b:f0:1f: be:f8:b1:82:61:91:3b:03:b0:69:20:b4:dc:30:8c:89:f3:1c: 58:10:34:d9:81:b9:21:67:93:a8:46:92:4c:c7:e9:dc:76:7f: 5b:fc:b0:d2:dc:de:8d:94:c5:6b:c4:40:90:a8:e8:74:62:d2: e6:1b:be:60:7f:96:01:c1:48:4a:c7:bd:8c:53:d2:a6:cf:88: fa:4c:5d:6b:ed:42:b0:75:30:19:73:a0:d5:65:1d:45:1e:70: 23:da:e7:c5:31:6f:12:d3:54:2e:a3:91:e2:56:46:67:fd:10: 01:29:6e:69:67:d8:1f:99:c8:35:4f:2e:14:20:7c:c8:7b:86: d6:ea:ed:96:56:81:0a:9f:3d:c7:d8:52:97:ea:0d:0a:ae:e6: ce:93:f5:1e:0e:18:81:98:ef:d7:e3:a1:ab:63:09:30:4f:8f: f5:0c:92:d0:84:ce:09:f8:71:10:dd:91:6b:72:67:70:ee:47: d4:69:c2:95:9e:55:af:5a:cf:d9:19:cf:5f:f9:37:c3:6b:53: ee:53:f7:4b
2023-05-12 02:44:41Affiliate - Internet NameNoDNS Resolver0030None127.97.148.34.bc.googleusercontent.com34.148.97.127
2023-05-12 03:22:23Account on External SiteNoAccount Finder0020NoneSpotify (Category: music) https://open.spotify.com/user/battleb0tbattleb0t
2023-05-12 03:18:59WiFi Access Point NearbyNoWigle.net0050NoneAllstate 5G (Net ID: 00:02:6F:F8:0A:41)33.617190550339146,-111.90827887019054
2023-05-12 02:56:16Raw Data from RIRsNoHybrid Analysis1030None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://macinstruct.sertfidancilik.com/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2434.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.7.33:443"\n "65.8.165.119:443"\n "104.196.30.220:443"\n "172.67.176.214:443"\n "65.8.165.51:80"\n "23.61.169.89:80"\n "65.8.165.104:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dc4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dc4_IESQMMUTEX_0_519"\n "IsoScope_dc4_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dc4_ConnHashTable<3524>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3524"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_dc4_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_dc4_IE_EarlyTabStart_0x530_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\MSIMGSIZECacheMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data Windows 2000/XP setup 4817 bytes 1 file at 0x2c +A "disallowedcert.stl" number 1 1 datablock 0x1 compression"\n "Cab2433.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "4L134F50.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n Dropped file: "XVLMDIKC.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XVLMDIKC.txt]- [targetUID: 00000000-00003524]\n Dropped file: "CVDBBF2V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CVDBBF2V.txt]- [targetUID: 00000000-00003524]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsmacinstruct.sertfidancilik.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003384]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003524]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003384]\n "logo_1_.png" has type "PNG image data 128 x 128 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003384]\n "~DF77AE68F8612CDCE2.TMP" has type "data"- Location: [%TEMP%\\~DF77AE68F8612CDCE2.TMP]- [targetUID: 00000000-00003524]\n "9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1]- [targetUID: 00000000-00003384]\n "iphone_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "4L134F50.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003524]\n "5E42C65D472B356D49EB3B8AD6849196" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\5E42C65D472B356D49EB3B8AD6849196]- [targetUID: 00000000-00003384]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003384]\n "O7UT3CDV.htm" has type "HTML document ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\O7UT3CDV.htm]- [targetUID: 00000000-00003384]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003524]\n "mac_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://macinstruct.sertfidancilik.com/"\n Pattern match: "https://macinstruct.sertfidancilik.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-s104.196.30.220
2023-05-12 02:44:21Open TCP PortNoSSL Certificate Analyzer0020None185.199.108.153:443185.199.108.153
2023-05-12 03:18:51WiFi Access Point NearbyNoWigle.net0030NoneNH-NEW (Net ID: 00:01:21:30:F0:D3)37.7642, -122.3993
2023-05-12 03:42:54Affiliate - Domain WhoisNoWhois3060None Domain Name: INFLANY.COM Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: http://www.world4you.com Updated Date: 2023-04-13T07:19:32Z Creation Date: 2022-04-12T14:21:11Z Registry Expiry Date: 2024-04-12T14:21:11Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.WORLD4YOU.AT Name Server: NS2.WORLD4YOU.AT DNSSEC: signedDelegation DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T03:42:43Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: inflany.com Registry Domain ID: 2688698192_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.world4you.com Registrar URL: https://www.world4you.com Updated Date: 2023-04-13T21:36:05Z Creation Date: 2022-04-12T14:21:11Z Registrar Registration Expiration Date: 2024-04-12T14:21:12Z Registrar: World4You Internet Services GmbH Registrar IANA ID: 1476 Registrar Abuse Contact Email: abuse@world4you.com Registrar Abuse Contact Phone: +43.73293035 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: AT Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: AT Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: https://whoispro.domain-robot.org/whois/inflany.com Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: https://whoispro.domain-robot.org/whois/inflany.com Name Server: ns1.world4you.at Name Server: ns2.world4you.at DNSSEC: signedDelegation URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<< For more information on Whois status codes, please visit https://www.icann.org/epp # World4You Internet Services GmbH WHOIS service. # # The data in the World4You WHOIS database is provided to you by # World4You Internet Services GmbH for informational purposes only and # may be used to assist persons in obtaining information about or # related to a domain name registration record. # Except for agreed Internet operational purposes (such as register or # modify existing registrations), no part of this information may be # stored, reproduced or transmitted by any means. # World4You does not guarantee its accuracy. # # By submitting a WHOIS query, you agree that you will use this data # only for lawful purposes and that, under no circumstances, you will # use this data to # (1) allow, enable, or otherwise support the transmission of mass # unsolicited, commercial advertising or solicitations via E-mail # (spam); or # (2) enable high volume, automated, electronic processes that apply # to World4You (or its computer systems). # World4You reserves the right to modify these terms at any time. # By submitting this query, you agree to abide by this policy. # www.world4you.com - Your hostingprovider.at inflany.com
2023-05-12 02:54:13HTTP Status CodeNoWeb Spider0030None403https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0030NoneBBHWIRELESS_24 (Net ID: 00:00:C5:D7:60:DC)41.8781, -87.6298
2023-05-12 03:17:35Similar Domain - WhoisNoWhois2020NoneDomain Name: AYU.XYZ Registry Domain ID: D9607467-CNIC Registrar WHOIS Server: whois.west.cn Registrar URL: http://www.west.cn Updated Date: 2023-02-11T09:04:01.0Z Creation Date: 2015-08-20T20:34:37.0Z Registry Expiry Date: 2023-08-20T23:59:59.0Z Registrar: CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD. Registrar IANA ID: 1556 Domain Status: ok https://icann.org/epp#ok Registrant Organization: Registrant State/Province: Jiang Su Registrant Country: CN Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Name Server: NS5.MYHOSTADMIN.NET Name Server: NS6.MYHOSTADMIN.NET Name Server: NS1.MYHOSTADMIN.NET Name Server: NS2.MYHOSTADMIN.NET Name Server: NS3.MYHOSTADMIN.NET Name Server: NS4.MYHOSTADMIN.NET DNSSEC: unsigned Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Registrar Abuse Contact Email: abuse@west.cn Registrar Abuse Contact Phone: +86.2862778877 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://icann.org/epp >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit https://www.centralnic.com/support/rdap <<< The Whois and RDAP services are provided by CentralNic, and contain information pertaining to Internet domain names registered by our our customers. By using this service you are agreeing (1) not to use any information presented here for any purpose other than determining ownership of domain names, (2) not to store or reproduce this data in any way, (3) not to use any high-volume, automated, electronic processes to obtain data from this service. Abuse of this service is monitored and actions in contravention of these terms will result in being permanently blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com) Access to the Whois and RDAP services is rate limited. For more information, visit https://registrar-console.centralnic.com/pub/whois_guidance. Domain Name: ayu.xyz Registry Domain ID: xy74494296952501 Registrar WHOIS Server: whois.west.cn Registrar URL: www.west.cn Updated Date: 2015-08-20T20:34:39.0Z Creation Date: 2015-08-20T20:34:39.0Z Registrar Registration Expiration Date: 2023-08-20T20:34:39.0Z Registrar: Chengdu west dimension digital technology Co., LTD Registrar IANA ID: 1556 Reseller: Domain Status: ok http://www.icann.org/epp#ok Registry Registrant ID: Not Available From Registry Registrant Name: REDACTED FOR PRIVACY Registrant Organization: REDACTED FOR PRIVACY Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: Jiang Su Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: CN Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Registry Admin ID: Not Available From Registry Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: Admin Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Registry Tech ID: Not Available From Registry Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: Tech Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz Name Server: ns1.myhostadmin.net Name Server: ns2.myhostadmin.net DNSSEC: signedDelegation Registrar Abuse Contact Email: westabuse@gmail.com Registrar Abuse Contact Phone: +86.2862778877 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en ayu.xyz
2023-05-12 02:44:15Software UsedYesTool - Wappalyzer0020NonePatreonnwapi2.battleb0t.xyz
2023-05-12 02:56:25Netblock MembershipNoRIPE0030None207.154.224.0/20207.154.228.169
2023-05-12 03:23:23Open TCP PortNoPulsedive0030None188.114.96.7:80188.114.96.0/24
2023-05-12 02:54:34Open TCP PortNoCensys0030None104.21.71.14:2082104.21.71.14
2023-05-12 03:13:08Malicious Co-Hosted SiteYesOpenPhish0030NoneOpenPhish [00p513-dev.github.io] https://www.openphish.com/feed.txt00p513-dev.github.io
2023-05-12 03:32:06Open TCP PortNoPulsedive0030None188.114.97.4:80188.114.97.0/24
2023-05-12 03:32:08Open TCP PortNoPulsedive0030None188.114.97.5:80188.114.97.0/24
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040Noneeminent992 (Net ID: 00:14:5C:86:B3:9A)50.8897, 6.0563
2023-05-12 02:45:34Raw Data from RIRsNoipapi.co0030None{u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'34.74.170.74', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'34.74.0.0/15', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'}34.74.170.74
2023-05-12 02:52:10Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://gateway.pinata.cloud/ipfs/bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq/sharepoint.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ab8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ab8_ConnHashTable<2744>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2744"\n "IsoScope_ab8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ab8_IESQMMUTEX_0_331"\n "IsoScope_ab8_IE_EarlyTabStart_0xb7c_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2744"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.64.154.225:443"\n "185.199.108.153:443"\n "69.16.175.10:443"\n "52.25.204.60:443"\n "13.227.74.22:443"\n "13.227.21.110:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "d3e54v103j8qbb.cloudfront.net"\n "gateway.pinata.cloud"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "uploads-ssl.webflow.com"\n "www.pinatapreventsphishing.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "ez=!0,b});return b}oz.M="internal.enableAutoEventOnYouTubeActivity";var pz;function qz(a){var b=!1;return b}qz.M="internal.evaluateMatchingRules";" (Indicator: "dir "; File: "js_2_.js")\n Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarA135.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarA136.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003300]\n "CabA133.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabA133.tmp]- [targetUID: 00000000-00003300]\n "CabA134.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabA134.tmp]- [targetUID: 00000000-00003300]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"628574b3d6d692ff2246c3d0_Pinnie-32x32_1_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc28eb11266a33e63.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c71d88ad-ece3-11ed-b7c5-0800276b7dae}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa772a493d0d30e3e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c71d88ab-ece3-11ed-b7c5-0800276b7dae}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c71d88ad-ece3-11ed-b7c5-0800276b7dae}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc28eb11266a33e63.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c71d88ab-ece3-11ed-b7c5-0800276b7dae}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"628522000a4c5387f2fdcf5a_Pinata-FullLogo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsgateway.pinata.cloudipfsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qqsharepoint.html" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarA135.tmp" has type "data"- Location: [%TEMP%\\TarA135.tmp]- [targetUID: 00000000-00003300]\n "jquery-3.5.1.min.dc5e7f18c8_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003300]\n "webflow.7f48192d4_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "phishing-redirect-page.webflow.c3340e897_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002744]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFA75422D8ACBE1A01.TMP" has type "data"- Location: [%TEMP%\\~DFA75422D8ACBE1A01.TMP]- [targetUID: 00000000-00002744]\n "~DF449D57FE67DC3D35.TMP" has type "data"- Location: [%TEMP%\\~DF449D57FE67DC3D35.TMP]- [targetUID: 00000000-00002744]\n "~DFA772A493D0D30E3E.TMP" has 185.199.108.153
2023-05-12 02:50:16Internet NameNoDNS Resolver0020Nonenwapi2.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: May 4 19:22:49 2023 GMT Not After : Aug 2 19:22:48 2023 GMT Subject: CN=nwapi2.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0: a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3: 66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53: 8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52: d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0: 68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55: f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77: 4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b: b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d: b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6: 78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e: de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49: aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7: d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8: 97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04: ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff: 7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93: 18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f: 07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34: 4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16: 68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57: bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d: 47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9: 14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c: 29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47: 5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd: 5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b: 78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa: 0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf: 9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5: e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83: d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff: a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f: e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0: 69:a0:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi2.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 0a:70:c1:db:70:e8:b9:50:30:b7:33:82:8e:fc:63:b0:63:ad: 97:e6:50:23:e8:d8:fd:32:74:4a:a7:58:9f:cf:c8:b6:a2:cd: 7e:28:74:19:38:ee:dc:ac:6a:d0:c4:5a:10:c7:c3:c1:0d:21: b4:ff:86:61:30:4b:7d:10:9a:6d:10:38:4e:dc:1b:20:ad:54: dd:8b:f9:7d:21:27:78:df:f9:73:ac:1b:f2:16:30:85:73:06: 19:38:d2:0d:2a:2f:fc:b8:ba:a6:8c:6a:bd:c8:da:cd:6a:e6: e4:d5:b0:9f:b7:e5:07:a1:e6:c4:64:49:4e:a2:03:a3:bb:09: 77:55:6d:a7:9f:75:ea:9d:72:47:23:48:8a:7d:88:e5:aa:dd: ab:25:4c:7b:7d:5c:a4:22:dd:53:9e:e1:3c:87:e3:cc:89:d0: b4:6c:0c:61:00:8e:aa:db:85:6f:38:41:eb:4d:06:95:0f:0d: 4e:20:67:94:ec:1c:78:50:ed:0d:4f:1f:d7:4a:22:75:17:67: 0c:34:fe:7d:1a:30:5c:4f:39:17:f0:44:c2:e8:bd:ca:09:21: 03:9a:cb:da:b9:49:21:e4:b4:06:92:26:62:9e:1d:38:76:5b: c4:c5:a8:a9:96:cc:aa:3e:01:a2:ae:8c:45:a0:e8:cf:2a:e0: ca:8e:e5:18
2023-05-12 03:32:02Open TCP PortNoPulsedive0030None188.114.97.2:8443188.114.97.0/24
2023-05-12 02:55:28Web ServerNoURLScan.io0120NoneWerkzeug/2.2.2 Python/3.10.9kekw.battleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneWLAN (Net ID: 00:14:5C:86:B9:32)50.8897, 6.0563
2023-05-12 02:44:28IP AddressNoDNS Resolver0020None185.199.111.153www.battleb0t.xyz
2023-05-12 02:55:01Open TCP PortNoCensys0020None188.114.96.1:8080188.114.96.1
2023-05-12 03:24:52CountryNoCountry Name Extractor0030NoneNetherlandsAmsterdam, North Holland, NH, Netherlands, NL
2023-05-12 02:52:24Open TCP PortNoPulsedive0030None185.199.111.133:80185.199.111.0/24
2023-05-12 03:23:31Open TCP PortNoPulsedive0030None188.114.96.11:8443188.114.96.0/24
2023-05-12 02:55:11Open TCP PortNoCensys0020None87.248.157.102:208787.248.157.102
2023-05-12 03:18:26Account on External SiteNoAccount Finder0050NoneFatSecret (Category: health) https://www.fatsecret.com/member/AltpapierAltpapier
2023-05-12 03:12:51Raw Data from RIRsNonumverify0030None{u'international_format': u'+74955801111', u'local_format': u'84955801111', u'number': u'74955801111', u'valid': True, u'line_type': u'landline', u'location': u'Moskva', u'country_code': u'RU', u'carrier': u'', u'country_name': u'Russian Federation', u'country_prefix': u'+7'}+74955801111
2023-05-12 02:44:51Raw Data from RIRsNoCRXcavator1010None[{"platform": "Chrome", "version": "1.0", "data": {"dangerousfunctions": {".insertBefore(": {"/tmp/agjliddikiapkkpacaacecphgdoplfop_1.0/content.js": [26]}}, "webstore": {"website": "https://replayhub.netlify.app/", "rating": 0, "privacy_policy": "", "last_updated": "2023-04-06", "name": "ReplayHub YouTube Looper", "price": "", "offered_by": "", "support_site": "https://replayhub.netlify.app/", "version": "", "address": "", "short_description": "A Chrome extension for looping YouTube videos.", "permission_warnings": [], "users": 2, "size": "12.84KiB", "type": "Extension", "email": "replayhubunlimited@gmail.com", "rating_users": 0, "icon": "https://lh3.googleusercontent.com/8hLe0teq-FvENQnMGTH5hbKoAgfgd5YttifZdgjiDupvDj0k9qP7enO7qNry3CWBXmZtrms-qMTbQk7rL--uibGNuA=w128-h128-e365-rj-sc0x00ffffff"}, "risk": {"metadata": {}, "total": 382, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "webstore": {"privacy_policy": 1, "last_updated": 1, "users": 1, "address": 1, "total": 5, "rating_users": 1}}, "related": {"iginnfkhmmfhlkagcmpgofnjhanpmklb": {"rating": 4.602212, "users": 1000000, "platform": "", "short_description": "Play over 50 levels of box-jumping madness! Design and share your own levels.", "icon": "https://lh3.googleusercontent.com/muc6rdfnYlghXu2auI9B_xTDc3DjGTqJEn7crw2warPYn2ynoswSQzMskhdwzSa3aGn5ZtN1FS5zt7F2RQ7kvbiXXA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7866, "name": "Boxel Rebound"}, "coabfkgengacobjpmdlmmihhhfnhbjdm": {"rating": 4.712575, "users": 200000, "platform": "", "short_description": "Draw anything and anywhere in real-time, an Paint online. Take a Screenshot of what you have drawn.", "icon": "https://lh3.googleusercontent.com/ATk-HSHUYW94gfeX1-QViI3E-R9ayz6L-z1kaWZHTbODo35loCLAgQQ0Dd7Iyo_WVwIKwwV5CZMKy4xSAim78-i5=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 334, "name": "Paint Tool for Chrome"}, "pgniedifoejifjkndekolimjeclnokkb": {"rating": 4.152824, "users": 100000, "platform": "", "short_description": "Twitch culture wherever you go! This extension replaces all Twitch.tv emote phrases with their actual emoticons.", "icon": "https://lh3.googleusercontent.com/wpEAZCTc19k3y0XQ7kjngo0zY2gDblkGn4E-sp41P9QZJyERCUErowcPq7IYEJDop6Nxk-Mnn5lJDVHm5TTOWMBpRw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 301, "name": "Global Twitch Emotes"}, "anflghppebdhjipndogapfagemgnlblh": {"rating": 4.5964994, "users": 1000000, "platform": "", "short_description": "Funny custom cursors for Chrome\u2122. Replace the default mouse cursor with a custom one from collections of cool and cute cursors.", "icon": "https://lh3.googleusercontent.com/9Sdk_yE3HogVcKV36GpAjo2WuW-KjYxE_OuLWGw_uQV55Nek_trNMqPxUADU2zteqtaZ2Nb6WOCWhbKODyPVCsfiFQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14912, "name": "Cute Cursors - Custom Cursor for Chrome\u2122"}, "mghabdfikjldejcdcmclcmpcmknjahli": {"rating": 4.4349837, "users": 100000, "platform": "", "short_description": "Bass Boost makes videos, songs, movies and more sound awesome by boosting your speakers or headphones.", "icon": "https://lh3.googleusercontent.com/S_ICtgwu98_1zAUeun5CjylcOZeR8R6CbFeny166JgpLD7X9ny67sPfFH8CH93K9h-4KaEOAsQ23UT_gslYKLgjSdw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1515, "name": "Bass Boost: HD Audio"}, "mkccemimdjbojildcllapppfhphcfmkn": {"rating": 4.3464284, "users": 100000, "platform": "", "short_description": "Funny and highly addictive Piggybank idle cash clicker game! From poor pig to a money rain maker!", "icon": "https://lh3.googleusercontent.com/MTOgoa-4pnm2oT718hOzu0s7AyYRh2Hktwursb3vRiYoLJ_NhpZbNlcitb9yqgjsq58Oeml6yG8rdTJTFDnJQ1AdlhY=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 280, "name": "PiggyBank Money Clicker - Idle Game"}, "eekbbmglbfldjpgbmajenafphnfjonnc": {"rating": 4.0141845, "users": 300000, "platform": "", "short_description": "Create and save drawings at the click of a button.", "icon": "https://lh3.googleusercontent.com/9Ss9Et8Wqx2wynjcCgVgKCrWKgQALgDa_5dS8BrLamdoaJxE23RUqPzUCOtPl6Z_4E0cOjPLFWD-LRrIiPTV7A4d=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 282, "name": "TinySketch"}, "mmgjkfjlmdkmoipndaeombfnomjfgeff": {"rating": 4.7636366, "users": 200000, "platform": "", "short_description": "Boxel Golf is a multiplayer golf game packed with challenging courses, custom hats, and a powerful level builder.", "icon": "https://lh3.googleusercontent.com/CJluh5KxvX9BptxcgNfGygJ_FrarOtaAENIzJt_PhpyYyFLIKwtbx_ibaBFihgBFBnjNHBw6Zqf780ki2rEgsTL-=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 110, "name": "Boxel Golf"}, "akimgimeeoiognljlfchpbkpfbmeapkh": {"rating": 4.464241, "users": 300000, "platform": "", "short_description": "Art masterpieces from Google Arts & Culture in your browser tabs", "icon": "https://lh3.googleusercontent.com/vb_gZQ1M8DRLziSDF2orUqqOxfS0R41P6ivGjESV-Wayt2PhEjjECCjqt6cFYjmFOiJc3tPNRlaH--bS4YgJ2_bUF1A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1594, "name": "Google Arts & Culture"}, "ejgnolahdlcimijhloboakpjogbfdkkp": {"rating": 4.363104, "users": 200000, "platform": "", "short_description": "Meow is a virtual Cat pet who walks on your screen while you're browsing the web.", "icon": "https://lh3.googleusercontent.com/bGSk3Ww67wjSEwL0G3NUzjrmdwxCc07Zqg-DJ86TCU-9wslcEtutlHV8sn5gszDzOVilT4LhvdkXedoS8bvuCN-PJ5Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1366, "name": "Meow, The Cat Pet"}, "ogadflejmplcdhcldlloonbiekhnlopp": {"rating": 4.765432, "users": 700000, "platform": "", "short_description": "Increase your max volume! Amplify sound by up to 600%. Control sound of any tab using audio equalizer.", "icon": "https://lh3.googleusercontent.com/i9-pwrYc-CjuOK3VW2wQHhWkBis2nQ_JtZLAqU36S-h3Ogx85OIj9ml3qLVEq_hb4mdaDCPm74nkFuLGN2AtvsQh=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 324, "name": "VolumeUp - Sound booster"}, "gebbhagfogifgggkldgodflihgfeippi": {"rating": 4.8502846, "users": 4000000, "platform": "", "short_description": "Returns ability to see dislikes", "icon": "https://lh3.googleusercontent.com/X0-M21C_VbWyXYuUjN55oyMDvOukjbzAxbs_WrUjwzsebWbyjFCIEchOtczI0DBvbyL9MUpuEWnghm19gF6dp8Vriw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14581, "name": "Return YouTube Dislike"}, "mjjgmlmpeaikcaajghilhnioimmaibon": {"rating": 4.636716, "users": 600000, "platform": "", "short_description": "Boxel 3D is the 3rd release of your favorite box jumping game made by the developers of Boxel Rebound.", "icon": "https://lh3.googleusercontent.com/wJh9K6xTW1upb8nCKtceJ62mE4BWbS7o4RiQpNnxoATQ8sn5w6RIYK9e5B6vPBp8Ve-rw9ZC9s-fTn7aiiH211Xd=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1291, "name": "Boxel 3D"}, "cogmkaeijeflocngklepoknelfjpdjng": {"rating": 4.026706, "users": 100000, "platform": "", "short_description": "Powerful Video Downloader. Downloads most popular media formats like flash, videos, audios.", "icon": "https://lh3.googleusercontent.com/VlYizxdn50R6ZbmamuMJtMI0fLKaA1MQ9oZfGx3_Ewx-vHafh3aU3kcioZev8TGkc1bhrdEpYg9QRSlV2ip95SrWKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 337, "name": "Universal Video Downloader"}, "pjafcgbpdclmdeiipolenjgkikeldljl": {"rating": 4.6231885, "users": 100000, "platform": "", "short_description": "Play the piano in your browser", "icon": "https://lh3.googleusercontent.com/Qr_GTzNHNuRvSIDBRrVhDo_oe1X8lMQ4EeUvbHpXMn82tUSBxqqBrNTll4RwlrIAT8eT79cMTqE4XwkmlpsQXTeA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 69, "name": "Chrome Piano"}, "dlnkkghpoaboifilieokcpoclbhpoclo": {"rating": 4.610895, "users": 400000, "platform": "", "short_description": "The classic Flappy Bird game offline version on your Google Chrome! Free online Flappy Bird plat on Desktop. Flappy for Chrome.", "icon": "https://lh3.googleusercontent.com/NJeftxVVijTjJAjU513yZrpTnqhUaifchPG7ueRV4tbYdvyhLFzaxrv78efd89uuDttH5JGOEYGzyIWwmUpQXfwXKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 257, "name": "Flappy Bird Offline. Desktop Version"}, "gokcmhknbfbkchaljcbjloaebnoblcnd": {"rating": 4.47541, "users": 100000, "platform": "", "short_description": "Welcome to Arcade Classics - a free browser extension with 9 games to play!", "icon": "https://lh3.googleusercontent.com/INSecUCn41xlC2ZJ-EtqFbnHRT6NQ7rwnT-A3AHFZBqvHUO5znb9qBco8HWaXTsM09TceC152h7LIesE_ncO3GktDw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 61, "name": "Arcade Classics"}, "emeokgokialpjadjaoeiplmnkjoaegng": {"rating": 3.3394256, "users": 500000, "platform": "", "short_description": "Draw shapes, lines, and add text to live web pages and take screenshot.", "icon": "https://lh3.googleusercontent.com/Wafwq7jbZDxfLNCG587_eBMy91NkmSP2JFA3b4hWobkUAplS41SaW08gHYd8vcamJ1EPG5gQMPoQ_VDoVTNT9wH-KQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 766, "name": "Web Paint"}, "goiejopegncpjmocklmfiipofdbkhpic": {"rating": 4.5925927, "users": 100000, "platform": "", "short_description": "Doodle Jump! Jump and break your records!", "icon": "https://lh3.googleusercontent.com/sdyc5k0236GAl3UATyeaXTUVV7KzolMDZCdMo2ndFcYeMMX0hYvUNkCAf2hCBvnIZrd4NIjVJ41Huds2XMXL3qgo=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Doodle Jump Ninja"}, "fadndhdgpmmaapbmfcknlfgcflmmmieb": {"rating": 4.466354, "users": 1000000, "platform": "", "short_description": "Use a variety of unique faces on Twitch!", "icon": "https://lh3.googleusercontent.com/qeMTob_QmnY3Mt8c-PnUxLs8nA82SW2VNylqMQ70aSRfpHCDISNXQI_4CIaW9N-kFyfhiAGYZ4Gy2zU4EaD5QxEEL-Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 639, "name": "FrankerFaceZ"}, "bmjmipppabdlpjccanalncobmbacckjn": {"rating": 4.889806, "users": 200000, "platform": "", "short_description": "Cool, cute and funny cursors for Chrome\u2122, choose from hundreds of options.", "icon": "https://lh3.googleusercontent.com/cFDN-1ehvX3Ru1s02Aq68gnGJB2PyGa3Z1OfGXK7gWrvPYJZy7q68KxLX4Y5peQfd6aVYzNab2Kp7ZIxcOy1N_mcO4E=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2060, "name": "Cursor style - custom cursor for your browser"}, "ogdlpmhglpejoiomcodnpjnfgcpmgale": {"rating": 4.716016, "users": 6000000, "platform": "", "short_description": "Fun custom cursors for Chrome\u2122. Use a large collection of free cursors or upload your own.", "icon": "https://lh3.googleusercontent.com/H2MMZR0mOR25jQf_4GdtDTufefua3igDkUq9TXdzfdqHXxkp9zfuVp3gSqAKRWGG2urjM0PlMIdLuZWcWRAtlUvZ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42439, "name": "Customayhu.xyz
2023-05-12 02:59:45Affiliate - Domain WhoisNoWhois2050None Domain Name: GOOGLEUSERCONTENT.COM Registry Domain ID: 1528918319_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2022-10-16T09:27:01Z Creation Date: 2008-11-17T15:58:29Z Registry Expiry Date: 2023-11-17T15:58:29Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2086851750 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.GOOGLE.COM Name Server: NS2.GOOGLE.COM Name Server: NS3.GOOGLE.COM Name Server: NS4.GOOGLE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2023-05-12T02:59:31Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. googleusercontent.com
2023-05-12 03:18:57WiFi Access Point NearbyNoWigle.net0050None55 2nd PMO (Net ID: 00:01:21:10:61:00)37.780462,-122.390564
2023-05-12 03:19:09Account on External SiteNoAccount Finder0060NoneBodyBuilding.com (Category: health) http://bodyspace.bodybuilding.com/login/login
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:2095172.67.135.9
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None0000rgb124.github.io185.199.111.153
2023-05-12 02:54:34Open TCP Port BannerNoCensys0030NoneHTTP/1.1 403 Forbidden Date: <REDACTED> Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 7c5c8cb9da901236-ORD Content-Encoding: gzip 104.21.71.14
2023-05-12 03:18:56WiFi Access Point NearbyNoWigle.net0050Nonedefault (Net ID: 00:01:24:F2:E0:26)37.7813933,-122.3918002
2023-05-12 03:10:06Malicious IP AddressYesVoIPBL OpenPBX IPs0120NoneVOIPBL Publicly Accessible PBX List [185.199.110.153] http://www.voipbl.org/update185.199.110.153
2023-05-12 03:03:30Co-Hosted Site - Domain NameNoDNS Resolver0030Nonegithub.io0047ol.github.io
2023-05-12 02:53:49Raw Data from RIRsNoCensys0020None{"last_updated_at": "2023-05-11T17:57:31.398Z", "ip": "2606:50c0:8000::153", "location_updated_at": "2023-05-08T16:34:05.180048Z", "autonomous_system_updated_at": "2023-05-08T16:34:05.180102Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.pixeli.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T23:50:00.966261596Z"}, "www.willbishop.dev": {"record_type": "CNAME", "resolved_at": "2023-03-06T20:23:13.520153960Z"}, "www.spncr.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:10.270076260Z"}, "www.rohanseth.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T00:00:27.264834898Z"}, "www.asiavalentine.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:52:15.471978167Z"}, "catclicker.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:42:34.665120760Z"}, "www.omkardhande.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:55:27.721595395Z"}, "www.montferret.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:26.803641174Z"}, "hkatz.dev": {"record_type": "AAAA", "resolved_at": "2023-03-22T11:14:05.854477536Z"}, "myreads.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-02-26T21:11:31.059545269Z"}, "mint.gaiaprotocol.com": {"record_type": "CNAME", "resolved_at": "2023-05-07T14:38:55.332333650Z"}, "web-dev.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:36.047967881Z"}, "greshnikov.net": {"record_type": "AAAA", "resolved_at": "2023-04-19T21:42:27.985888825Z"}, "svelte.calories.claas.dev": {"record_type": "CNAME", "resolved_at": "2023-04-04T16:51:51.844422366Z"}, "namco.dev": {"record_type": "AAAA", "resolved_at": "2023-01-19T14:14:45.143590011Z"}, "www.tcamba.dev": {"record_type": "CNAME", "resolved_at": "2023-03-23T17:56:56.616082497Z"}, "thaecohvah.syntactic-sugar.design": {"record_type": "CNAME", "resolved_at": "2023-04-23T09:37:19.694810939Z"}, "mst.biuxbiu.design": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:39:08.436586135Z"}, "kbau.dev": {"record_type": "AAAA", "resolved_at": "2023-02-27T15:42:55.285099290Z"}, "www.grantanna.dev": {"record_type": "CNAME", "resolved_at": "2023-02-27T15:42:47.651834600Z"}, "www.kazusato.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:18.300056949Z"}, "www.olmedilla.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T14:54:03.698785602Z"}, "cuillere.dev": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:59:59.805050461Z"}, "www.srinivasreddy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:53.148982927Z"}, "www.cliu.dev": {"record_type": "CNAME", "resolved_at": "2023-03-24T23:25:10.893500128Z"}, "www.notsostandardmodel.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:47:59.242829135Z"}, "kaiseki.coderfin.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T16:02:42.934790176Z"}, "www.robisonweb.dev": {"record_type": "CNAME", "resolved_at": "2023-02-28T15:51:22.213479983Z"}, "trubbylove.laury.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:26.457996047Z"}, "blog.hiluohao.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:57:36.831718722Z"}, "www.yusry.de": {"record_type": "CNAME", "resolved_at": "2023-04-23T16:48:40.403075909Z"}, "gh.grollif.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T15:27:50.311379943Z"}, "data-observability-tag.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:12.630016737Z"}, "www.ttlresearch.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T20:20:06.761328463Z"}, "siuts.proekspert.ee": {"record_type": "CNAME", "resolved_at": "2023-02-08T17:06:34.527975069Z"}, "www.dannytran.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:34.941987381Z"}, "yanshouwang.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:54.271513621Z"}, "www.hiennguyen.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:59:42.443779889Z"}, "database.jiny.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:19:55.315272389Z"}, "www.shaneporter.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:20:35.708785655Z"}, "blog.brandonmathis.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T21:08:33.485121539Z"}, "blog.limeira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:35.974650849Z"}, "v1.commandtech.dev": {"record_type": "CNAME", "resolved_at": "2022-10-31T15:01:33.036179596Z"}, "nfshibes.com": {"record_type": "AAAA", "resolved_at": "2023-04-19T17:29:58.637558645Z"}, "help.programm-chest.dev": {"record_type": "CNAME", "resolved_at": "2022-11-30T14:37:46.643013242Z"}, "flagicons.lipis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:16.844777559Z"}, "www.hautetechorientale.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T18:50:32.432484276Z"}, "rvtravel.debiron.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:35:02.381212614Z"}, "polothil.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:13:36.027155340Z"}, "blog2.foxcii.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:20:31.600174494Z"}, "www.aashish.dev": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:07:09.565393850Z"}, "q42.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T21:14:14.876154310Z"}, "mick.maccallum.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T16:19:47.687126527Z"}, "www.guziyf.com": {"record_type": "CNAME", "resolved_at": "2023-01-15T05:57:21.072132005Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "www.frontendtesting.com": {"record_type": "CNAME", "resolved_at": "2023-03-04T14:07:21.806350891Z"}, "new.steli.kiev.ua": {"record_type": "CNAME", "resolved_at": "2023-04-24T22:30:03.738257685Z"}, "weili512.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-02T16:30:29.884086670Z"}, "resume.chann.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:16:20.658403265Z"}, "www.wazted.fr": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:32:27.312675959Z"}, "zdf.zerodarktech.com": {"record_type": "CNAME", "resolved_at": "2023-01-04T12:37:43.534076338Z"}, "www.mtconnectcore.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:59:11.184709249Z"}, "www.mikezalik.com": {"record_type": "CNAME", "resolved_at": "2023-01-30T13:35:57.247139345Z"}, "shortcuts.bludood.com": {"record_type": "CNAME", "resolved_at": "2022-10-27T13:10:37.241256116Z"}, "www.aloha.org.cn": {"record_type": "CNAME", "resolved_at": "2022-12-14T12:40:48.602824216Z"}, "ivanleeswe.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-14T00:28:16.302626796Z"}, "www.williamjang.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:39.271340346Z"}, "www.mangato.es": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:31:05.591550189Z"}, "msk.im": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:24:25.369430576Z"}, "stevenbone.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T02:37:36.462044411Z"}, "www.dwivedula.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T15:37:48.541873098Z"}, "www.ousmane.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:03:29.723057364Z"}, "www.shira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:45:59.585738764Z"}, "www.codenotes.dev": {"record_type": "CNAME", "resolved_at": "2023-04-02T01:42:40.361559321Z"}, "www.thyagajan.in": {"record_type": "CNAME", "resolved_at": "2023-02-04T15:11:06.016790048Z"}, "haoyan.vin": {"record_type": "CNAME", "resolved_at": "2023-03-24T21:40:03.224812796Z"}, "www.sangjunchun.com": {"record_type": "CNAME", "resolved_at": "2023-05-07T15:42:03.799026511Z"}, "www.lawrencedunbar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:50:22.533060749Z"}, "www.gilsoffer.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:22:12.068548907Z"}, "www.jenniwu.dev": {"record_type": "CNAME", "resolved_at": "2023-04-24T17:00:00.073227865Z"}, "www.coltonfalkner.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:40.169282211Z"}, "andressa.dev": {"record_type": "CNAME", "resolved_at": "2023-04-13T16:15:01.948884742Z"}, "www.dangillis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:20.930987816Z"}, "www.jasonscotto.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:01:31.543104004Z"}, "volnt.github.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T12:15:25.538707631Z"}, "www.ologn.dev": {"record_type": "CNAME", "resolved_at": "2023-02-14T15:37:29.279040979Z"}, "www.sreehari.dev": {"record_type": "CNAME", "resolved_at": "2023-03-14T15:27:59.231327405Z"}, "www.jenniferyaya.ca": {"record_type": "CNAME", "resolved_at": "2023-05-11T12:50:41.791793242Z"}, "proofcafe.github.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T14:18:15.798052993Z"}, "mirror.growingio.design": {"record_type": "CNAME", "resolved_at": "2022-12-20T14:28:15.483007528Z"}, "www.framy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:45.611656444Z"}, "www.colorbuilder.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:32.011890468Z"}, "www.oscarablinger.dev": {"record_type": "CNAME", "resolved_at": "2023-05-01T09:06:38.146245867Z"}, "abeziou.dev": {"record_type": "AAAA", "resolved_at": "2023-03-27T23:40:41.232028838Z"}, "fosterinfotech.com": {"record_type": "AAAA", "resolved_at": "2023-04-15T14:30:18.377726429Z"}, "www.johndal.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:34:43.427896647Z"}, "shop4data-ui.docs.collibra.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:31.647476511Z"}, "www.codar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:54:18.450070838Z"}, "www.ky1vstar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:22.392376650Z"}, "portfolio.gchahm.dev": {"record_type": "CNAME", "resolved_at": "2023-01-14T14:40:10.714963428Z"}}, "names": ["www.yusry.de", "database.jiny.dev", "www.sreehari.dev", "www.jenniwu.dev", "abeziou.dev", 2606:50c0:8000::153
2023-05-12 03:01:23Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.218): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:46:38BGP AS MembershipNoRIPE0030None36459185.199.111.0/24
2023-05-12 03:03:16Internet NameNoDNS Resolver0020Nonepanel.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 09:44:04 2022 GMT Not After : Feb 15 09:44:03 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77: 53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b: 73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62: 24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2: 03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36: 58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85: 49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48: 2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84: 3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52: e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6: 40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33: d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc: e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc: 3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4: 81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39: 5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43: e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa: 77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b: 0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb: ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf: a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f: 41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b: 1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9: 9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd: d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac: 58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32: bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8: 3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48: 40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28: 19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e: a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3: 69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af: f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65: 82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16: 21:a3:69 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption 31:e8:ef:7b:dc:32:84:dd:2e:cc:16:1c:67:37:d9:86:76:04: cf:c1:4a:db:fc:f8:35:75:ae:c3:16:b4:0f:be:85:8b:2e:20: db:eb:90:53:b8:18:4d:ef:7f:9f:02:58:b1:11:60:70:ce:ed: 48:d1:03:e8:96:d0:08:23:48:86:a6:a1:dd:67:5c:22:34:8f: 7b:e9:55:8c:27:c1:a3:38:4d:9e:0d:fe:62:f2:2a:c2:c8:2a: 7f:a8:e9:c9:39:5d:dd:14:84:0b:ca:c2:43:a5:28:2d:bf:3e: df:33:fa:93:d0:d2:25:aa:bf:96:26:a0:e2:28:49:c3:01:f6: 1b:1f:83:32:9b:6e:57:55:9b:b2:74:7a:0d:c6:40:a1:6f:35: c4:08:94:e4:ae:84:9e:57:8b:d7:39:a4:95:6f:4e:9a:ff:c5: d4:c6:a2:ec:49:72:ad:a2:fe:9d:76:83:15:0f:a5:d6:70:72: bc:54:bb:e6:d0:4d:78:23:d8:86:e5:91:24:e1:d6:5c:9f:c0: 4f:96:79:66:56:47:4e:a5:83:46:6a:88:fc:1a:f6:c8:24:7e: cc:fc:53:86:95:72:5f:4e:3c:48:0d:0e:f3:6a:43:f6:6b:fb: f5:6b:36:26:89:53:4a:22:4b:a7:9e:de:e2:c4:fb:85:8c:ca: ff:01:95:cd
2023-05-12 02:44:39Internet NameNoDNS Resolver0020Nonebattleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Nov 17 08:07:50 2022 GMT Not After : Feb 15 08:07:49 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29: bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f: 19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f: 68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b: 8d:5a:d8:02:5e ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77: 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13 Timestamp : Nov 17 09:07:51.072 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:16:9A:44:87:BF:E8:FB:88:4F:27:C3:23: D7:41:4A:F8:BC:44:42:20:18:B7:8C:EF:CD:C8:5C:14: 86:9C:04:8F:02:21:00:D8:FC:B1:DA:CE:C1:81:91:75: 82:10:9B:4A:3A:12:1B:FE:70:80:7F:A6:84:E4:C5:04: 58:38:0B:34:F3:1E:73 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 09:07:51.066 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:15:CD:95:9A:3C:F7:20:93:54:3E:08:F7: 6D:D4:73:9D:63:2C:14:38:C7:1C:15:38:7A:3E:1C:B5: 3A:C9:C0:A8:02:21:00:C8:7B:89:3A:AC:D8:F0:69:E9: DE:74:9E:7E:74:A9:4E:43:C7:89:2C:62:13:65:90:95: 4A:78:C6:0D:71:91:72 Signature Algorithm: ecdsa-with-SHA384 30:65:02:30:19:f9:7b:55:14:7a:4c:2b:b8:a8:55:31:bc:66: 14:95:52:8a:fe:84:4c:61:c2:02:53:4a:80:96:e1:54:a7:b8: 65:6c:70:ad:b8:e9:f0:44:9d:f5:1e:5f:f5:49:05:26:02:31: 00:af:38:a6:7e:99:e5:40:3e:28:0a:04:fc:e6:28:1e:0b:3b: f4:a2:30:3a:2a:98:5c:14:93:92:27:5b:5b:a6:49:e2:da:ff: a7:8f:34:6f:32:35:7e:32:3c:5a:8b:ec:81
2023-05-12 02:53:15IPv6 AddressNoMnemonic PassiveDNS0010None2606:50c0:8003::153battleb0t.xyz
2023-05-12 02:54:14Linked URL - InternalNoWeb Spider0020Nonehttp://kekw.battleb0t.xyz/kekw.battleb0t.xyz
2023-05-12 02:53:38Raw Data from RIRsNoHybrid Analysis0020None[{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3D6SWF_2XvlAmvoAz3TtepUWzZ-2Fg6Vtpb0zElD-2BU8dA0uWhdmvWpUzFQRCBLPcsU5at7iOPzNbZzyRCb5bSh-2BoMMyAUQdyJp9IV2xfegy0-2FMwvEi-2BwozwcLtcNHqHaMRs8zAm7v5oZ8wTMu7PUckSXiY1wEtrZaBDs-2BRBlmkbh9Bk665yd-2BGWxPZ3Mu0THZQM5-2FP11a-2BnjrPp01kRk3vpw-2FdkIVAY0zBticO8G8HkRCeTwIfKT9zQaL08iSXP09g4bM6aPaqGqiABBypIWkMX9voaonye-2FhTvmhVbMfIPyNM6dFuHHhzzLGrIVXSKSF6E-2BOGRIfxfAxK931o54RTlE-2B0snfd2QGewW05SsfFlJqS7DRs1HkS583lpCQaj-2FK4Iy1YDRwJnFPS5MjbvltaPnLRwriSR-2Fb5JG4SDVEinnEWy4pnM4-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b40_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b40_IESQMMUTEX_0_331"\n "IsoScope_b40_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b40_ConnHashTable<2880>_HashTable_Mutex"\n "IsoScope_b40_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b40_IE_EarlyTabStart_0x914_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2880"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2880"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.123.124:80"\n "52.11.45.250:443"\n "13.227.74.22:443"\n "142.250.188.10:443"\n "52.202.168.65:443"\n "185.199.109.153:443"\n "13.227.21.110:443"\n "13.227.74.87:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.250.189.163:443"\n "13.227.74.48:443"\n "91.199.212.52:80"\n "136.143.191.144:443"\n "204.141.43.48:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "connect.facebook.net"\n "crt.usertrust.com"\n "css.zohocdn.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "js.zohocdn.com"\n "maciejsawicki.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "script.hotjar.com"\n "static.hotjar.com"\n "uploads-ssl.webflow.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"\n "www.bugherd.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"src="https://www.facebook.com/tr?id=2116198561850213&ev=PageView" (Indicator: "facebook.com"), "</style><meta name="twitter:card" content="summary" />" (Indicator: "twitter"), "<meta name="twitter:site" content="@Preventorft" />" (Indicator: "twitter"), "{state:0\ntransportUrl:b\ncontext:c\nparent:Wk()}\nP(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1\ncontext:c\nparent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/)\nYr={cl:["ecl"]\ncustomPixels:["nonGooglePixels"]\necl:["cl"]\nehl:["hl"]\nhl:["ehl"]\nhtml:["customScripts"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\ncustomScripts:["html"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\nnonGooglePixels:[]\nnonGoogleScripts:["nonGooglePixels"]\nnonGoogleIframes:["nonGooglePixels"]}\nZr={cl:["ecl"]\ncustomPixels:["customScripts"\n"html"]\n" (Indicator: "youtube"), "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0\nf=0;return{createEvent:function(g,h,m){var n=a()\np=n.Lg\nq=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi)\nr=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100)\nt=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube"), "b\n"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0)\nnv("sdl","pending",!0)\nI(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"])\nyy=["www.youtube.com"\n"www.youtube-nocookie.com"]\nzy\nAy=!1;" (Indicator: "youtube"), "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d\nEg:e\nFg:f\nlh:g\nmh:h\nWd:m\nib:b}\np=z.YT\nq=function(){Gy(n)};if(p)return p.ready&&p.ready(q)\nb;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script")\nu=t.length\nv=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe")\ny=x.length\nA=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")\n" (Indicator: "youtube"), "Ay=!0\nb});return b}Ky.N="internal.enableAutoEventOnYouTubeActivity";var Ly;function My(a){var b=!1;return b}My.N="internal.evaluateMatchingRules";" (Indicator: "youtube"), "GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter"), "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFB80.tmp" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d0e96629fb1faee847_mob_app%20store_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d096183ee5c61f2081_mob_google%20play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff60f8b3be007f3ef5780f3_Cover%20AML%20risk%20screening_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff5c5146d1b1ad22260e36b_seamless-integration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ac6d2755267bbee952_nav-anti-money-laundering_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c51ee3b2917a9fc9d3_nav-financial-services_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73c18f306a879a966_nav-law_1_.sv185.199.109.153
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneELSA1 (Net ID: 00:02:2D:21:83:7A)50.1188, 8.6843
2023-05-12 03:18:54WiFi Access Point NearbyNoWigle.net0040NoneXFBSECA7HE6H (Net ID: 00:0D:67:66:08:15)32.8608, -79.9746
2023-05-12 03:10:05Co-Hosted Site - Domain NameNoDNS Resolver2040Noneecash-pay.comdonation.ecash-pay.com
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneJ-Snijders (Net ID: 00:0C:F6:25:03:E8)50.8897, 6.0563
2023-05-12 02:46:33SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 27 17:54:05 2023 GMT Not After : Apr 27 17:54:04 2023 GMT Subject: CN=nwapi.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67: cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd: e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8: eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c: 24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb: 60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb: c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68: 44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3: 2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18: 80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e: 56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de: 27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef: 5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32: a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36: 4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68: 6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20: a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68: 7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52: c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db: 33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee: 82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb: 57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73: d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43: a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7: 6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e: 2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81: d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b: 69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92: c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b: 3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6: ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd: f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5: 32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78: 94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4: ad:de:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : Jan 27 18:54:05.304 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:2E:CD:16:75:5B:83:CE:34:DE:4E:0B:A5: 8F:CD:7C:C7:A7:A6:A9:11:C3:23:E1:0B:2A:31:9F:95: 73:C3:42:80:02:20:7B:D0:4F:D2:8B:72:CA:32:B2:4D: CC:40:AA:8E:75:E9:77:4A:4F:D1:BA:D8:AE:0C:6B:30: 9E:04:63:28:D1:A8 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Jan 27 18:54:05.294 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:F1:66:52:35:FF:56:8B:1D:79:47:47: A7:1C:C3:D5:F7:A4:62:11:6E:72:13:33:6A:75:28:8C: 74:B2:4C:10:76:02:20:1B:97:A6:E2:6C:65:7B:C8:CD: 9F:BB:59:01:45:C5:3A:6B:BD:4B:C8:1B:69:3F:61:01: 38:DF:1A:9C:5B:33:60 Signature Algorithm: sha256WithRSAEncryption ae:79:f7:6d:1b:71:32:86:32:db:2a:16:1c:43:90:9b:83:62: 0f:e8:c8:45:a2:74:39:9e:47:95:60:f9:a9:0f:5f:8f:26:9e: 6a:cb:48:fc:28:9f:be:95:de:3f:18:f2:a2:6b:df:e9:ed:0e: 0c:fe:77:c0:f9:43:13:cf:28:62:3e:eb:89:e6:eb:03:ba:b6: 65:d3:6f:26:2f:e2:cd:15:59:82:3c:0e:ae:d9:44:2e:69:94: 35:68:67:b8:2a:60:2d:04:59:19:48:8b:a7:19:32:be:3f:d4: 97:45:fa:e8:74:5a:8f:72:87:86:27:6f:fd:8c:2b:a4:50:d9: 22:2e:d0:5b:e8:25:5b:f1:50:e7:fa:72:45:0e:76:e9:66:71: c9:e1:a7:8b:e8:5b:83:ac:a2:bc:89:be:14:a7:12:48:15:b7: d6:1e:fe:ad:98:76:3e:16:2c:cf:38:d6:a3:13:69:b2:c3:42: 11:42:e6:c6:c6:df:61:d7:1c:e4:ca:7f:bc:9e:71:30:82:fe: d4:6f:58:81:ab:0e:55:97:bb:c1:5d:e3:30:ef:17:60:9b:37: 2f:f7:be:34:13:0e:a6:78:95:12:19:fc:1f:5c:b8:e7:4a:08: f6:f1:db:51:99:1c:e2:4d:5a:42:03:0e:eb:74:29:12:8b:42: 4a:ad:db:87 battleb0t.xyz
2023-05-12 03:16:17Similar DomainYesTool - DNSTwist1010Noneayiu.xyzayhu.xyz
2023-05-12 02:54:18Linked URL - InternalNoWeb Spider1030Nonehttps://pics.battleb0t.xyz/images/withat_2.jpghttps://pics.battleb0t.xyz/
2023-05-12 03:18:53WiFi Access Point NearbyNoWigle.net0050Nonevulcan (Net ID: 00:02:8A:AD:D0:F3)39.0469, -77.4903
2023-05-12 03:25:06Internet NameNoDNS Brute-forcer0010Nonepanel.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:42:18WiFi Access Point NearbyNoWigle.net0040NoneEAP6005G (Net ID: 00:02:6F:EB:3F:8B)50.8897, 6.0563
2023-05-12 03:09:28SSL Certificate - Issued byNoSSL Certificate Analyzer0030NoneC=US,O=Let's Encrypt,CN=R3165.232.113.85
2023-05-12 03:00:31Affiliate - Email AddressNoE-Mail Address Extractor0040Noneumac-64@openssh.com{"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh
2023-05-12 02:44:37Internet NameNoDNS Resolver0020Noneoldfluid.battleb0t.xyzCertificate: Data: Version: 3 (0x2) Serial Number: 04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Feb 24 03:05:11 2023 GMT Not After : May 25 03:05:10 2023 GMT Subject: CN=oldfluid.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9: ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69: 7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2: 36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91: 79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82: ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50: 74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b: 60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89: 0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee: c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e: 24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b: 96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4: 80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45: 12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93: 2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb: f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1: ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68: ca:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:oldfluid.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate Poison: critical NULL Signature Algorithm: sha256WithRSAEncryption af:5e:3d:7d:a9:f5:42:9c:1d:2f:03:2d:1b:0d:2f:10:cb:50: f1:b5:52:99:81:26:41:e3:0e:8b:3f:d6:44:9c:4d:76:a0:c9: 2e:6c:74:7c:a4:74:32:5e:57:3b:4d:1a:2e:c8:ca:50:8a:41: 64:52:bd:34:33:b5:79:5d:6f:b7:40:8d:f2:19:bb:9c:7a:f4: 53:d5:b8:14:be:47:eb:83:11:3f:9b:a8:6d:e6:50:9c:00:fd: 45:a4:e9:b5:c8:1a:e6:9f:65:a0:32:31:9a:f4:eb:55:67:d1: e8:ef:64:3e:f6:9d:83:1d:d7:4f:bc:78:a6:79:31:b0:72:dc: bc:76:08:92:82:2c:2d:62:96:6a:ea:10:aa:8b:9f:01:37:82: 68:e8:21:18:0b:93:ec:a2:d9:e4:7d:db:8d:03:6c:29:66:26: 48:37:dc:c6:b4:07:9f:89:13:5d:3c:d0:15:d9:f0:41:fb:6f: a6:03:d7:5c:9d:60:ab:11:be:88:8c:49:85:6b:01:3f:1f:cf: 9f:fe:17:89:e9:00:42:c3:57:e3:c8:42:f8:cd:c4:7b:bc:1f: 29:1b:d5:94:0f:7c:11:23:e1:b3:ae:8d:51:5a:7e:0b:bb:e0: 95:37:98:35:9f:61:ad:e4:68:dc:1c:77:b3:9e:f7:ce:95:dd: 52:35:dd:a6
2023-05-12 03:00:42Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.53): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:45:42SSL Certificate - Raw DataNoCertificate Transparency0010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: May 4 19:22:49 2023 GMT Not After : Aug 2 19:22:48 2023 GMT Subject: CN=nwapi2.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0: a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3: 66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53: 8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52: d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0: 68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55: f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77: 4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b: b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d: b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6: 78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e: de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49: aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7: d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8: 97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04: ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff: 7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93: 18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f: 07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34: 4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16: 68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57: bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d: 47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9: 14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c: 29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47: 5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd: 5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b: 78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa: 0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf: 9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5: e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83: d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff: a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f: e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0: 69:a0:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:nwapi2.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84: 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52 Timestamp : May 4 20:22:49.987 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:49:5B:22:9A:37:74:EC:B5:6B:BF:74:25: 03:BF:46:DC:18:51:D6:44:11:7B:BF:B6:5B:50:DD:1C: 8F:80:EF:3B:02:20:47:2A:69:10:84:9E:DC:B5:E3:E3: 85:D7:64:E9:81:E6:34:A8:3A:EE:7B:C1:B6:5E:40:1F: 80:29:DA:11:05:13 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : May 4 20:22:50.005 2023 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:35:7C:BF:0E:AA:9D:74:86:07:D7:D4:AB: F5:E1:40:37:B8:BB:7E:DB:39:8A:BE:E2:5C:03:30:30: 87:33:6B:95:02:20:09:90:FF:C6:9A:73:8C:96:C5:27: 7D:6B:43:B6:38:71:2C:A6:63:43:70:C3:FA:5D:5B:71: 98:69:EE:13:00:4E Signature Algorithm: sha256WithRSAEncryption 85:ff:2d:f7:ea:a0:91:b7:ce:aa:d9:bb:80:7c:e2:3c:82:5e: aa:e4:8e:68:39:36:38:9c:77:b6:ea:24:b5:71:a4:68:73:d2: cb:e4:b6:6e:87:92:cd:60:f0:4b:fa:16:3c:67:67:24:50:45: a7:67:96:84:cc:d3:58:c6:5e:dc:44:85:ed:d6:81:ec:7f:49: 41:4d:c5:ca:ca:aa:32:ad:d7:11:f7:39:7b:b0:7b:77:74:44: f7:cb:92:93:e4:45:e9:c1:4b:22:0e:6a:87:26:da:2f:86:c9: 2f:7d:8a:b8:0e:fa:c8:7d:05:d7:2e:5e:0f:61:c0:b7:f9:d9: 51:31:63:4f:68:5d:de:cc:22:12:04:48:9b:ee:41:d8:a5:b1: 3c:80:9c:7b:d1:ae:a7:5b:ac:bf:bc:03:e4:36:bf:0d:18:f2: 3c:c8:4d:81:d8:71:4f:93:f8:89:4f:b8:cc:c6:d5:23:b9:6b: 01:1a:ea:aa:63:1c:40:bd:2f:59:0a:34:b7:be:8a:f1:7e:27: 85:d0:0e:96:7f:f0:0b:eb:18:35:77:95:6b:27:bf:9c:18:72: 58:89:63:0e:ed:84:1b:cb:e1:47:d4:7e:b0:01:ca:b1:c2:f0: 7c:b9:e4:20:fc:db:bd:c2:a6:6c:47:1a:fc:14:e6:86:84:df: 57:0b:c2:0b battleb0t.xyz
2023-05-12 02:55:11Software UsedYesCensys0020NonecPanel cPanel87.248.157.102
2023-05-12 03:01:19Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.166): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 02:53:32HTTP HeadersNoCensys0020None{"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["E9B4:1F0F:9CADE8:E25A67:645D08C5"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100040-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683818693.056035,VS0,VE27"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["695e2aec93a90cc9e1a6417b158a1f1d94a5129d"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]}185.199.111.153
2023-05-12 03:17:57Malicious IP on Same SubnetYesCINS Army List0040Nonecinsscore.com [34.148.96.0/20] http://cinsscore.com/list/ci-badguys.txt34.148.96.0/20
2023-05-12 02:44:05SSL Certificate - Issued toNoCertSpotter1010NoneCN=*.battleb0t.xyzbattleb0t.xyz
2023-05-12 03:00:53Co-Hosted SiteNoHackerTarget2020None0031.github.io185.199.111.153
2023-05-12 03:01:27Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.12): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:03Open TCP PortNoCensys0020None172.67.135.9:8080172.67.135.9
2023-05-12 03:27:00Web TechnologyNoWeb Server Identifier0030NoneExpress{"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"}
2023-05-12 03:17:05Account on External SiteNoAccount Finder0010NoneChess.com (Category: gaming) https://www.chess.com/member/ayshooayshoo
2023-05-12 02:45:59Raw Data from RIRsNoAbstractAPI0030None{u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -87.6298, u'country_code': u'US', u'timezone': {u'abbreviation': u'', u'gmt_offset': u'', u'is_dst': u'', u'name': u'', u'current_time': u''}, u'latitude': 41.8781, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'104.21.71.14', u'continent': u'North America', u'region_iso_code': u'IL'}104.21.71.14
2023-05-12 02:45:04CountryNoCountry Name Extractor0030NoneUnited Statescloudflaressl.com
2023-05-12 02:54:51Netblock MembershipNoCensys0030None34.74.160.0/2034.74.170.74
2023-05-12 02:45:51Physical LocationNoAbstractAPI0020NoneMontreal, Quebec, H4X, United States, North America2606:4700:3031::6815:6a6
2023-05-12 03:18:49WiFi Access Point NearbyNoWigle.net0030NoneSpecial Litigation (Net ID: 00:02:2D:2E:93:90)34.0544, -118.244
2023-05-12 02:44:26SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Let's Encrypt, CN=E1 Validity Not Before: Nov 17 08:07:50 2022 GMT Not After : Feb 15 08:07:49 2023 GMT Subject: CN=*.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29: bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f: 19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f: 68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b: 8d:5a:d8:02:5e ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39 X509v3 Authority Key Identifier: keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC Authority Information Access: OCSP - URI:http://e1.o.lencr.org CA Issuers - URI:http://e1.i.lencr.org/ X509v3 Subject Alternative Name: DNS:*.battleb0t.xyz, DNS:battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77: 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13 Timestamp : Nov 17 09:07:51.072 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:16:9A:44:87:BF:E8:FB:88:4F:27:C3:23: D7:41:4A:F8:BC:44:42:20:18:B7:8C:EF:CD:C8:5C:14: 86:9C:04:8F:02:21:00:D8:FC:B1:DA:CE:C1:81:91:75: 82:10:9B:4A:3A:12:1B:FE:70:80:7F:A6:84:E4:C5:04: 58:38:0B:34:F3:1E:73 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 09:07:51.066 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:15:CD:95:9A:3C:F7:20:93:54:3E:08:F7: 6D:D4:73:9D:63:2C:14:38:C7:1C:15:38:7A:3E:1C:B5: 3A:C9:C0:A8:02:21:00:C8:7B:89:3A:AC:D8:F0:69:E9: DE:74:9E:7E:74:A9:4E:43:C7:89:2C:62:13:65:90:95: 4A:78:C6:0D:71:91:72 Signature Algorithm: ecdsa-with-SHA384 30:65:02:30:19:f9:7b:55:14:7a:4c:2b:b8:a8:55:31:bc:66: 14:95:52:8a:fe:84:4c:61:c2:02:53:4a:80:96:e1:54:a7:b8: 65:6c:70:ad:b8:e9:f0:44:9d:f5:1e:5f:f5:49:05:26:02:31: 00:af:38:a6:7e:99:e5:40:3e:28:0a:04:fc:e6:28:1e:0b:3b: f4:a2:30:3a:2a:98:5c:14:93:92:27:5b:5b:a6:49:e2:da:ff: a7:8f:34:6f:32:35:7e:32:3c:5a:8b:ec:81 battleb0t.xyz
2023-05-12 02:53:44SSL Certificate - Raw DataNoCertificate Transparency1010NoneCertificate: Data: Version: 3 (0x2) Serial Number: 04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Nov 17 17:26:26 2022 GMT Not After : Feb 15 17:26:25 2023 GMT Subject: CN=panel.battleb0t.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8: 0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6: 87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77: 89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51: 03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57: 77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6: 6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c: bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4: 7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3: 39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01: 8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3: f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0: ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63: dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40: ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92: 92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9: 16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87: cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef: 92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce: 9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3: 75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa: f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93: ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d: 65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20: 31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5: 33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee: da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed: 36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e: 49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af: 27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11: cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f: 12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35: 9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e: dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13: f8:ae:73 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:panel.battleb0t.xyz X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C: 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99 Timestamp : Nov 17 18:26:26.989 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:1A:E4:CF:4C:AD:D9:EC:E6:4D:52:65:1B: 53:65:93:D9:DC:39:99:A6:D5:5A:C5:E1:DA:D9:DC:69: 36:3C:98:86:02:21:00:E0:F7:55:18:14:DF:74:E8:00: 3D:35:13:2B:3F:8A:22:AD:87:C6:66:15:7C:5F:B8:54: 95:49:86:D0:08:0C:1B Signed Certificate Timestamp: Version : v1 (0x0) Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A Timestamp : Nov 17 18:26:27.535 2022 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:10:EE:87:AF:95:13:B6:C6:D8:9A:F6:9C: 22:3D:17:76:A6:CE:D0:EB:19:02:D0:A5:1A:1A:C9:0A: 31:65:BA:ED:02:21:00:BF:DA:3B:7E:F3:78:A8:0B:93: 1F:B2:E6:E1:12:B5:BD:BA:22:84:17:45:4A:B3:61:A0: 29:F4:AF:0F:35:96:20 Signature Algorithm: sha256WithRSAEncryption b5:83:07:c9:de:56:9d:a9:96:e7:9d:33:0e:6f:ac:fa:87:16: 78:39:67:66:6c:ed:a2:8a:03:1a:72:05:18:f6:0f:96:45:6f: 8b:7f:87:4a:7e:42:aa:5b:99:9b:ac:a1:20:ef:8a:3a:25:64: 1c:a0:d1:77:e9:b8:80:07:f6:06:a3:d2:6d:a5:d1:dd:94:0d: f9:e5:86:a9:a6:b8:76:39:cd:1d:fb:3e:ff:83:72:04:4c:2a: 14:fb:7f:65:eb:20:3e:c2:84:49:b5:05:7e:d8:32:30:2d:ef: 38:80:5a:18:e3:cd:59:d6:9f:ac:ee:c8:4b:1a:74:fc:f4:50: 49:af:e3:8f:99:a7:48:63:80:91:24:9e:c4:3b:1d:5f:e7:b4: 1a:3b:17:c3:a0:96:88:b3:17:31:2b:42:d2:5c:02:ce:26:2d: 05:3d:b5:62:e2:53:7c:d1:bc:6c:3b:50:e7:fe:06:7f:f3:8c: c1:45:7a:6f:01:d6:e5:6b:4c:b1:72:55:a1:cc:c8:79:92:38: 80:4e:bb:ab:bb:48:59:61:91:04:3d:4f:6a:29:7c:c3:ea:6b: 3b:30:22:90:a8:7e:7e:06:d7:9e:99:8b:4b:c9:e9:df:59:76: 1a:71:60:d4:87:0d:e1:27:92:03:31:f8:a9:32:a1:14:b5:ce: 97:e4:9e:4f battleb0t.xyz
2023-05-12 02:54:20Open TCP Port BannerNoCensys0040NoneHTTP/1.1 404 Not Found Server: Netlify X-Nf-Request-Id: 01H04BK0BS0X0MXB72Y8AY7JTF Date: <REDACTED> Content-Length: 0 2600:1f18:2489:8200::c8
2023-05-12 03:00:48Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.96.66): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.96.0/24
2023-05-12 03:01:43Blacklisted IP on Same SubnetYesHoneypot Checker0030NoneHoneypotproject (188.114.97.222): Search Engine Last Activity: 0 days ago Threat Level: 29188.114.97.0/24
2023-05-12 02:54:00HTTP HeadersNoCensys0020None{"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c599e10cab22234-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]}104.21.6.166